c8b67f07cce28f7f73a036a52a05136c

Sharing

Copy URL Twitter E-mail

General

Target

c8b67f07cce28f7f73a036a52a05136c
Size

17.4MB
MD5

c8b67f07cce28f7f73a036a52a05136c
SHA1

d59c202f8538588c4dee78cfbc58d8781f475169
SHA256

e452e1abe12b7bcc9d4c7abdaf01b3c64f10787536669bfe8b8a6c9f35153e3e
SHA512

b48711aa9f5eb7b478068116d7c07d62ead3801fd3550c952718647c35b382e08a94b583cece319495d678f11b72ec6899be954d738a1ed847e9ede9cd3ace0e
SSDEEP

393216:eR8/PI01o8QUFH8PfeV7iCAfcwt2puCMGPzbHEtLMQVsQa4Wdra9:ey/PiZUxqfyuCAfX8uKnkto+8Xa9

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
c8b67f07cce28f7f73a036a52a05136c
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsTools.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsTools.dll
unpack003/$APPDATA/tools/bdmanager.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsTools.dll

Files

c8b67f07cce28f7f73a036a52a05136c
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/tools/daohang.ico
$APPDATA/tools/daohang_.ico
$APPDATA/tools/ie10.ico
$APPDATA/tools/ie6.ico
$APPDATA/tools/ie8.ico
$APPDATA/tools/sougou_search.ico
$APPDATA/tools/taobao.ico
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsTools.dll
.dll windows:5 windows x86 arch:x86

a610acde1f6a9bf4f5c18fd9c61833ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\nsTools\build\Release unicode\pdb\nsSkinEngineW.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WriteFile
CreateFileW
MoveFileExW
Module32FirstW
lstrcmpW
FindFirstFileW
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
Module32NextW
OpenProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
TerminateProcess
LoadLibraryW
FreeLibrary
lstrcpyW
GetCurrentProcess
CloseHandle
FindNextFileW
GetProcessHeap
SetEndOfFile
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
RtlUnwind
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

user32

SendMessageW
LoadStringW
wsprintfW
FindWindowW

advapi32

RegDeleteValueW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathAndSubDirW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathFileExistsW
PathAppendW

Exports

Exports

AddPendingFileRenameOperations
BeginPendingFileRenameOperations
CheckPath
EndPendingFileRenameOperations
FindModuleInProcessByDirectoryAndKillProcess
FindModuleInProcessByNameAndKillProcess
FindModuleInProcessByPathAndKillProcess
FindParentProcess
FindShortCutPath
JustDoIt
KillProcessByID
KillProcessByName
Log
SetHomePage

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools.exe
.exe windows:5 windows x86 arch:x86

f4f76ee7fd7311a49aedda549ac442f9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

59:c2:07:21:72:c5:90:d2:d4:3d:e9:f3:bc:4f:33:c5
Certificate

Issuer

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

04/03/2015, 07:05

Not After

04/03/2016, 07:05

Subject

CN=Xinfu Tan,L=Chongqing,ST=Chongqing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 2 Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

40:64:f2:bb:1b:38:6b:11:c5:a3:18:8b:be:a5:55:45:c1:90:5c:10
Signer

Actual PE Digest

40:64:f2:bb:1b:38:6b:11:c5:a3:18:8b:be:a5:55:45:c1:90:5c:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\project\build\Release\ShotCut.pdb

Imports

kernel32

CreateProcessW
CloseHandle
FlushFileBuffers
CreateFileA
InterlockedDecrement
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetModuleHandleA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineA
GetLastError
HeapFree
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
Sleep
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

MessageBoxW

advapi32

RegQueryValueExW
RegCloseKey
RegCreateKeyExW

shell32

ShellExecuteW

shlwapi

PathIsDirectoryW
PathGetArgsW
PathFileExistsW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xianfeng.exe
.exe windows:5 windows x86 arch:x86

483f0c4259a9148c34961abbda6146c1

Code Sign

aa:69:8d:f3:65:af:30:93:d3:74:00:ef:d3:2e:50:da:7e:cb:e4:a6
Signer

Actual PE Digest

aa:69:8d:f3:65:af:30:93:d3:74:00:ef:d3:2e:50:da:7e:cb:e4:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
TranslateMessage
SetWindowLongW
PeekMessageW
MsgWaitForMultipleObjects
MessageBoxW
LoadStringW
GetSystemMetrics
ExitWindowsEx
DispatchMessageW
DestroyWindow
CharUpperBuffW
CallWindowProcW

