bdbc05dedc226afe21579d43ec5a807d

Sharing

Copy URL

Twitter E-mail

General

Target

bdbc05dedc226afe21579d43ec5a807d
Size

1.7MB
MD5

bdbc05dedc226afe21579d43ec5a807d
SHA1

a612cabccdaef74547633a1a920a9e1993c1b9d8
SHA256

909df004857e854a646328179d73a9738eec6b2eb559be3b0cd8d3c53b3dd29a
SHA512

715fbda75b075e5df6487b8312bdace7cbf84acc75a0ae9221e7fb46df1c78e537869b4b5a3e7529ff7a139a04513c5610f169509f48d879dc84d5afd525dc01
SSDEEP

49152:P2M55trAZx4QBnIkCKAeX3XyRWTf1rxvAa:P2MJoXCcdxvAa

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Fix/heavygate.dll
unpack001/msvcirt.dll

Files

bdbc05dedc226afe21579d43ec5a807d
.rar
AntiHook.dll
.dll windows:4 windows x86 arch:x86

f91a4664f2961f99679cdcf6ed77b8b3

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineW
GetModuleFileNameA
VirtualProtect
GetModuleFileNameW
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA

Exports

Exports

??0CAntiHook@@QAE@XZ
??4CAntiHook@@QAEAAV0@ABV0@@Z
?fnAntiHook@@YAHXZ
?forImport@@YAHPAU_CHECK_FUNCTION@@@Z
?nAntiHook@@3HA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/BSKiller.dll
.dll windows:4 windows x86 arch:x86

35f7efc15eee93423a9b361f67007b72

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileExA
CreateFileA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

BSKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/BiDotKiller.dll
.dll windows:4 windows x86 arch:x86

590982a1e6b1f239e76dd6a36e37109b

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
FlushFileBuffers
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileExA
CreateFileA
SetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

BiDotKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/DllJmpKiller.dll
.dll windows:4 windows x86 arch:x86

8982c27053c365b245d42f68cb6e06f7

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MoveFileExA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CopyFileA
CreateFileA
SetFileAttributesA
IsBadReadPtr
GetLastError
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

shlwapi

StrStrA

Exports

Exports

DllJmpKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/MessagerKiller.dll
.dll windows:4 windows x86 arch:x86

c1f171a5d282f4329ac12edbc3b27c8e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
CloseHandle
CreateFileMappingA
GetFileSize
CreateFileA
SetFileAttributesA
GetFileAttributesA
UnmapViewOfFile
OpenProcess
MoveFileExA
Process32Next
TerminateProcess
Process32First
CreateToolhelp32Snapshot
IsBadReadPtr
DeleteFileA
WriteFile
FlushFileBuffers
GetCurrentProcess
GetLastError
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
IsBadCodePtr
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement

advapi32

RegQueryValueExA
RegSetValueExA
RegCloseKey
RegOpenKeyA

shlwapi

PathFileExistsA
StrStrIA

Exports

Exports

MessagerKiller_FileClear

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/MtKiller.dll
.dll windows:4 windows x86 arch:x86

42f9e8187e6e3c3a13017246480959a1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
FlushFileBuffers
SetEndOfFile
CloseHandle
UnmapViewOfFile
ReadFile
SetFilePointer
GetFileSize
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileExA
CreateFileA
SetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

MtKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/ScanInternal.dll
.dll windows:4 windows x86 arch:x86

7436ee5aadfb8faadd5e8e641e8f15c4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetFileSize
WriteFile
DebugBreak
OutputDebugStringW
lstrlenA
WideCharToMultiByte
GetEnvironmentVariableW
InterlockedIncrement
SetLastError
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
FindNextFileW
lstrcpyW
IsBadWritePtr
IsBadReadPtr
UnmapViewOfFile
GetACP
MapViewOfFile
CreateFileMappingW
FlushFileBuffers
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
CopyFileW
CloseHandle
GetProcAddress
FreeLibrary
SetFileAttributesW
DeleteFileW
MoveFileExW
SearchPathW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
ExpandEnvironmentStringsW
lstrlenW
InterlockedDecrement
GetLongPathNameW
GetShortPathNameW
FindFirstFileW
FindClose
GetFileAttributesW
GetVersionExW
GetLastError
GetFullPathNameW
LocalFree
TlsFree
HeapFree

user32

wvsprintfW
LoadStringW
CharNextW

advapi32

RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyW
RegCloseKey
RegOpenKeyW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
LogonUserW
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetExplicitEntriesFromAclW
DeleteAce
RegCreateKeyExW

shell32

ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW

ole32

StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
CoGetMalloc

oleaut32

SysAllocString
SysFreeString

shlwapi

StrStrIW
SHGetValueW
StrChrW
StrCmpNIW
StrStrW
StrCmpIW
StrRChrW
SHSetValueW
PathAppendW
PathRemoveFileSpecW
SHEnumValueW
PathCombineW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSCGetProviderPath
WSCEnumProtocols

msvcrt

fgetws
fgets
fopen
_wcsdup
printf
wcsrchr
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_ltow
_wfopen
fclose
fputws
_CxxThrowException
_wcsicmp
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
swscanf
swprintf
_snwprintf
_vsnwprintf
wcsstr
__CxxFrameHandler
wcslen
memmove
??2@YAPAXI@Z
malloc
free
iswdigit
_wtoi

netapi32

NetUserEnum
NetShareEnum
NetShareDel
NetApiBufferFree

Exports

Exports

GetDescription
InitInstance
RunRepair
UnInitInstance

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/ShellRepair.dll
.dll windows:4 windows x86 arch:x86

84038ab6aa1ed04410c036a077217bc9

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
GetDriveTypeA
GetCurrentProcess
ExpandEnvironmentStringsA
FreeLibrary
LoadLibraryA
WriteFile
GetVersionExA
GetFileAttributesW
GetPrivateProfileIntA
IsBadWritePtr
IsBadReadPtr
DeleteFileW
GetLongPathNameW
CreateFileA
ReadFile
WideCharToMultiByte
GetPrivateProfileStringA
CloseHandle
GetFileAttributesA
GetWindowsDirectoryA
SetFileAttributesA
DeleteFileA
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
GetLastError
LocalAlloc
WritePrivateProfileStringA
LocalFree
LCMapStringW
LCMapStringA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
SetUnhandledExceptionFilter
InterlockedIncrement
InterlockedDecrement
SetFilePointer
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapSize
TerminateProcess
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess

user32

PostMessageA
FindWindowExA
FindWindowA
MessageBoxA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
GetExplicitEntriesFromAclA
DeleteAce
LookupAccountNameA
RegDeleteValueA

shell32

SHGetSettings
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA
SHChangeNotify

ole32

CoInitialize
CoTaskMemFree
StringFromCLSID
CoUninitialize
CoCreateInstance

shlwapi

wnsprintfW
StrStrIW
PathFileExistsW
PathFindFileNameA
PathFindExtensionA
StrStrIA
PathFileExistsA
wnsprintfA
SHDeleteKeyA
PathAppendA
SHDeleteValueA
StrRChrIW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

GetDescription
InitInstance
RePairDeskTop
RunRepair
UnInitInstance

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/Tc2Killer.dll
.dll windows:4 windows x86 arch:x86

561fb8b56aff37b78b70917296e7bedd

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
DeleteFileA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
FlushFileBuffers
GetFileSize
MapViewOfFile
CreateFileMappingA
CopyFileA
CreateFileA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

Tc2Killer_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/Tc3Killer.dll
.dll windows:4 windows x86 arch:x86

561fb8b56aff37b78b70917296e7bedd

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
DeleteFileA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
FlushFileBuffers
GetFileSize
MapViewOfFile
CreateFileMappingA
CopyFileA
CreateFileA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

Tc3Killer_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/TcKiller.dll
.dll windows:4 windows x86 arch:x86

590982a1e6b1f239e76dd6a36e37109b

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
FlushFileBuffers
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileExA
CreateFileA
SetFileAttributesA
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

TcKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/XCO.dll
.dll windows:4 windows x86 arch:x86

b72dca630d78b4c35c9e9c919c580b18

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
MoveFileExA
SetFileAttributesA
UnmapViewOfFile
MapViewOfFile
CloseHandle
CreateFileMappingA
CreateFileA
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
HeapAlloc
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
FlushFileBuffers
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle

shlwapi

PathFindExtensionA

Exports

Exports

??0CXCO@@QAE@XZ
??4CXCO@@QAEAAV0@ABV0@@Z
?fnXCO@@YAHXZ
?nXCO@@3HA
Xco_FileClear

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Dyn/hhqgKiller.dll
.dll windows:4 windows x86 arch:x86

82fcda7b87d9c72a09326e29eb72189c

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempFileNameA
FlushFileBuffers
SetEndOfFile
SetFilePointer
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
MoveFileExA
CreateFileA
IsBadReadPtr
RtlUnwind
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement

shlwapi

PathAppendA
StrRChrA

Exports

Exports

hhqgKiller_FileClear

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/360Verify.dll
.dll windows:4 windows x86 arch:x86

289e899af0a0cf9f0bb88ad3cfa90d18

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
GetLastError
LocalFree
LocalAlloc
CreateFileW
FreeLibrary
FindResourceExA
LoadLibraryExA
lstrlenW
WideCharToMultiByte
CreateFileA
CloseHandle
DeviceIoControl
GetSystemTimeAsFileTime
lstrlenA
GetFileSize
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
IsBadCodePtr
SetUnhandledExceptionFilter
ReadFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW
GetCPInfo

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

netapi32

Netbios

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

crypt32

CertGetNameStringA

Exports

Exports

CheckFileTrustA
CheckFileTrustExA
CheckFileTrustExW
CheckFileTrustW
GetCIDA
GetCIDW
Validate360ResourceSignA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/360wservice.dll
.dll windows:4 windows x86 arch:x86

c7c4b4b9374c3c4b4514898b9d972d4f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord537
ord922
ord4273
ord5438
ord6872
ord6649
ord5349
ord389
ord6055
ord3224
ord5199
ord1074
ord690
ord353
ord3313
ord665
ord803
ord543
ord403
ord703
ord3579
ord4197
ord5706
ord535
ord6655
ord4272
ord858
ord2810
ord942
ord4124
ord940
ord1179
ord342
ord1248
ord538
ord861
ord540
ord823
ord825
ord1165
ord800