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SignalObjectAndWait
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResetEvent
RemoveDirectoryW
ReadFile
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetWindowsDirectoryW
GetVersionExW
GetUserDefaultLangID
GetThreadLocale
GetSystemInfo
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeProcess
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentProcess
GetCommandLineW
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

comctl32

InitCommonControls

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
xianfengkunbang.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:f3:65:a2:f8:67:60:12:8a:ac:56:c4:1e:82:aa:7e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/12/2014, 00:00

Not After

29/12/2015, 23:59

Subject

CN=善君韦,OU=Individual Developer,O=No Organization Affiliation,L=崇左市,ST=广西,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 692KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsTools.dll
.dll windows:5 windows x86 arch:x86

a610acde1f6a9bf4f5c18fd9c61833ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\nsTools\build\Release unicode\pdb\nsSkinEngineW.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WriteFile
CreateFileW
MoveFileExW
Module32FirstW
lstrcmpW
FindFirstFileW
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
Module32NextW
OpenProcess
SetEnvironmentVariableA
CompareStringW
CompareStringA
TerminateProcess
LoadLibraryW
FreeLibrary
lstrcpyW
GetCurrentProcess
CloseHandle
FindNextFileW
GetProcessHeap
SetEndOfFile
CreateFileA
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
RtlUnwind
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale

user32

SendMessageW
LoadStringW
wsprintfW
FindWindowW

advapi32

RegDeleteValueW
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathAndSubDirW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathFileExistsW
PathAppendW

Exports

Exports

AddPendingFileRenameOperations
BeginPendingFileRenameOperations
CheckPath
EndPendingFileRenameOperations
FindModuleInProcessByDirectoryAndKillProcess
FindModuleInProcessByNameAndKillProcess
FindModuleInProcessByPathAndKillProcess
FindParentProcess
FindShortCutPath
JustDoIt
KillProcessByID
KillProcessByName
Log
SetHomePage

Sections

.text
Size: 200KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BaiduP2PService.exe
.exe windows:4 windows x86 arch:x86

0bf0798348eaeb0f63d5587bc9e6ad2a

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cygwin\home\scmpf\compiler_src\panfeng02_563106_win32\0\app\gensoft\p2p\client\platform\objs\BaiduP2PService.pdb

Imports

p2pbase

set_p2p_download_speed_max
get_p2p_global_info
p2p_add_share
p2p_uninitialize
p2p_initialize
set_p2p_auto_download
p2p_get_runtime_stat
start_p2p_task
p2p_set_finish
delete_p2p_task
create_p2p_task
set_p2p_auto_upload
p2p_get_verify
get_p2p_id
delete_p2p_peer
search_peer
p2p_get_task_stat
set_p2p_upload_speed_max

p2pstatreport

?StatAdd@CP2PStatReport@@QAEX_K0@Z
?StatAdd@CP2PStatReport@@QAEX_KQAE@Z
?StatAdd@CP2PStatReport@@QAEX_KPAEI@Z
?SendReport@CP2PStatReport@@QAEHXZ
??1CP2PStatReport@@QAE@XZ
??0CP2PStatReport@@QAE@PBD000@Z

p2sbase

?Delete@CP2SAPI@@SAHK@Z
?DeletePeer@CP2SAPI@@SAHK_K@Z
?StopPeer@CP2SAPI@@SAHK_K@Z
?SetRange@CP2SAPI@@SAHKAAUP2SRange@@@Z
?Start@CP2SAPI@@SAHK@Z
?Create@CP2SAPI@@SAHAAKAAUP2S_TASK_ITEM@@@Z
?Quit@CP2SAPI@@SAHXZ
?Init@CP2SAPI@@SAHXZ