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strncpy
mktime
wcslen
strerror
_vsnwprintf
__CxxFrameHandler
wcscmp
_beginthreadex
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_wtoi
??0exception@@QAE@XZ
_CxxThrowException
_errno
malloc
free
swprintf
wcsncmp
memmove
wcscpy
_purecall
qsort
memchr
_wcslwr
wcstok
wcsncpy
wcsrchr
_snwprintf
wcschr
swscanf
tolower
wcscat
_except_handler3
_stricmp
_tzset
?terminate@@YAXXZ

kernel32

GetFileType
GetFileInformationByHandle
GetFileSize
SetFilePointer
ReadFile
FileTimeToDosDateTime
FileTimeToSystemTime
InterlockedIncrement
GetVersionExW
DeleteFileW
GetTempPathW
LeaveCriticalSection
EnterCriticalSection
GetExitCodeThread
CloseHandle
GetLastError
WaitForSingleObject
SuspendThread
TerminateThread
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
InterlockedDecrement
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileMappingW
CreateFileW
DuplicateHandle
GetCurrentProcess
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
VirtualAlloc
VirtualFree
TlsGetValue
GetCurrentThreadId
OpenThread
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableW
TlsAlloc
SetEnvironmentVariableW
TlsFree
ReleaseMutex
CreateMutexW
GetACP
OutputDebugStringW
FormatMessageW
GetSystemTime
SetFilePointerEx
GetFileSizeEx
lstrlenA
lstrcmpA
SetLastError
LocalFree
MapViewOfFile

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateInstance
OleRun

oleaut32

SysAllocString
GetErrorInfo
SysFreeString
SysStringLen

version

VerQueryValueW

shlwapi

SHGetValueW
PathFileExistsW
PathFindFileNameW
StrRChrW

Exports

Exports

SetVerifyFilePath
SmartPost
SmartPostAddParam
SmartPostCancel
SmartPostClose
SmartPostCreate
SmartPostGetError
SmartPostGetRet
SmartQueryAddEntry
SmartQueryCancel
SmartQueryClose
SmartQueryCreate
SmartQueryEnumNext
SmartQueryEnumReset
SmartQueryGetCount
SmartQueryGetError
SmartQueryPost
SmartQueryRetInfo
SmartQuerySetNetTimeout
SmartUpload
SmartUploadCancel
SmartUploadClose
SmartUploadCreate
SmartUploadGetError
SmartUploadSetNetTimeout
SmartUploadWithExtInfo

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/AntiDllHiJack.dll
.dll windows:4 windows x86 arch:x86

e707bf0ef77f790ee3ba068d6c5a5436

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringA
GetLogicalDriveStringsA
GetDriveTypeA
TlsGetValue
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableA
TlsFree
HeapFree
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetFileSize
GetFileAttributesA
VirtualFree
GetACP
SetFilePointerEx
SetFilePointer
GetFileSizeEx
ReadFile
GetCurrentThreadId
FormatMessageW
GetSystemTime
LocalFree
lstrcmpA
lstrlenW
FreeLibrary
LoadLibraryW
GetProcAddress
SetLastError
GetLastError
GetFileType
lstrlenA
MultiByteToWideChar
CreateFileA
CloseHandle
FindFirstFileA
FindClose
GetEnvironmentVariableA
IsBadReadPtr
WideCharToMultiByte
VirtualAlloc
GetWindowsDirectoryA
GetCurrentProcessId
OpenThread
TlsSetValue

shlwapi

PathFileExistsA
StrStrIA

msvcrt

?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_initterm
_except_handler3
_snprintf
_mbsnbcpy
_mbschr
sscanf
tolower
swscanf
_mbslwr
memchr
qsort
strncpy
_purecall
free
malloc
sprintf
wcschr
_snwprintf
wcsrchr
wcsncpy
wcscmp
strerror
wcscpy
wcstok
_errno
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbscmp
_mbsnbcmp
_CxxThrowException
wcslen
_vsnprintf
_mbsrchr
_mbsicmp
_mbsnbicmp
__CxxFrameHandler
_adjust_fdiv
_stricmp

version

GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

ScanHiJackDll

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/AntiWriteBack.dll
.dll windows:4 windows x86 arch:x86

79c37aab831e79558917a79e936e6ef1

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
InitializeCriticalSection
DeleteCriticalSection
GetFileAttributesA
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
MultiByteToWideChar
FindResourceA
GetLastError
LoadResource
LockResource
SizeofResource
WriteFile
MoveFileExA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
lstrcmpiA
GetTempFileNameA
CloseHandle
DeviceIoControl
CreateFileA
GetModuleFileNameA
SetFileAttributesA
DeleteFileA
FlushFileBuffers
SetStdHandle
LoadLibraryA
InterlockedIncrement
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
HeapSize
WideCharToMultiByte
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InterlockedDecrement

user32

GetSystemMetrics

advapi32

QueryServiceStatus
StartServiceA
CreateServiceA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegOpenKeyW
RegCloseKey
RegDeleteValueA

shlwapi

wnsprintfA
PathAppendA
StrRChrA
SHDeleteKeyA
StrRStrIW
StrCmpIW
PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

AddFileToAntiWList
AddPathToAntiWList
DelRegValueKeyNormal
DisableDelReg
DisableRegProtect
DisableTCP_SET_INFORMATION_EX
EnableDelReg
EnableRegProtect
EnableTCP_SET_INFORMATION_EX
ForbidShutDown
Init
PostCmCallBack
PreCmCallBack
ProtectRegKeyNative
ProtectRegKeyNormal
RebootByKB
RestTCPDispatch
RestrictNetWork
SetMsgHandler
SetPassbyPid
SetRegPassbyPid
SpKillerInit
TestCheck
TestCheck_1
Uninit

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/AutorunFixer.dll
.dll windows:4 windows x86 arch:x86

fcbbfb6e4355cb7111afeda1abae3ae6

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetSystemDirectoryW
CloseHandle
FlushFileBuffers
SetStdHandle
HeapFree
InterlockedDecrement
InterlockedIncrement
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetStringTypeA
GetStringTypeW
SetFilePointer
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

SHDeleteValueW
SHGetValueW
SHSetValueW
StrCmpIW
PathFileExistsW
StrCmpNIW

Exports

Exports

Boot0Check
RunsCheck
RunsRepair
RunsRepairEx

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/BAPI.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0ac11b7578033acdcb9352170d6d8ead

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\2wxy\bapi\dll\Release\BAPI.pdb

Imports

kernel32

EnterCriticalSection
DefineDosDeviceA
GetModuleHandleA
WaitForSingleObject
GetTickCount
TerminateThread
ExitThread
ReleaseMutex
CreateThread
FreeLibrary
MoveFileExW
LoadLibraryW
CopyFileW
CreateFileW
DefineDosDeviceW
DeleteFileW
VirtualFreeEx
VirtualAllocEx
UnlockFile
LockFile
GetCurrentThread
OpenProcess
GetWindowsDirectoryW
GetCurrentProcessId
LocalFree
LeaveCriticalSection
GetVersionExW
CreateFileA
GetShortPathNameW
GetLongPathNameW
GetCurrentDirectoryW
GetLastError
MultiByteToWideChar
GetModuleFileNameW
IsDBCSLeadByte
WideCharToMultiByte
GetSystemDirectoryW
GetSystemWindowsDirectoryW
SetErrorMode
GetEnvironmentVariableW
GetFullPathNameW
CloseHandle
TlsAlloc
GetProcAddress
SetLastError
TlsSetValue
InitializeCriticalSection
GetProcessHeap
GetModuleHandleW
TlsGetValue
GetCurrentProcess
CreateMutexW
FlushFileBuffers
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
RaiseException
InterlockedDecrement
InterlockedIncrement
TlsFree
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree

advapi32

BuildExplicitAccessWithNameW
RevertToSelf
SetEntriesInAclW
GetNamedSecurityInfoW
ImpersonateLoggedOnUser
LookupPrivilegeValueW
SetNamedSecurityInfoW
LookupAccountNameW
AccessCheck
GetExplicitEntriesFromAclW
DeleteAce
GetUserNameW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
StartServiceW
RegQueryValueExW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges

ntdll

RtlNtStatusToDosError
RtlCompareString
RtlEqualUnicodeString
RtlInitString
_wcsicmp
wcschr
RtlFreeAnsiString
wcsrchr
wcsncpy
RtlDosPathNameToNtPathName_U
RtlInitializeCriticalSection
wcsncmp
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlAllocateHeap
RtlOemStringToUnicodeString
RtlFreeUnicodeString
NtWaitForSingleObject
RtlUnicodeStringToOemString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtFsControlFile
RtlInitUnicodeString
RtlFreeHeap
NtDeviceIoControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
memmove
RtlIsDosDeviceName_U
RtlCompareMemory

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

PathAppendW
PathIsRootW
SHDeleteKeyW
PathFileExistsW

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses

Exports

Exports

BRegCloseKey
BRegCreateKey
BRegCreateKeyEx
BRegCreateKeyExW
BRegCreateKeyW
BRegDeleteKey
BRegDeleteKeyW
BRegDeleteValue
BRegDeleteValueW
BRegEnumKey
BRegEnumKeyEx
BRegEnumKeyExW
BRegEnumKeyW
BRegEnumValue
BRegEnumValueW
BRegOpenKey
BRegOpenKeyEx
BRegOpenKeyExW
BRegOpenKeyW
BRegQueryValueEx
BRegQueryValueExW
BRegSetValueEx
BRegSetValueExW
BfsSetFileApisToANSI
BfsSetFileApisToOEM
DllRegisterServer
DsFileUnlock
DsGetFileLockType
DsSetTargetAccess
FSCloseHandle
FSCopyFile
FSCopyFileW
FSCreateFile
FSCreateFileW
FSDeleteFile
FSDeleteFileW
FSFindClose
FSFindFirstFile
FSFindFirstFileW
FSFindNextFile
FSFindNextFileW
FSGetFileAttributes
FSGetFileAttributesEx
FSGetFileAttributesExW
FSGetFileAttributesW
FSGetFileSize
FSGetFileSizeEx
FSGetLongPathName
FSGetLongPathNameW
FSGetShortPathName
FSGetShortPathNameW
FSMoveFileA
FSMoveFileExA
FSMoveFileExW
FSMoveFileW
FSPathFileExists
FSPathFileExistsW
FSPathIsDirectory
FSPathIsDirectoryW
FSReadFile
FSSearchPath
FSSearchPathW
FSSetFileAttributes
FSSetFileAttributesW
FSSetFilePointer
FSSetFilePointerEx
FSUnlockAll
FSWriteFile
FsForceKill
InitEngine
InitRegEngine
Install
JudgeVersion
SetDllBase
SetupInstall
UninitEngine
UninitRegEngine
Uninstall