kernel32

FindResourceW
SetFileTime
WideCharToMultiByte
MultiByteToWideChar
LocalFileTimeToFileTime
FreeLibrary
LoadResource
LoadLibraryW
DeleteFileW
DosDateTimeToFileTime
CreateDirectoryW
CreateFileW
LockResource
GetProcAddress
GetCurrentThreadId
TlsSetValue
TlsGetValue
SizeofResource
GetSystemDirectoryW
SetFileAttributesW
FindResourceExW
GetFileSize
FlushFileBuffers
LeaveCriticalSection
WriteFile
DeleteCriticalSection
GetOverlappedResult
EnterCriticalSection
InitializeCriticalSection
SetFilePointer
ReadFile
GlobalAlloc
GetModuleHandleW
GlobalFree
GetModuleFileNameW
GetCommandLineW
GetUserDefaultLCID
GlobalMemoryStatusEx
WaitForSingleObject
GetProcessHeap
MapViewOfFile
Thread32First
GetSystemInfo
OpenThread
SuspendThread
ResumeThread
VirtualQuery
IsBadWritePtr
SetThreadLocale
Thread32Next
CreateToolhelp32Snapshot
CreateProcessW
GetSystemDefaultLCID
GetCurrentProcessId
HeapFree
HeapAlloc
GetUserDefaultLangID
GetSystemDefaultLangID
CreateFileMappingW
SetUnhandledExceptionFilter
FileTimeToSystemTime
LocalAlloc
FileTimeToLocalFileTime
LocalFree
lstrcpyW
lstrcmpA
GetModuleHandleA
SetEvent
CreateEventW
GetTickCount
MoveFileW
GetLocalTime
CreateMutexW
Sleep
ExitThread
GetExitCodeThread
ResetEvent
WritePrivateProfileStringW
GetPrivateProfileIntW
GetVersionExW
GetPrivateProfileStringW
SetCurrentDirectoryW
VirtualFree
VirtualAlloc
lstrlenW
GetFileAttributesExW
GetCurrentThread
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GlobalAddAtomW
GlobalLock
GlobalUnlock
GlobalFindAtomW
TlsAlloc
GetCurrentProcess
SetEndOfFile
HeapReAlloc
GetCommandLineA
GetModuleFileNameA
RaiseException
lstrlenA
GetOEMCP
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCPInfo
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetStringTypeA
GetStringTypeW
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetStdHandle
RtlUnwind
GetStartupInfoW
CreateThread
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetThreadLocale
GetFileAttributesW
CopyFileW
GetLastError
CloseHandle
UnmapViewOfFile
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
HeapCreate
SetLastError
OutputDebugStringA
TlsFree
GetLocaleInfoA
GetACP
HeapSize
GetVersionExA
HeapDestroy
OpenMutexW

user32

SetScrollInfo
BeginPaint
TranslateMessage
ShowWindow
SetTimer
CloseClipboard
DestroyWindow
PostQuitMessage
GetMessageW
CreateWindowExW
RegisterClassExW
EndPaint
SetScrollPos
UnregisterClassW
IsWindowVisible
DefWindowProcW
RegisterHotKey
FindWindowW
FillRect
PostMessageW
GetSystemMetrics
InvalidateRect
KillTimer
GetScrollPos
MessageBoxW
LoadCursorW
DispatchMessageW
UnregisterHotKey
OpenClipboard
SetClipboardData
MessageBoxA
UpdateWindow
GetScrollInfo
GetClipboardData
GetClientRect
UnregisterClassA

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontW
SetTextColor
TextOutW
DeleteObject
Rectangle
CreateSolidBrush
GetTextColor
LineTo
MoveToEx
DeleteDC

advapi32

SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorSacl
SetNamedSecurityInfoW
RegCreateKeyExW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
RegSetValueExW
SetEntriesInAclW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
GetSecurityDescriptorSacl

shell32

ShellExecuteW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

oleaut32

SysFreeString
SysAllocString

shlwapi

PathIsDirectoryW
PathFileExistsW

ws2_32

accept
getsockname
getsockopt
gethostbyname
WSAAsyncSelect
inet_ntoa
bind
recvfrom
__WSAFDIsSet
sendto
connect
closesocket
select
WSACleanup
WSAStartup
WSACancelBlockingCall
ntohs
htonl
WSAGetLastError
recv
send
ntohl
inet_addr
listen
socket
ioctlsocket
htons
setsockopt
WSAAsyncGetHostByName

iphlpapi

GetIfTable

crypt32

CertFindCertificateInStore
CryptDecodeObject
CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 424KB - Virtual size: 420KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
P2PBase.dll
.dll windows:4 windows x86 arch:x86