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/BfsAndReg.dll
.dll windows:4 windows x86 arch:x86

dd24335a0a7fe051b0023aa1c841b16a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
CloseHandle
WriteFile
CreateFileA
SetFileAttributesA
SizeofResource
LockResource
LoadResource
GetLastError
FindResourceA
MoveFileExA
IsBadWritePtr
VirtualProtect
GetSystemDirectoryA
LoadLibraryA
GetModuleFileNameA
FreeLibrary
GetEnvironmentVariableA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
lstrcmpiA
GetTempFileNameA
DeviceIoControl
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetCommandLineA
GetVersion
DeleteCriticalSection
ExitProcess
GetCPInfo
GetACP
GetOEMCP
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr

user32

GetSystemMetrics

advapi32

RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegOpenKeyW
RegCloseKey
RegDeleteValueA

shlwapi

PathAppendA
StrRChrA
SHDeleteKeyA
StrStrA
wnsprintfA
PathFileExistsA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

Init
StartHook
UnHook

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/CQhCltHttpW.dll
.dll windows:4 windows x86 arch:x86

eb3fc0352dd74b982a145dc290cdf226

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
CreateMutexW
OutputDebugStringW
FormatMessageW
LocalFree
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpA
CreateFileA
GetFileType
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GlobalAlloc
GlobalFree
GetCurrentThreadId
ReleaseMutex
CreateMutexA
LocalFileTimeToFileTime
lstrcpynA
FindFirstFileW
GetFileSize
SystemTimeToFileTime
GetSystemTime
CompareFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
IsBadWritePtr
GetTickCount
GetACP
IsBadReadPtr
GetFileAttributesW
RemoveDirectoryW
CopyFileW
SetEvent
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
lstrlenW
CreateEventW
ReadFile
GetFileAttributesExW
DeleteFileW
MoveFileExW
lstrlenA
MultiByteToWideChar
CreateFileW
WriteFile
CloseHandle
WideCharToMultiByte
GetModuleHandleW
GetVersionExW
SetEnvironmentVariableW
GetLastError
GetModuleFileNameW
TlsFree
LoadLibraryW
GetProcAddress
SetLastError
GetEnvironmentVariableW
TlsAlloc
FreeLibrary
Sleep
InterlockedCompareExchange
FileTimeToSystemTime
FindClose

shlwapi

PathAppendW
PathFileExistsW
StrChrIA
PathIsDirectoryW
StrStrA
StrStrIA

ws2_32

WSAStartup
WSACleanup
ntohl
inet_ntoa
getpeername

msvcrt

?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_onexit
__dllonexit
tolower
swscanf
_wcslwr
memchr
qsort
swprintf
wcschr
_snwprintf
wcstok
_CxxThrowException
wcsncmp
fputc
fwrite
_fdopen
fprintf
ftell
wcscpy
wcscat
wcscmp
bsearch
_iob
isalpha
ldiv
strerror
_purecall
sprintf
isdigit
_errno
_ftol
_vsnprintf
_except_handler3
islower
strtok
strchr
_stricmp
memmove
strrchr
_strnicmp
atoi
memset
time
srand
rand
wcsrchr
realloc
wcsncpy
wcslen
_vsnwprintf
??2@YAPAXI@Z
__CxxFrameHandler
strncpy
fopen
fclose
fread
free
isxdigit
toupper
isspace
malloc
_strdup
_itoa
_adjust_fdiv

winmm

timeGetTime

iphlpapi

GetNetworkParams

user32

GetDesktopWindow

version

VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetSetOptionA
InternetOpenA
InternetConnectA
HttpQueryInfoA
InternetReadFileExA
InternetWriteFile
InternetCrackUrlW
InternetCloseHandle
InternetQueryOptionW
InternetErrorDlg
InternetSetStatusCallbackA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA

Exports

Exports

cancel_cqhclthttp_req
close_cqhclthttp_object
cqhclthttp_GetErrorMsg
cqhclthttp_GetErrorNo
cqhclthttp_GetOpt
cqhclthttp_GetToBuffer
cqhclthttp_GetToBuffer2
cqhclthttp_GetToFile
cqhclthttp_GetToFile2
cqhclthttp_IsNoContentLen
cqhclthttp_PostToBuffer
cqhclthttp_PostToBuffer2
cqhclthttp_PostToFile
cqhclthttp_PostToFile2
cqhclthttp_SetOpt
cqhclthttp_get_head_info
cqhclthttp_set_head_info
cqhclthttp_set_limit_byte
cqhclthttp_uploadlog
cqhctlhttp_GetCurrentMode
cqhctlhttp_GetIP
create_cqhclthttp_object
is_support_afd
set_cqhclthttp_mode
set_retry_count

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/SeclutionCallBack.dll
.dll windows:4 windows x86 arch:x86

a542e2b69feefe48c734f394bb259790

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
lstrlenA
FindClose
FindFirstFileA
InterlockedIncrement
DebugBreak
OutputDebugStringA
GetPrivateProfileStringA
GetPrivateProfileSectionNamesA
GlobalFree
GlobalAlloc
ReadFile
WideCharToMultiByte
CreateMutexA
FreeLibrary
GetModuleFileNameA
lstrcmpiA
LoadLibraryA
MultiByteToWideChar
GetCurrentThreadId
WaitForSingleObject
ReleaseMutex
InterlockedExchange
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileSize
DeleteCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTempPathA
DeleteFileA
WriteFile
CreateFileA
FlushFileBuffers
GetProcAddress
CloseHandle
SetEndOfFile
LCMapStringW
LCMapStringA
SetFilePointer
SetStdHandle
IsBadCodePtr
RtlUnwind
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
ExitProcess
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsBadReadPtr

user32

LoadStringA
CharNextA
MessageBoxA
wvsprintfA

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA

shell32

SHCreateDirectoryExA

shlwapi

SHEnumKeyExA
StrStrA
StrChrA
SHEnumValueA
SHGetValueA
SHSetValueA
PathAppendA
PathCombineA

Exports

Exports

DeleteRecordByID
GetRecordById
GetRecordInfoList
GetRecordInfoListNew
InitSeclution
MyAddExtraDataKeyValue
MyAddExtraDataLink
MyAddExtraDataSection
MySaveWithExtraDataNew
RestoreRecordByID
UnInitSeclution

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/cloudcom2.dll
.dll windows:4 windows x86 arch:x86

e04127282f81ccd1bf3b674d3f3568be

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord825
ord354
ord3579
ord703
ord1971
ord942
ord941
ord6654
ord6770
ord6868
ord5706
ord4124
ord537
ord940
ord860
ord539
ord1179
ord342
ord1248
ord2606
ord5568
ord6489
ord4197
ord2910
ord353
ord3313
ord5438
ord5769
ord665
ord6655
ord4273
ord803
ord543
ord403
ord823
ord538
ord800
ord535
ord4272
ord858
ord922
ord925
ord2810
ord6278
ord6279
ord540
ord861
ord5180

msvcrt

_except_handler3
_CxxThrowException
_vsnwprintf
__CxxFrameHandler
memmove
wcslen
_wtoi
swscanf
free
malloc
_vsnprintf
wcscmp
time
fclose
fwrite
_wfopen
_wcslwr
_purecall
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_beginthreadex
__dllonexit
_onexit
mktime
strncpy
wcscat
wcscpy
wcsncmp
_errno
wcstok
strerror
wcsncpy
wcsrchr
_snwprintf
wcschr
swprintf
realloc
qsort
memchr
tolower
_stricmp
_tzset
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

kernel32

TlsGetValue
OpenThread
TlsSetValue
TlsAlloc
SetEnvironmentVariableW
TlsFree
VirtualAlloc
VirtualFree
GetACP
SetFilePointerEx
GetFileSizeEx
OutputDebugStringW
FormatMessageW
LocalAlloc
ReleaseMutex
CreateMutexW
lstrcmpA
UnlockFileEx
LockFileEx
MoveFileExW
FlushFileBuffers
FindNextFileW
DuplicateHandle
MapViewOfFile
GetFileType
GetFileInformationByHandle
GetSystemTime
FileTimeToDosDateTime
LocalFree
GetCurrentThreadId
GetFileTime
CreateFileMappingW
MapViewOfFileEx
IsBadReadPtr
UnmapViewOfFile
GetSystemWindowsDirectoryW
GetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
InterlockedIncrement
SuspendThread
TerminateThread
GetTempPathW
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetLongPathNameW
GetCurrentProcessId
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
CreateThread
ResumeThread
GetCurrentProcess
GetModuleHandleW
lstrcmpiA
WaitForMultipleObjects
SetEvent
FreeLibrary
GetProcAddress
GetModuleFileNameW
CloseHandle
GetLastError
OpenEventW
FindClose
FindFirstFileW
HeapFree
HeapAlloc
GetProcessHeap
SetErrorMode
SetLastError
LoadLibraryW
Sleep
InterlockedCompareExchange
GetTickCount
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
ReadFile
GetFileSize
CreateFileW
WriteFile
GetVersionExW
ExpandEnvironmentStringsW
CreateEventW
WideCharToMultiByte
lstrlenW
WaitForSingleObject
ResetEvent
MultiByteToWideChar
lstrlenA

advapi32

CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
OleRun
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysAllocString
SysFreeString
GetErrorInfo

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

StrChrW
PathAppendW
SHGetValueW
StrRChrW
StrStrIW
StrCmpIW
PathFileExistsW
StrCmpW
StrCmpNW
PathFindFileNameW

wininet

InternetReadFileExA
HttpEndRequestA
InternetGetConnectedState
InternetWriteFile
InternetCrackUrlW
HttpSendRequestExA
InternetQueryOptionW
HttpQueryInfoA
InternetConnectA
InternetOpenA
InternetSetOptionA
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallbackA

ws2_32

getpeername
ntohl
WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
inet_addr

winmm

timeGetTime

netapi32

Netbios

Exports

Exports

AVCacheClose
AVCacheCreate
AVCacheQuery
AVDeleteWhite
AVInsertWhite
AVNetQuery
AVNetQueryCancel
GetDwordValue
GetFileTrustState
GetFileTrustStateEx
GetFileTrustStateWithHandle
GetStringValue
IsCahceTruested
MisKillClose
MisKillCreate
MisKillJudgeWhite
MisKillJudgeWhiteEx
MisKillJudgeWhiteOnlyFile
QueryFileCancel
QueryFileClose
QueryFileCreate
QueryFilesEx
QueryFilesEx2
QueryFilesGetError
QueryFilesIsFileInXD
QuerySetOption
SetComOption
SetVerifyFilePath
SmartAddRestoreFile
SmartCacheClearFileCache
SmartCacheClose
SmartCacheCreate
SmartCacheDelFiles
SmartCacheFileMonCallBack
SmartCacheFileMonCallBackEx
SmartCachePETime
SmartCacheQuery
SmartIsFileInXD
SmartNetQuery
SmartNetQueryCancel
SmartQueryPreExitDll
SmartSetOption
SmartUploadCancel
SmartUploadClose
SmartUploadCreate
SmartUploadGetError
SmartUploadSetNetTimeout
SmartUploadSetOption
SmartUploadWithExtInfo
XDAddRecords
XDAddRecordsEx
XDClose
XDDeleteRecords
XDGetCounts
XDGetFirst
XDGetLastFlag
XDGetNext
XDOpen

Sections

.text
Size: 276KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/cloudsec2.dll
.dll windows:4 windows x86 arch:x86

d62fd31684aff21de3b32e5d66d63186

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetEnvironmentVariableW
CopyFileW
InterlockedIncrement
CreateThread
GetPrivateProfileIntW
GetPrivateProfileStringW
DebugBreak
OutputDebugStringW
lstrlenA
MultiByteToWideChar
GetVersionExW
FindClose
FindFirstFileW
LocalFree
LocalAlloc
GetFileAttributesW
SearchPathW
LoadLibraryW
GetModuleHandleW
CreateEventW
ResumeThread
SetEvent
ResetEvent
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
FindNextFileW
GetLongPathNameW
GetSystemWindowsDirectoryW
SetEnvironmentVariableW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
Sleep
GetSystemDefaultUILanguage
GetSystemDirectoryW
SetFilePointerEx
FileTimeToSystemTime
GetDriveTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetTempPathW
GetFullPathNameW
InterlockedExchange
TerminateThread
GetExitCodeThread
DeleteFileW
WideCharToMultiByte
GetTempFileNameW
GetFileAttributesExW
GetCurrentProcess
lstrcpyW
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
lstrlenW
GetModuleFileNameW
InterlockedDecrement
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
GetLastError
GetFileSize
ReadFile
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
SetFilePointer
CloseHandle
CreateWaitableTimerW
SetLastError
GetProcessHeap
HeapAlloc
TlsAlloc
TlsFree
HeapFree
VirtualAlloc
VirtualFree
GetACP
GetFileSizeEx
GetCurrentThreadId
FormatMessageW
GetSystemTime
lstrcmpA
GetFileType
UnlockFileEx
LockFileEx
MoveFileExW
WriteFile
FlushFileBuffers
SystemTimeToFileTime
FileTimeToLocalFileTime

user32

CharLowerW
CharUpperW
wvsprintfW
CharNextW
LoadBitmapW
LoadStringW

gdi32

DeleteObject

advapi32

RegOpenKeyW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
RegCloseKey
RegOpenKeyExW

shell32

SHGetFolderPathW
CommandLineToArgvW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringLen
SysAllocString
SysStringLen
SysFreeString

comctl32

ImageList_Add
ImageList_Destroy
ImageList_Create

shlwapi

PathAppendW
SHGetValueW
PathFileExistsW
StrCmpIW
StrCmpW
StrDupW
StrRChrW
PathIsDirectoryW
StrStrIW
StrChrW
PathCombineW
PathRemoveFileSpecW
PathFindExtensionW
StrCmpNIW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

__CxxFrameHandler
_wcsicmp
free
wcslen
calloc
iswdigit
??2@YAPAXI@Z
malloc
wcsstr
memmove
iswspace
_vsnwprintf
wcsrchr
_ftol
wcschr
_CxxThrowException
wcscmp
_except_handler3
_local_unwind2
wcstoul
fclose
fgetws
fopen
_wcsnicmp
_wsplitpath
fwrite
_wfopen
_wcslwr
time
wcsncmp
_errno
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
swprintf
realloc
_purecall
strncpy
qsort
memchr
swscanf
tolower
wcscat
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_wtoi

ws2_32

inet_ntoa
gethostbyname
WSACleanup
WSAStartup

netapi32

Netbios

iphlpapi

GetIpAddrTable
GetIpForwardTable
GetAdaptersInfo
DeleteIPAddress
DeleteIpForwardEntry

wininet

InternetOpenA
InternetSetOptionA
HttpOpenRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetStatusCallbackA
InternetCloseHandle
InternetCrackUrlW
InternetGetConnectedState
InternetCheckConnectionW
InternetConnectA

winmm

timeGetTime

Exports

Exports

EngCreateObject
EngLib_Init

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/data.db
Fix/deepscan.dll
.dll regsvr32 windows:4 windows x86 arch:x86

16f76dd2368ffff0eed69637c33b2a0a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
WideCharToMultiByte
IsBadReadPtr
GetSystemDefaultUILanguage
GetVersionExW
GetPrivateProfileIntW
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetWindowsDirectoryW
QueryDosDeviceW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
FindClose
FindFirstFileW
GetFileAttributesExW
GetCurrentProcess
LocalFree
SearchPathW
GetLongPathNameW
ExpandEnvironmentStringsW
LoadLibraryW
WaitForSingleObject
CreateProcessA
CreatePipe
ExpandEnvironmentStringsA
MoveFileExW
GetFullPathNameW
MultiByteToWideChar
OpenProcess
GetModuleHandleW
GetACP
WriteFile
LockResource
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
lstrcpyW
FindNextFileW
GetDriveTypeW
CreateDirectoryW
GetTickCount
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
GetSystemInfo
ResetEvent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
DebugBreak
LocalAlloc
OutputDebugStringW
GetPrivateProfileSectionW
GetSystemWindowsDirectoryW
InterlockedIncrement
CopyFileW
GetEnvironmentVariableW
SetEnvironmentVariableW
Sleep
InterlockedCompareExchange
GetProcAddress
lstrlenW
GetModuleFileNameW
InterlockedDecrement
FreeLibrary
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
TerminateProcess
SetLastError
TlsGetValue
OpenThread
TlsSetValue
GetProcessHeap
HeapAlloc
TlsAlloc
TlsFree
HeapFree
VirtualAlloc
VirtualFree
SetFilePointerEx
GetFileSizeEx
GetCurrentThreadId
FormatMessageW
GetSystemTime
ReleaseMutex
CreateMutexW
lstrcmpA
GetFileType
WaitForMultipleObjects
SetEvent
UnlockFileEx
LockFileEx
FlushFileBuffers
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventW

user32

LoadStringW
CharNextW
wvsprintfW
CharLowerW

winspool.drv

GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW

advapi32

SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
GetTokenInformation
LookupAccountSidW
RegDeleteValueW
RegEnumValueW
RegEnumKeyExW
RegCreateKeyExW
EnumServicesStatusW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
FreeSid
InitializeSecurityDescriptor

shell32

ord155
SHGetMalloc
SHGetSpecialFolderLocation
CommandLineToArgvW
ord18
SHGetDesktopFolder
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHGetFolderPathW

ole32

OleRun
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen
VariantClear
VariantCopy
VariantChangeType
VariantInit

shlwapi

PathCombineW
StrDupW
PathRenameExtensionW
StrCmpW
PathFindFileNameW
StrToIntW
PathFindExtensionW
PathRemoveFileSpecA
PathAppendW
PathFileExistsW
StrStrIW
StrCmpIW
PathRemoveFileSpecW
StrRChrW
PathIsDirectoryW
StrCpyNW
StrRetToBufW
StrStrW
SHGetValueW
StrCmpNW
StrCmpNIW
StrChrW
PathCombineA

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

_wcsnicmp
_strupr
??2@YAPAXI@Z
__CxxFrameHandler
wcsstr
_wcsicmp
wcslen
wcscmp
iswspace
memmove
iswdigit
_wtoi
_vsnwprintf
malloc
free
_vsnprintf
_stricmp
_strnicmp
memchr
wcschr
wcsrchr
_wcslwr
_ftol
_except_handler3
_wcsdup
_wsplitpath
towlower
tolower
wprintf
_CxxThrowException
time
wcsncmp
_errno
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
swprintf
realloc
_purecall
strncpy
qsort
swscanf
wcscat
_memicmp
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv

wininet

HttpSendRequestExA
HttpAddRequestHeadersA
InternetConnectA
InternetOpenA
InternetSetOptionA
HttpOpenRequestA
InternetSetStatusCallbackA
InternetCloseHandle
InternetCrackUrlW
InternetWriteFile

psapi

EnumProcessModules
GetModuleFileNameExW

netapi32

Netbios

winmm

timeGetTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
EngLib_Init
EngSectionRestore

Sections

.text
Size: 548KB - Virtual size: 545KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 124KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/dscon.dat
Fix/dsr.dat
Fix/heavygate.dll
.dll windows:4 windows x86 arch:x86

d34d80d85c6a7412e3b96eff75a5ba29

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isspace
localtime
malloc
memcpy
memmove
memset
qsort
realloc
strcmp
strcpy
strncmp
tolower

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_status
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 912B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Fix/qutmdrv.sys
.sys windows:5 windows x86 arch:x86

9c13713934db088ed67f63f615cdd982

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\qutmload\drv\objfre_wxp_x86\i386\qutmdrv.pdb

Imports

ntoskrnl.exe

ExQueueWorkItem
IoAttachDeviceToDeviceStack
DbgPrint
KeDelayExecutionThread
ObfDereferenceObject
ObfReferenceObject
ZwClose
ZwQueryValueKey
ZwOpenKey
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
RtlEqualUnicodeString
ObQueryNameString
IoDeleteDevice
IoDetachDevice
ExFreePoolWithTag
IoCreateDevice
ExAllocatePoolWithTag
_except_handler3
RtlCompareUnicodeString
IoGetDeviceObjectPointer
IoRegisterFsRegistrationChange
IoCreateSymbolicLink
ExInitializePagedLookasideList
IoFreeIrp
RtlVolumeDeviceToDosName
RtlCopyUnicodeString
memmove
_snwprintf
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
KeGetCurrentThread
IoAllocateIrp
RtlAppendUnicodeStringToString
IoGetTopLevelIrp
RtlAppendUnicodeToString
ZwTerminateProcess
ZwOpenProcess
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceSharedLite
ExAcquireSharedStarveExclusive
ExInitializeResourceLite
ExDeleteResourceLite
PsGetCurrentProcessId
KeSetEvent
ObReferenceObjectByHandle
wcslen
ExGetPreviousMode
PsSetCreateProcessNotifyRoutine
IoReleaseCancelSpinLock
wcsncpy
wcsncmp
RtlUpcaseUnicodeString
IoGetCurrentProcess
IoFileObjectType
ZwOpenFile
ZwQueryInformationProcess
ObOpenObjectByPointer
PsProcessType
PsLookupProcessByProcessId
PsGetCurrentThreadId
IoQueryFileInformation
ObReferenceObjectByPointer
KeUnstackDetachProcess
MmSectionObjectType
KeStackAttachProcess
FsRtlIsNameInExpression
IoGetAttachedDevice
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
ProbeForRead
ObOpenObjectByName
ZwCreateFile
IoCreateFile
MmIsAddressValid
KeServiceDescriptorTable
ZwOpenDirectoryObject
ZwQueryDirectoryFile
SeSinglePrivilegeCheck
SeExports
IoThreadToProcess
PsThreadType
PsLookupThreadByThreadId
ObReferenceObjectByName
ZwQueryObject
MmUserProbeAddress
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeTickCount
KeBugCheckEx
IofCallDriver
IofCompleteRequest
PsGetVersion
RtlInitUnicodeString
_wcsnicmp
MmGetSystemRoutineAddress

hal

KfLowerIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeGetCurrentIrql
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 896B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/qutmload.dll
.dll windows:4 windows x86 arch:x86