2940216d1480e63548325d5597c64249

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cygwin\home\scmpf\compiler_src\panfeng02_562530_win32\0\app\gensoft\p2p\client\build\Release\bin\P2PBase.pdb

Imports

kernel32

CloseHandle
InterlockedDecrement
LoadLibraryW
LoadResource
GetModuleFileNameW
DisableThreadLibraryCalls
GetLastError
lstrlenW
LockResource
GetProcAddress
InterlockedIncrement
FindResourceExW
WideCharToMultiByte
OutputDebugStringA
SizeofResource
FindResourceW
GetTickCount
InitializeCriticalSection
EnterCriticalSection
Sleep
lstrlenA
DeleteCriticalSection
GetCurrentThreadId
SetThreadAffinityMask
LeaveCriticalSection
SetCurrentDirectoryW
GetVersionExW
FileTimeToSystemTime
GetVolumeInformationA
GetModuleHandleW
GlobalFree
GlobalAlloc
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
CreateEventW
ResetEvent
WaitForMultipleObjectsEx
WaitForSingleObject
GetModuleFileNameA
GetSystemDirectoryA
CreateFileW
FormatMessageA
GetCommandLineA
DeleteFileW
GetFileAttributesExW
SetFilePointer
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
GetCurrentProcess
WriteFile
RaiseException
GetLocalTime
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
CancelIo
ReadFileEx
CreateFileA
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ReadFile
GetFileSize
LocalFree
MultiByteToWideChar
LCMapStringW
LCMapStringA
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetVersionExA
GetProcessHeap
ExitThread
CreateThread
GetModuleHandleA
TlsGetValue
TlsAlloc
InterlockedExchange
GetLocaleInfoA
LoadLibraryA
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
RtlUnwind
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
GetStdHandle
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue

user32

PostQuitMessage
TranslateMessage
GetMessageW
DispatchMessageW
DestroyWindow
RegisterClassA
CreateWindowExA
DefWindowProcW
SetTimer
PostMessageW
wvsprintfA
UnregisterClassA

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize

oleaut32

SafeArrayGetUBound
SafeArrayGetDim
SafeArrayGetLBound
SysFreeString
VariantInit
SafeArrayUnaccessData
VariantClear
SysAllocString
SafeArrayCreate
VariantCopy
SafeArrayAccessData
GetErrorInfo

shlwapi

PathFileExistsW
PathFileExistsA

iphlpapi

GetAdaptersInfo

ws2_32

closesocket
setsockopt
socket
WSAAsyncGetHostByName
sendto
ntohs
bind
ntohl
inet_addr
inet_ntoa
htonl
WSAEventSelect
send
select
connect
recv
htons
recvfrom
WSAGetLastError
ioctlsocket
listen
accept
getsockopt
getsockname
WSAAsyncSelect
WSAStartup
WSAIoctl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

create_p2p_task
delete_p2p_peer
delete_p2p_task
delete_p2p_task_async
get_p2p_global_info
get_p2p_id
get_p2p_task_realtime_parameter
get_p2p_version
get_p2phandle_peerinfo
p2p_add_share
p2p_clean_queue
p2p_delete_share
p2p_find_share
p2p_get_runtime_stat
p2p_get_task_stat
p2p_get_verify
p2p_hash_buffer
p2p_initialize
p2p_move_share
p2p_pause_share
p2p_pause_upload
p2p_set_finish
p2p_task_limit_speed
p2p_uninitialize
search_peer
set_p2p_app_path
set_p2p_auto_download
set_p2p_auto_upload
set_p2p_download_speed_max
set_p2p_downloader_mode
set_p2p_ini_filename
set_p2p_local_share
set_p2p_no_submit_share
set_p2p_node_type
set_p2p_server_host
set_p2p_upload_speed_max
set_p2p_uploader_mode
set_share_files_limit
start_p2p_task

Sections

.text
Size: 368KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2PStatReport.dll
.dll windows:4 windows x86 arch:x86

7960e3abe0a843802a579857bf28dcff

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cygwin\home\scmpf\compiler_src\panfeng02_563105_win32\0\app\gensoft\p2p\build\Release\bin\P2PStatReport.pdb

Imports

ws2_32

closesocket
htons
socket
WSAGetLastError
gethostbyname
sendto
inet_ntoa

kernel32

GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCurrentThreadId
OutputDebugStringA
lstrlenA
GetTickCount
GetLastError
InterlockedDecrement
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
GetModuleFileNameW
GlobalFree
LoadResource
GlobalAlloc
WideCharToMultiByte
LockResource
GetVolumeInformationA
GetModuleHandleW
GetACP
DeviceIoControl
CloseHandle
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
TerminateThread
DisableThreadLibraryCalls
GetExitCodeThread
GetVersionExW
lstrcpyW
GetCurrentProcessId
lstrlenW
lstrcatW
CreateProcessW
GetModuleFileNameA
SetEndOfFile
GetLocaleInfoW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetOEMCP
IsValidCodePage
CreateFileW
VirtualProtect
WriteConsoleA
SetStdHandle
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
SetFilePointer
FlushFileBuffers
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapFree
GetProcessHeap
InterlockedIncrement
Sleep
InterlockedExchange
ReadFile
VirtualAlloc
GetProcAddress
GetModuleHandleA
GetSystemInfo
VirtualQuery
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation

user32

DispatchMessageW
SetTimer
GetMessageW
wvsprintfA
UnregisterClassA

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
VariantInit
VariantCopy
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

iphlpapi

GetAdaptersInfo

wininet

HttpSendRequestExW
HttpOpenRequestW
InternetOpenA
InternetCloseHandle
InternetWriteFile
HttpAddRequestHeadersA
InternetConnectW
HttpEndRequestW

Exports

Exports

??0CP2PStatReport@@QAE@PBD000@Z
??1CP2PStatReport@@QAE@XZ
??4CP2PStatReport@@QAEAAV0@ABV0@@Z
?SendReport@CP2PStatReport@@QAEHXZ
?SetServer@CP2PStatReport@@SAXPBDG@Z
?StatAdd@CP2PStatReport@@QAEXPAEI0I@Z
?StatAdd@CP2PStatReport@@QAEX_K0@Z
?StatAdd@CP2PStatReport@@QAEX_KPAEI@Z
?StatAdd@CP2PStatReport@@QAEX_KQAE@Z
?StatAddBinary@CP2PStatReport@@QAEXPAEI0I@Z
?StatAddBinary@CP2PStatReport@@QAEX_KPAEI@Z
?StatAddString@CP2PStatReport@@QAEXPAEI0I@Z
?StatAddString@CP2PStatReport@@QAEX_KPAEI@Z

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P2SBase.dll
.dll windows:4 windows x86 arch:x86

a93036befa690ac83dec3304d3d082a5

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/07/2009, 00:00

Not After

30/07/2012, 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\cygwin\home\scmpf\compiler_src\gengxiandong_539222_win32\0\app\gensoft\p2p\client\build\Release\bin\P2SBase.pdb

Imports

p2pstatreport

??1CP2PStatReport@@QAE@XZ
??0CP2PStatReport@@QAE@PBD000@Z
?StatAdd@CP2PStatReport@@QAEX_K0@Z

kernel32

FindResourceExW
FindResourceW
LockResource
LoadResource
MultiByteToWideChar
GetLastError
lstrlenA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetVersionExW
DisableThreadLibraryCalls
CreateIoCompletionPort
InterlockedIncrement
InterlockedDecrement
ResetEvent
WaitForSingleObject
SetEvent
WaitForMultipleObjectsEx
CreateEventW
CloseHandle
GetExitCodeThread
RaiseException
GetCurrentThreadId
GetModuleFileNameA
GetModuleFileNameW
GetSystemDirectoryA
GetVolumeInformationA
FormatMessageA
GetCommandLineA
LocalFree
OutputDebugStringA
lstrlenW
GetSystemDirectoryW
GetTickCount
FindClose
FindFirstFileW
WriteFile
CopyFileW
SetFileAttributesW
SetEndOfFile
FreeLibrary
SetFilePointer
SystemTimeToTzSpecificLocalTime
GetProcAddress
RemoveDirectoryW
CreateDirectoryW
FileTimeToSystemTime
ReadFile
DeleteFileW
FlushFileBuffers
GetFileAttributesExW
CreateFileW
MoveFileW
SystemTimeToFileTime
LoadLibraryW
GetFileSize
SetFileTime
GetCurrentProcess
GetLocalTime
GetOEMCP
VirtualFree
VirtualAlloc
GetUserDefaultLCID
IsBadWritePtr
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
HeapSize
WideCharToMultiByte
SizeofResource
HeapDestroy
HeapCreate
FatalAppExitA
FindNextFileW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetACP
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
RtlUnwind
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
SetConsoleCtrlHandler
GetTimeZoneInformation
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
GetVersionExA
GetProcessHeap
ExitThread
CreateThread
GetStdHandle
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryW
PathFileExistsW