896b810c4a2db6d66640b512d19726af

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
DeviceIoControl
CreateEventA
ReadFile
SleepEx
DeleteFileA
TerminateThread
SetEvent
HeapFree
HeapAlloc
GetProcessHeap
OutputDebugStringA
GetModuleFileNameA
CopyFileA
GetLastError
LoadLibraryA
FreeLibrary
CloseHandle
GetSystemDirectoryA
GetVersionExA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
CreateThread
CreateFileA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
FatalAppExitA
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
Sleep
IsValidLocale
IsValidCodePage
SetEnvironmentVariableA

advapi32

OpenSCManagerA
OpenServiceA
StartServiceA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
CloseServiceHandle
CreateServiceA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
DeleteService

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

PathFileExistsA
SHDeleteKeyA

Exports

Exports

AddBlackFileName
AddBlackProcessByPid
AddClientRule
AddProtectedFile
AddRule
AddWhiteFileName
AddWhiteProcessByPid
CleanupAllClientRules
CleanupAllRules
ClearBlackFileList
ClearBlackProcessList
ClearWhiteFileList
ClearWhiteProcessList
CloseClientSession
CreateClientSession
GetClientSessionHandle
Install
NotifyDriverClientResult
NotifyDriverResult
QueryDriverVersion
RemoveAllProtectedFile
RemoveBlackFileName
RemoveBlackProcessByPid
RemoveProtectedFile
RemoveWhiteFileName
RemoveWhiteProcessByPid
SetupInstall
StartHook
StartHookEx
StopHook
Uninstall

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/softcheck.dll
.dll windows:4 windows x86 arch:x86

afd4ee119c97999a47c7f919d364e893

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryW
GetModuleHandleW
GetFileAttributesExW
InterlockedIncrement
InterlockedDecrement
ReadFile
lstrlenW
CloseHandle
GetACP
SetFilePointer
CreateFileW
lstrlenA
GetSystemWindowsDirectoryW
FindNextFileW
FreeLibrary
DeleteFileW
GetLongPathNameW
GetTempPathW
GetCurrentProcess
LocalFree
SetFileAttributesW
MoveFileExW
CopyFileW
GetLastError
GetDriveTypeW
ExpandEnvironmentStringsW
GetTickCount
WriteFile
WaitForMultipleObjects
SetEvent
SetLastError
GetSystemDirectoryW
GetEnvironmentVariableW
GetVersionExW
FindFirstFileW
FindClose
InterlockedCompareExchange
Sleep
GetFileAttributesW
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
CreateMutexW
VirtualAlloc
VirtualFree
SetFilePointerEx
GetFileSizeEx
ResetEvent
WaitForSingleObject
CreateEventW
RemoveDirectoryW
GetFileSize
GetSystemTime
GetFileType
CreateFileA
lstrcmpA
FormatMessageW
OutputDebugStringW
GetCurrentThreadId

user32

LoadStringW
CharNextW
GetDesktopWindow

advapi32

GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoInitialize
OleRun

oleaut32

GetErrorInfo
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
SHGetValueW
StrRChrW
StrCmpIW
StrStrIW
StrChrW
PathAppendW
PathFindExtensionW
StrRStrIW
StrCmpNIW

version

VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

msvcrt

time
strncpy
wcscat
wcscpy
ftell
fprintf
_fdopen
fopen
_errno
fwrite
fread
fclose
fputc
strerror
_CxxThrowException
wcsncmp
memmove
wcstok
_snwprintf
wcschr
swprintf
_purecall
qsort
memchr
_wcslwr
tolower
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
srand
wcsrchr
wcsncpy
realloc
iswdigit
wcscmp
_except_handler3
rand
_wcsicmp
strchr
iswspace
_wcsnicmp
_wtoi
_vsnwprintf
free
swscanf
wcslen
__CxxFrameHandler
??2@YAPAXI@Z
_stricmp
malloc
_iob

wininet

InternetCloseHandle
InternetErrorDlg
InternetCrackUrlW
InternetSetStatusCallbackA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpQueryInfoA
InternetGetConnectedState
InternetSetOptionA
InternetOpenA
InternetReadFileExA
HttpEndRequestA
InternetConnectA

winmm

timeGetTime

Exports

Exports

CheckFiles
CheckFreeFileMemory
CheckFreeMemory
CheckSoftCancel
CheckSoftware
SetDownLoadCallBack
SetDownloadClassCallBack
SetEnumDisk
SetHttpCallMode
SoftCheckClose
SoftCheckCreate
SoftReplaceOneFile
SoftReplaceOneFile2

Sections

.text
Size: 256KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fix/syscheck.dat
Fix/sysfilerepS.dll
.dll windows:4 windows x86 arch:x86

6516732ef56610f372c7ce9b79821ed4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
Sleep
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentVariableW
CloseHandle
GetCurrentProcess
LocalFree
DeleteFileW
SetFileAttributesW
MoveFileExW
CopyFileW
GetLastError
InterlockedDecrement
GetTimeZoneInformation
GetModuleFileNameW
GetVersionExW
GetLongPathNameW
GetTempPathW
InterlockedIncrement
FindClose
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
SystemTimeToFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemDefaultUILanguage
GetSystemWindowsDirectoryW
WriteFile
CreateFileA
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
GetACP
WaitForSingleObject
CreateMutexW
GetFileSize
VirtualAlloc
VirtualFree
SetFilePointerEx
GetFileSizeEx
GetCurrentThreadId
OutputDebugStringW
FormatMessageW
GetSystemTime
SetFilePointer
ReadFile
lstrcmpA
GetFileType
CreateFileW
lstrlenA
GetSystemDirectoryW
FindFirstFileW

advapi32

RegEnumKeyExW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

SysFreeString
GetErrorInfo
VariantClear
SysAllocString

shlwapi

StrStrIW
PathAppendW
StrCmpW
StrCmpIW
StrRChrW
PathFileExistsW
StrCmpNW
SHGetValueW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcrt

??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
_onexit
__dllonexit
_wunlink
realloc
_wcslwr
_wcsnicmp
strchr
_wcsupr
??2@YAPAXI@Z
_wtoi
_iob
fflush
rand
malloc
free
_vsnwprintf
isdigit
swscanf
wcsrchr
wcslen
memmove
_except_handler3
_CxxThrowException
wcsncmp
wcscmp
_errno
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
wcschr
swprintf
_purecall
strncpy
qsort
memchr
tolower
wcscat
fprintf
__CxxFrameHandler
?terminate@@YAXXZ

winmm

timeGetTime

Exports

Exports

cancel_sysfilerep_req
close_sysfilerep_object
create_sysfilerep_object
judgeif_sys_file
judgeif_sys_file_a
judgeif_sys_file_w
replace_all_sys_file
replace_all_sys_file_a
replace_all_sys_file_w
replace_get_http_count
replace_set_http_mode
replace_set_product_a
replace_set_product_w
replace_sys_file
replace_sys_file_a
replace_sys_file_w
set_download_callback
set_sysfilerep_timeout

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GKillers/pttlnkgkillers.dll
.dll windows:4 windows x86 arch:x86

5417fb85ad817de3da22d72224814d47

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
SetFileAttributesW
GetFileAttributesW
FindNextFileW
FindFirstFileW
InterlockedDecrement
GetVersionExA
lstrlenA
WideCharToMultiByte
GetCurrentProcess
DeviceIoControl
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
GetLastError
CloseHandle
WriteFile
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedIncrement
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle

user32

MessageBoxA

shell32

CommandLineToArgvW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathFileExistsW
PathAppendW
StrCmpIW
StrStrIW
PathFindExtensionW
StrRChrIW

Exports

Exports

??4CPttLnkGkiller@@QAEAAV0@ABV0@@Z
RunKiller

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SuperKiller.exe
.exe windows:4 windows x86 arch:x86

cc27151958388f85fefbd967b2056328

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SystemTimeToFileTime
GetLocalTime
GetSystemDefaultUILanguage
GetSystemDirectoryW
GetLongPathNameA
Process32Next
Process32First
GetFileAttributesExA
DeviceIoControl
GetModuleHandleA
GetDiskFreeSpaceA
GetShortPathNameA
TerminateThread
GetSystemTime
RemoveDirectoryA
DeleteFileW
SetFileAttributesW
SuspendThread
SetThreadPriority
GetCommandLineA
SetUnhandledExceptionFilter
CreateMutexA
ExitProcess
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetFileAttributesW
SearchPathW
GetLongPathNameW
SearchPathA
DuplicateHandle
FormatMessageA
FlushFileBuffers
GlobalFindAtomA
GlobalAddAtomA
GetStartupInfoA
GetSystemTimeAsFileTime
SetFileTime
DosDateTimeToFileTime
GetFileInformationByHandle
FileTimeToDosDateTime
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableA
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableA
TlsFree
HeapFree
ReleaseMutex
VirtualAlloc
VirtualFree
FormatMessageW
GetACP
SetFilePointerEx
GetFileSizeEx
LoadLibraryW
GetFileType
RaiseException
InterlockedExchange
FindClose
MoveFileExA
MoveFileA
GetCurrentProcessId
CreateToolhelp32Snapshot
Module32First
Module32Next
IsBadReadPtr
CreatePipe
CreateProcessA
CreateDirectoryA
GetCommandLineW
GetTempPathA
GetTempFileNameA
GetSystemDirectoryA
QueryDosDeviceA
GetWindowsDirectoryA
GetFileAttributesA
SetFileAttributesA
CopyFileA
DeleteFileA
LocalAlloc
LocalFree
GetFileSize
SetLastError
ExpandEnvironmentStringsA
FileTimeToSystemTime
lstrcmpiA
lstrcmpA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
WritePrivateProfileStringA
GetLastError
GetCurrentThreadId
ResumeThread
ResetEvent
GetDriveTypeA
FindFirstFileA
FindNextFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetLogicalDrives
Sleep
WideCharToMultiByte
CreateEventA
CreateThread
WaitForSingleObject
WriteFile
SetFilePointer
ReadFile
CreateFileA
CloseHandle
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
TerminateProcess
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
OutputDebugStringA
DebugBreak
InterlockedDecrement
InterlockedIncrement
GetTickCount
MulDiv
GetVersionExA
GetProcAddress
LoadLibraryA
FreeLibrary
IsBadWritePtr
lstrlenW
lstrcpynW
lstrcpynA
FindResourceA
LoadResource
lstrlenA
MultiByteToWideChar
FreeResource
SizeofResource
GlobalAlloc
LockResource
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForMultipleObjects

user32

DrawTextExA
BeginPaint
PostMessageA
ReleaseCapture
EnableWindow
CreateWindowExA
GetWindowLongA
SetWindowLongA
SetWindowPos
GetSystemMenu
GetWindowRect
GetWindow
GetParent
SetTimer
GetCapture
CallWindowProcA
SetCapture
GetDlgCtrlID
PtInRect
ClientToScreen
KillTimer
DrawTextA
GetWindowTextA
GetWindowTextLengthA
DefWindowProcA
UpdateWindow
SystemParametersInfoA
MapWindowPoints
GetMenu
AdjustWindowRectEx
SetWindowTextA
ShowWindow
LoadIconA
IsWindowEnabled
GetPropA
GetClientRect
TranslateAcceleratorA
IsWindow
SendMessageA
CreateDialogParamA
IsDialogMessageA
SetCursor
GetSysColor
LoadCursorA
EndPaint
DestroyWindow
InvalidateRect
SetRect
CopyRect
OffsetRect
GetDC
ReleaseDC
DrawFocusRect
InflateRect
GetSystemMetrics
DrawEdge
PostQuitMessage
SetFocus
LoadStringA
LoadStringW
MessageBeep
DestroyMenu
AppendMenuA
GetMenuItemInfoA
GetMenuItemCount
CreatePopupMenu
TrackPopupMenuEx
PeekMessageA
RemoveMenu
GetMonitorInfoA
MonitorFromPoint
GetDlgItem
RedrawWindow
IsWindowVisible
RegisterClassExA
wsprintfA
GetClassInfoExA
DestroyCursor
GetScrollInfo
GetScrollPos
GetMessagePos
ScreenToClient
SetScrollPos
GetKeyState
RegisterClipboardFormatA
wvsprintfA
CharNextA
SetScrollInfo
GetFocus
IsRectEmpty
FrameRect
IntersectRect
SetWindowRgn
FillRect
DrawFrameControl
GetAsyncKeyState
EqualRect
EndDialog
DialogBoxParamA
DispatchMessageA
TranslateMessage
GetMessageA
LoadAcceleratorsA
LoadMenuA
LoadImageA
SetForegroundWindow
GetTopWindow
SetPropA
GetDesktopWindow
GetSysColorBrush
ExitWindowsEx
MessageBoxA
SetWindowsHookExA
CharLowerA
EnableMenuItem

gdi32

ExtTextOutA
MoveToEx
LineTo
CreateCompatibleBitmap
BitBlt
CreatePatternBrush
SetTextColor
PatBlt
SetBkColor
GetStockObject
CreateFontIndirectA
SetBkMode
DeleteObject
DeleteDC
StretchBlt
GetObjectA
SelectObject
CreateCompatibleDC
GetTextExtentPoint32A
RestoreDC
SaveDC
SetViewportOrgEx
GetClipBox
RoundRect
CombineRgn
CreateRectRgn
CreatePolygonRgn
SetWindowOrgEx
OffsetWindowOrgEx
GetDeviceCaps
CreateFontA
CreateSolidBrush
Rectangle
CreatePen

advapi32

GetTokenInformation
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegCreateKeyA
RegSaveKeyA
RegRestoreKeyA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryInfoKeyA
RegEnumKeyA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteValueA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
DeleteAce
GetExplicitEntriesFromAclA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
GetUserNameA

shell32

SHFileOperationA
CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA
SHGetMalloc
SHGetSpecialFolderLocation
SHGetFileInfoA

ole32

CoTaskMemFree
CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
DoDragDrop
RevokeDragDrop
CreateStreamOnHGlobal
CoCreateGuid

oleaut32

OleLoadPicture
SysAllocString
SysFreeString

comctl32

ImageList_ReplaceIcon
ImageList_Duplicate
ImageList_Remove
InitCommonControlsEx
ImageList_DrawEx
ImageList_LoadImageA
ImageList_Draw
_TrackMouseEvent
ImageList_GetIconSize
ImageList_Destroy
ImageList_Create
ImageList_Add
ImageList_SetImageCount

msimg32

GradientFill
AlphaBlend

gdiplus

GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipAlloc
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStreamICM
GdiplusShutdown
GdipDisposeImage
GdipFree
GdipCloneImage
GdiplusStartup

shlwapi

PathFileExistsA
StrDupW
StrChrW
SHDeleteValueA
PathIsDirectoryA
PathIsDirectoryEmptyA
SHDeleteKeyA
PathAppendW
PathIsDirectoryW
PathFileExistsW
StrRChrA
PathFindFileNameA
StrStrIA
PathFindExtensionA
PathRemoveFileSpecA
PathAppendA
AssocQueryStringA
StrCmpNIW
PathCombineA
wnsprintfA
StrCmpIW
StrRChrIA
StrStrA
StrRStrIA
StrStrIW
PathRenameExtensionA
StrCmpNIA
SHGetValueA

iphlpapi

GetAdaptersInfo
DeleteIPAddress
DeleteIpForwardEntry
GetIpAddrTable
GetNetworkParams
GetIpForwardTable

wininet

HttpSendRequestA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile
InternetGetConnectedState
InternetConnectA
HttpOpenRequestA
InternetOpenUrlA
InternetOpenA

setupapi

SetupIterateCabinetA

psapi

EnumDeviceDrivers
GetDeviceDriverFileNameA
GetDeviceDriverBaseNameA

msvcrt

bsearch
_iob
srand
rand
isalpha
ldiv
isdigit
islower
isxdigit
isspace
calloc
mktime
time
gmtime
wcschr
_snwprintf
wcsrchr
wcsncpy
wcscmp
strerror
wcstok
_errno
wcscpy
sscanf
sprintf
tolower
swscanf
_mbslwr
qsort
_mbsnbcmp
_strupr
_stricmp
_wcsupr
_itoa
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_access
_mbsupr
_wcsicmp
_vsnwprintf
exit
_mbschr
?terminate@@YAXXZ
memchr
_mbsnbicmp
_strnicmp
printf
strncpy
_ismbcspace
fwrite
fflush
_mbsrchr
_splitpath
malloc
fputs
fgets
strncmp
strchr
fprintf
_mbsstr
_ismbcalnum
_tzset
_except_handler3
fopen
fread
fclose
_ftol
memcmp
_beginthreadex
strcmp
_strdup
_vsnprintf
atol
abs
div
_ismbcdigit
wcslen
_snprintf
iswprint
iswupper
_mbscmp
_mbsicmp
atoi
memcpy
memset
free
memmove
realloc
__dllonexit
_onexit
_mbsnbcpy
??2@YAPAXI@Z
strlen
__CxxFrameHandler
_purecall
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
_exit

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ave/avbe.dat
ave/avbef.dat
ave/avbek.dat
ave/ave.dll
.dll windows:4 windows x86 arch:x86

a9118190ff81bc9ab7ea833d50cb386f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
InterlockedDecrement
lstrlenA
InterlockedIncrement
GetCurrentThreadId
InitializeCriticalSection
GetProcAddress
LoadLibraryA
SetLastError
GetModuleFileNameA
WideCharToMultiByte
GetTempPathA
GetWindowsDirectoryA
ReadFile
GetFileAttributesA
GetDriveTypeA
CloseHandle
GetFileSize
CreateFileA
OutputDebugStringA
GetLogicalDriveStringsA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
CreateMutexA
GetSystemTime
ReleaseMutex
WaitForSingleObject
GetFileAttributesExA
FreeLibrary
Sleep
InterlockedCompareExchange
FindFirstFileA
GetSystemDirectoryA
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableA
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableA
TlsFree
HeapFree
VirtualAlloc
VirtualFree
FormatMessageW
LocalFree
GetACP
lstrcmpA
lstrlenW
LoadLibraryW
MultiByteToWideChar
SetFilePointerEx
GetFileType
GetFileSizeEx
FindClose

user32

LoadStringA

shell32

SHGetSpecialFolderPathA

advapi32

GetUserNameA

shlwapi

PathFileExistsA
StrStrA
StrStrIA
PathAppendA
StrRStrIA

version

VerQueryValueA
GetFileVersionInfoSizeA

msvcrt

_stricmp
toupper
memmove
_mbsicmp
strchr
_mbsnbicmp
_vsnprintf
memchr
realloc
qsort
_purecall
_mbslwr
_mbsnbcmp
_CxxThrowException
swscanf
tolower
sprintf
sscanf
_mbschr
_mbsnbcpy
_snprintf
_errno
wcstok
wcscpy
strerror
wcscmp
wcsncpy
wcsrchr
_snwprintf
wcschr
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__CxxFrameHandler
_mbsstr
_strupr
_mbscmp
_mbstok
_strnicmp
_memicmp
_except_handler3
??2@YAPAXI@Z
strncpy
free
strtok
malloc
wcslen

Exports

Exports

CloseAveEngineObj
CreateAveEngineObj
InitEng
SetScanFlag
SetScanFlagAveEngineObj
UnInitEng
matching_FileCheck
matching_FileCheckNew

Sections

.text
Size: 180KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ave/新云软件.url
.url
fixtool.ini
msvcirt.dll
.dll windows:5 windows x86 arch:x86

c9e4d1c3c611270cb8fe488259e71c2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcirt.pdb

Imports

msvcrt

isxdigit
strtol
_errno
strtoul
toupper
sprintf
fflush
_iob
fputc
fwrite
fgetc
isdigit
ftell
fseek
__badioinfo
free
_initterm
malloc
_adjust_fdiv
?terminate@@YAXXZ
_except_handler3
__dllonexit
_onexit
isspace
strtod
_setmode
_sopen
??_U@YAPAXI@Z
_read
_write
memmove
__pioinfo
_lseek
_close
??2@YAPAXI@Z
__CxxFrameHandler
??3@YAXPAX@Z
fread
_purecall

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter

Exports

Exports

??0Iostream_init@@QAE@AAVios@@H@Z
??0Iostream_init@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??0filebuf@@QAE@ABV0@@Z
??0filebuf@@QAE@H@Z
??0filebuf@@QAE@HPADH@Z
??0filebuf@@QAE@XZ
??0fstream@@QAE@ABV0@@Z
??0fstream@@QAE@H@Z
??0fstream@@QAE@HPADH@Z
??0fstream@@QAE@PBDHH@Z
??0fstream@@QAE@XZ
??0ifstream@@QAE@ABV0@@Z
??0ifstream@@QAE@H@Z
??0ifstream@@QAE@HPADH@Z
??0ifstream@@QAE@PBDHH@Z
??0ifstream@@QAE@XZ
??0ios@@IAE@ABV0@@Z
??0ios@@IAE@XZ
??0ios@@QAE@PAVstreambuf@@@Z
??0iostream@@IAE@ABV0@@Z
??0iostream@@IAE@XZ
??0iostream@@QAE@PAVstreambuf@@@Z
??0istream@@IAE@ABV0@@Z
??0istream@@IAE@XZ
??0istream@@QAE@PAVstreambuf@@@Z
??0istream_withassign@@QAE@ABV0@@Z
??0istream_withassign@@QAE@PAVstreambuf@@@Z
??0istream_withassign@@QAE@XZ
??0istrstream@@QAE@ABV0@@Z
??0istrstream@@QAE@PAD@Z
??0istrstream@@QAE@PADH@Z
??0logic_error@@QAE@ABQBD@Z
??0logic_error@@QAE@ABV0@@Z
??0ofstream@@QAE@ABV0@@Z
??0ofstream@@QAE@H@Z
??0ofstream@@QAE@HPADH@Z
??0ofstream@@QAE@PBDHH@Z
??0ofstream@@QAE@XZ
??0ostream@@IAE@ABV0@@Z
??0ostream@@IAE@XZ
??0ostream@@QAE@PAVstreambuf@@@Z
??0ostream_withassign@@QAE@ABV0@@Z
??0ostream_withassign@@QAE@PAVstreambuf@@@Z
??0ostream_withassign@@QAE@XZ
??0ostrstream@@QAE@ABV0@@Z
??0ostrstream@@QAE@PADHH@Z
??0ostrstream@@QAE@XZ
??0stdiobuf@@QAE@ABV0@@Z
??0stdiobuf@@QAE@PAU_iobuf@@@Z
??0stdiostream@@QAE@ABV0@@Z
??0stdiostream@@QAE@PAU_iobuf@@@Z
??0streambuf@@IAE@PADH@Z
??0streambuf@@IAE@XZ
??0streambuf@@QAE@ABV0@@Z
??0strstream@@QAE@ABV0@@Z
??0strstream@@QAE@PADHH@Z
??0strstream@@QAE@XZ
??0strstreambuf@@QAE@ABV0@@Z
??0strstreambuf@@QAE@H@Z
??0strstreambuf@@QAE@P6APAXJ@ZP6AXPAX@Z@Z
??0strstreambuf@@QAE@PADH0@Z
??0strstreambuf@@QAE@PAEH0@Z
??0strstreambuf@@QAE@XZ
??1Iostream_init@@QAE@XZ
??1exception@@UAE@XZ
??1filebuf@@UAE@XZ
??1fstream@@UAE@XZ
??1ifstream@@UAE@XZ
??1ios@@UAE@XZ
??1iostream@@UAE@XZ
??1istream@@UAE@XZ
??1istream_withassign@@UAE@XZ
??1istrstream@@UAE@XZ
??1logic_error@@UAE@XZ
??1ofstream@@UAE@XZ
??1ostream@@UAE@XZ
??1ostream_withassign@@UAE@XZ
??1ostrstream@@UAE@XZ
??1stdiobuf@@UAE@XZ
??1stdiostream@@UAE@XZ
??1streambuf@@UAE@XZ
??1strstream@@UAE@XZ
??1strstreambuf@@UAE@XZ
??4Iostream_init@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??4filebuf@@QAEAAV0@ABV0@@Z
??4fstream@@QAEAAV0@AAV0@@Z
??4ifstream@@QAEAAV0@ABV0@@Z
??4ios@@IAEAAV0@ABV0@@Z
??4iostream@@IAEAAV0@AAV0@@Z
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
??4istream@@IAEAAV0@ABV0@@Z
??4istream@@IAEAAV0@PAVstreambuf@@@Z
??4istream_withassign@@QAEAAV0@ABV0@@Z
??4istream_withassign@@QAEAAVistream@@ABV1@@Z
??4istream_withassign@@QAEAAVistream@@PAVstreambuf@@@Z
??4istrstream@@QAEAAV0@ABV0@@Z
??4logic_error@@QAEAAV0@ABV0@@Z
??4ofstream@@QAEAAV0@ABV0@@Z
??4ostream@@IAEAAV0@ABV0@@Z
??4ostream@@IAEAAV0@PAVstreambuf@@@Z
??4ostream_withassign@@QAEAAV0@ABV0@@Z
??4ostream_withassign@@QAEAAVostream@@ABV1@@Z
??4ostream_withassign@@QAEAAVostream@@PAVstreambuf@@@Z
??4ostrstream@@QAEAAV0@ABV0@@Z
??4stdiobuf@@QAEAAV0@ABV0@@Z
??4stdiostream@@QAEAAV0@AAV0@@Z
??4streambuf@@QAEAAV0@ABV0@@Z
??4strstream@@QAEAAV0@AAV0@@Z
??4strstreambuf@@QAEAAV0@ABV0@@Z
??5istream@@QAEAAV0@AAC@Z
??5istream@@QAEAAV0@AAD@Z
??5istream@@QAEAAV0@AAE@Z
??5istream@@QAEAAV0@AAF@Z
??5istream@@QAEAAV0@AAG@Z
??5istream@@QAEAAV0@AAH@Z
??5istream@@QAEAAV0@AAI@Z
??5istream@@QAEAAV0@AAJ@Z
??5istream@@QAEAAV0@AAK@Z
??5istream@@QAEAAV0@AAM@Z
??5istream@@QAEAAV0@AAN@Z
??5istream@@QAEAAV0@AAO@Z
??5istream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??5istream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??5istream@@QAEAAV0@PAC@Z
??5istream@@QAEAAV0@PAD@Z
??5istream@@QAEAAV0@PAE@Z
??5istream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@C@Z
??6ostream@@QAEAAV0@D@Z
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@F@Z
??6ostream@@QAEAAV0@G@Z
??6ostream@@QAEAAV0@H@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@M@Z
??6ostream@@QAEAAV0@N@Z
??6ostream@@QAEAAV0@O@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
??6ostream@@QAEAAV0@P6AAAVios@@AAV1@@Z@Z
??6ostream@@QAEAAV0@PAVstreambuf@@@Z
??6ostream@@QAEAAV0@PBC@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@PBE@Z
??6ostream@@QAEAAV0@PBX@Z
??7ios@@QBEHXZ
??Bios@@QBEPAXXZ
??_7exception@@6B@
??_7filebuf@@6B@
??_7fstream@@6B@
??_7ifstream@@6B@
??_7ios@@6B@
??_7iostream@@6B@
??_7istream@@6B@
??_7istream_withassign@@6B@
??_7istrstream@@6B@
??_7logic_error@@6B@
??_7ofstream@@6B@
??_7ostream@@6B@
??_7ostream_withassign@@6B@
??_7ostrstream@@6B@
??_7stdiobuf@@6B@
??_7stdiostream@@6B@
??_7streambuf@@6B@
??_7strstream@@6B@
??_7strstreambuf@@6B@
??_8fstream@@7Bistream@@@
??_8fstream@@7Bostream@@@
??_8ifstream@@7B@
??_8iostream@@7Bistream@@@
??_8iostream@@7Bostream@@@
??_8istream@@7B@
??_8istream_withassign@@7B@
??_8istrstream@@7B@
??_8ofstream@@7B@
??_8ostream@@7B@
??_8ostream_withassign@@7B@
??_8ostrstream@@7B@
??_8stdiostream@@7Bistream@@@
??_8stdiostream@@7Bostream@@@
??_8strstream@@7Bistream@@@
??_8strstream@@7Bostream@@@
??_Dfstream@@QAEXXZ
??_Difstream@@QAEXXZ
??_Diostream@@QAEXXZ
??_Distream@@QAEXXZ
??_Distream_withassign@@QAEXXZ
??_Distrstream@@QAEXXZ
??_Dofstream@@QAEXXZ
??_Dostream@@QAEXXZ
??_Dostream_withassign@@QAEXXZ
??_Dostrstream@@QAEXXZ
??_Dstdiostream@@QAEXXZ
??_Dstrstream@@QAEXXZ
??_Eexception@@UAEPAXI@Z
??_Efilebuf@@UAEPAXI@Z
??_Efstream@@UAEPAXI@Z
??_Eifstream@@UAEPAXI@Z
??_Eios@@UAEPAXI@Z
??_Eiostream@@UAEPAXI@Z
??_Eistream@@UAEPAXI@Z
??_Eistream_withassign@@UAEPAXI@Z
??_Eistrstream@@UAEPAXI@Z
??_Elogic_error@@UAEPAXI@Z
??_Eofstream@@UAEPAXI@Z
??_Eostream@@UAEPAXI@Z
??_Eostream_withassign@@UAEPAXI@Z
??_Eostrstream@@UAEPAXI@Z
??_Estdiobuf@@UAEPAXI@Z
??_Estdiostream@@UAEPAXI@Z
??_Estreambuf@@UAEPAXI@Z
??_Estrstream@@UAEPAXI@Z
??_Estrstreambuf@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
??_Gfilebuf@@UAEPAXI@Z
??_Gfstream@@UAEPAXI@Z
??_Gifstream@@UAEPAXI@Z
??_Gios@@UAEPAXI@Z
??_Giostream@@UAEPAXI@Z
??_Gistream@@UAEPAXI@Z
??_Gistream_withassign@@UAEPAXI@Z
??_Gistrstream@@UAEPAXI@Z
??_Glogic_error@@UAEPAXI@Z
??_Gofstream@@UAEPAXI@Z
??_Gostream@@UAEPAXI@Z
??_Gostream_withassign@@UAEPAXI@Z
??_Gostrstream@@UAEPAXI@Z
??_Gstdiobuf@@UAEPAXI@Z
??_Gstdiostream@@UAEPAXI@Z
??_Gstreambuf@@UAEPAXI@Z
??_Gstrstream@@UAEPAXI@Z
??_Gstrstreambuf@@UAEPAXI@Z
?adjustfield@ios@@2JB
?allocate@streambuf@@IAEHXZ
?attach@filebuf@@QAEPAV1@H@Z
?attach@fstream@@QAEXH@Z
?attach@ifstream@@QAEXH@Z
?attach@ofstream@@QAEXH@Z
?bad@ios@@QBEHXZ
?base@streambuf@@IBEPADXZ
?basefield@ios@@2JB
?binary@filebuf@@2HB
?bitalloc@ios@@SAJXZ
?blen@streambuf@@IBEHXZ
?cerr@@3Vostream_withassign@@A
?cin@@3Vistream_withassign@@A
?clear@ios@@QAEXH@Z
?clog@@3Vostream_withassign@@A
?close@filebuf@@QAEPAV1@XZ
?close@fstream@@QAEXXZ
?close@ifstream@@QAEXXZ
?close@ofstream@@QAEXXZ
?clrlock@ios@@QAAXXZ
?clrlock@streambuf@@QAEXXZ
?cout@@3Vostream_withassign@@A
?dbp@streambuf@@QAEXXZ
?dec@@YAAAVios@@AAV1@@Z
?delbuf@ios@@QAEXH@Z
?delbuf@ios@@QBEHXZ
?doallocate@streambuf@@MAEHXZ
?doallocate@strstreambuf@@MAEHXZ
?eatwhite@istream@@QAEXXZ
?eback@streambuf@@IBEPADXZ
?ebuf@streambuf@@IBEPADXZ
?egptr@streambuf@@IBEPADXZ
?endl@@YAAAVostream@@AAV1@@Z
?ends@@YAAAVostream@@AAV1@@Z
?eof@ios@@QBEHXZ
?epptr@streambuf@@IBEPADXZ
?fLockcInit@ios@@0HA
?fail@ios@@QBEHXZ
?fd@filebuf@@QBEHXZ
?fd@fstream@@QBEHXZ
?fd@ifstream@@QBEHXZ
?fd@ofstream@@QBEHXZ
?fill@ios@@QAEDD@Z
?fill@ios@@QBEDXZ
?flags@ios@@QAEJJ@Z
?flags@ios@@QBEJXZ
?floatfield@ios@@2JB
?flush@@YAAAVostream@@AAV1@@Z
?flush@ostream@@QAEAAV1@XZ
?freeze@strstreambuf@@QAEXH@Z
?gbump@streambuf@@IAEXH@Z
?gcount@istream@@QBEHXZ
?get@istream@@IAEAAV1@PADHH@Z
?get@istream@@QAEAAV1@AAC@Z
?get@istream@@QAEAAV1@AAD@Z
?get@istream@@QAEAAV1@AAE@Z
?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
?get@istream@@QAEAAV1@PACHD@Z
?get@istream@@QAEAAV1@PADHD@Z
?get@istream@@QAEAAV1@PAEHD@Z
?get@istream@@QAEHXZ
?getdouble@istream@@AAEHPADH@Z
?getint@istream@@AAEHPAD@Z
?getline@istream@@QAEAAV1@PACHD@Z
?getline@istream@@QAEAAV1@PADHD@Z
?getline@istream@@QAEAAV1@PAEHD@Z
?good@ios@@QBEHXZ
?gptr@streambuf@@IBEPADXZ
?hex@@YAAAVios@@AAV1@@Z
?ignore@istream@@QAEAAV1@HH@Z
?in_avail@streambuf@@QBEHXZ
?init@ios@@IAEXPAVstreambuf@@@Z
?ipfx@istream@@QAEHH@Z
?is_open@filebuf@@QBEHXZ
?is_open@fstream@@QBEHXZ
?is_open@ifstream@@QBEHXZ
?is_open@ofstream@@QBEHXZ
?isfx@istream@@QAEXXZ
?iword@ios@@QBEAAJH@Z
?lock@ios@@QAAXXZ
?lock@streambuf@@QAEXXZ
?lockbuf@ios@@QAAXXZ
?lockc@ios@@KAXXZ
?lockptr@ios@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?lockptr@streambuf@@IAEPAU_CRT_CRITICAL_SECTION@@XZ
?oct@@YAAAVios@@AAV1@@Z
?open@filebuf@@QAEPAV1@PBDHH@Z
?open@fstream@@QAEXPBDHH@Z
?open@ifstream@@QAEXPBDHH@Z
?open@ofstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
?opfx@ostream@@QAEHXZ
?osfx@ostream@@QAEXXZ
?out_waiting@streambuf@@QBEHXZ
?overflow@filebuf@@UAEHH@Z
?overflow@stdiobuf@@UAEHH@Z
?overflow@strstreambuf@@UAEHH@Z
?pbackfail@stdiobuf@@UAEHH@Z
?pbackfail@streambuf@@UAEHH@Z
?pbase@streambuf@@IBEPADXZ
?pbump@streambuf@@IAEXH@Z
?pcount@ostrstream@@QBEHXZ
?pcount@strstream@@QBEHXZ
?peek@istream@@QAEHXZ
?pptr@streambuf@@IBEPADXZ
?precision@ios@@QAEHH@Z
?precision@ios@@QBEHXZ
?put@ostream@@QAEAAV1@C@Z
?put@ostream@@QAEAAV1@D@Z
?put@ostream@@QAEAAV1@E@Z
?putback@istream@@QAEAAV1@D@Z
?pword@ios@@QBEAAPAXH@Z
?rdbuf@fstream@@QBEPAVfilebuf@@XZ
?rdbuf@ifstream@@QBEPAVfilebuf@@XZ
?rdbuf@ios@@QBEPAVstreambuf@@XZ
?rdbuf@istrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@ofstream@@QBEPAVfilebuf@@XZ
?rdbuf@ostrstream@@QBEPAVstrstreambuf@@XZ
?rdbuf@stdiostream@@QBEPAVstdiobuf@@XZ
?rdbuf@strstream@@QBEPAVstrstreambuf@@XZ
?rdstate@ios@@QBEHXZ
?read@istream@@QAEAAV1@PACH@Z
?read@istream@@QAEAAV1@PADH@Z
?read@istream@@QAEAAV1@PAEH@Z
?sbumpc@streambuf@@QAEHXZ
?seekg@istream@@QAEAAV1@J@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekoff@filebuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@stdiobuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@streambuf@@UAEJJW4seek_dir@ios@@H@Z
?seekoff@strstreambuf@@UAEJJW4seek_dir@ios@@H@Z
?seekp@ostream@@QAEAAV1@J@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekpos@streambuf@@UAEJJH@Z
?setb@streambuf@@IAEXPAD0H@Z
?setbuf@filebuf@@UAEPAVstreambuf@@PADH@Z
?setbuf@fstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@ifstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@ofstream@@QAEPAVstreambuf@@PADH@Z
?setbuf@streambuf@@UAEPAV1@PADH@Z
?setbuf@strstreambuf@@UAEPAVstreambuf@@PADH@Z
?setf@ios@@QAEJJ@Z
?setf@ios@@QAEJJJ@Z
?setg@streambuf@@IAEXPAD00@Z
?setlock@ios@@QAAXXZ
?setlock@streambuf@@QAEXXZ
?setmode@filebuf@@QAEHH@Z
?setmode@fstream@@QAEHH@Z
?setmode@ifstream@@QAEHH@Z
?setmode@ofstream@@QAEHH@Z
?setp@streambuf@@IAEXPAD0@Z
?setrwbuf@stdiobuf@@QAEHHH@Z
?sgetc@streambuf@@QAEHXZ
?sgetn@streambuf@@QAEHPADH@Z
?sh_none@filebuf@@2HB
?sh_read@filebuf@@2HB
?sh_write@filebuf@@2HB
?snextc@streambuf@@QAEHXZ
?sputbackc@streambuf@@QAEHD@Z
?sputc@streambuf@@QAEHH@Z
?sputn@streambuf@@QAEHPBDH@Z
?stdiofile@stdiobuf@@QAEPAU_iobuf@@XZ
?stossc@streambuf@@QAEXXZ
?str@istrstream@@QAEPADXZ
?str@ostrstream@@QAEPADXZ
?str@strstream@@QAEPADXZ
?str@strstreambuf@@QAEPADXZ
?sunk_with_stdio@ios@@0HA
?sync@filebuf@@UAEHXZ
?sync@istream@@QAEHXZ
?sync@stdiobuf@@UAEHXZ
?sync@streambuf@@UAEHXZ
?sync@strstreambuf@@UAEHXZ
?sync_with_stdio@ios@@SAXXZ
?tellg@istream@@QAEJXZ
?tellp@ostream@@QAEJXZ
?text@filebuf@@2HB
?tie@ios@@QAEPAVostream@@PAV2@@Z
?tie@ios@@QBEPAVostream@@XZ
?unbuffered@streambuf@@IAEXH@Z
?unbuffered@streambuf@@IBEHXZ
?underflow@filebuf@@UAEHXZ
?underflow@stdiobuf@@UAEHXZ
?underflow@strstreambuf@@UAEHXZ
?unlock@ios@@QAAXXZ
?unlock@streambuf@@QAEXXZ
?unlockbuf@ios@@QAAXXZ
?unlockc@ios@@KAXXZ
?unsetf@ios@@QAEJJ@Z
?what@exception@@UBEPBDXZ
?width@ios@@QAEHH@Z
?width@ios@@QBEHXZ
?write@ostream@@QAEAAV1@PBCH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?write@ostream@@QAEAAV1@PBEH@Z
?writepad@ostream@@AAEAAV1@PBD0@Z
?ws@@YAAAVistream@@AAV1@@Z
?x_curindex@ios@@0HA
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
?x_maxbit@ios@@0JA
?x_statebuf@ios@@0PAJA
?xalloc@ios@@SAHXZ
?xsgetn@streambuf@@UAEHPADH@Z
?xsputn@streambuf@@UAEHPBDH@Z
__dummy_export
_mtlock
_mtunlock

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f91a4664f2961f99679cdcf6ed77b8b3

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

35f7efc15eee93423a9b361f67007b72

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

590982a1e6b1f239e76dd6a36e37109b

Code Sign

01Certificate

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:ddCertificate

Extended Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

01
Certificate

0a
Certificate