ws2_32

ntohl
htonl
WSAStartup
gethostbyname
inet_addr
WSACleanup
accept
send
__WSAFDIsSet
recv
getsockopt
connect
select
htons
bind
closesocket
getsockname
ioctlsocket
socket
listen
ntohs
inet_ntoa
WSAGetLastError

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

InternetTimeToSystemTimeA
InternetGetCookieA

winmm

timeGetTime

user32

UnregisterClassA

Exports

Exports

??4CP2SAPI@@QAEAAV0@ABV0@@Z
?Create@CP2SAPI@@SAHAAKAAUP2S_TASK_ITEM@@@Z
?Delete@CP2SAPI@@SAHK@Z
?DeletePeer@CP2SAPI@@SAHK_K@Z
?Init@CP2SAPI@@SAHXZ
?Quit@CP2SAPI@@SAHXZ
?SetRange@CP2SAPI@@SAHKAAUP2SRange@@@Z
?SetTaskHash@CP2SAPI@@SAHKQAE@Z
?Start@CP2SAPI@@SAHK@Z
?StopAsync@CP2SAPI@@SAHK@Z
?StopPeer@CP2SAPI@@SAHK_K@Z
?StopSync@CP2SAPI@@SAHK@Z

Sections

.text
Size: 424KB - Virtual size: 423KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xianfengupdate.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:f3:65:a2:f8:67:60:12:8a:ac:56:c4:1e:82:aa:7e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

29/12/2014, 00:00

Not After

29/12/2015, 23:59

Subject

CN=善君韦,OU=Individual Developer,O=No Organization Affiliation,L=崇左市,ST=广西,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/tools/bdmanager.dll
.dll regsvr32 windows:5 windows x86 arch:x86

793a5d035bc2ccbbe9e559f9836c129e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\bho\bho\Release\bho.pdb

Imports

kernel32

FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
CloseHandle
WideCharToMultiByte
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleFileNameW
lstrcmpiW
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

CharNextW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW

ole32

CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemRealloc

oleaut32

LoadTypeLi
SysStringLen
SysFreeString
LoadRegTypeLi
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
SysAllocString
UnRegisterTypeLi

shlwapi

StrStrW

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

msvcr90

_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
_encoded_null
??3@YAXPAX@Z
wcsstr
malloc
free
memcpy_s
_CxxThrowException
wcscpy_s
wcsncpy_s
wcscat_s
??_V@YAXPAX@Z
__CxxFrameHandler3
_recalloc
memset
_wcsnicmp
_wcsicmp
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_purecall
_except_handler4_common
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/tools/ie10.ico
$APPDATA/tools/ie6.ico
$APPDATA/tools/ie8.ico
$APPDATA/tools/sougou_search.ico
$FAVORITES/Links/全国最给力充值店-淘宝网.url
$FAVORITES/全国最给力充值店-淘宝网.url
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsTools.dll
.dll windows:5 windows x86 arch:x86

17b17a6bda9c980d3181afb69768104c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\nsTools\build\Release unicode\pdb\nsSkinEngineW.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

OpenProcess
Module32NextW
Module32FirstW
GetCurrentProcessId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetPrivateProfileIntW
GetPrivateProfileStringW
WriteFile
CreateFileW
MoveFileExW
TerminateProcess
lstrcmpW
FindFirstFileW
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
GlobalFree
lstrcpyW
CompareStringA
GetProcessHeap
SetEndOfFile
CreateFileA
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
GetCurrentProcess
CloseHandle
CompareStringW
FindNextFileW
HeapFree
GetLocaleInfoW
LoadLibraryA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
SetEnvironmentVariableA
RtlUnwind
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapCreate
HeapDestroy
VirtualFree
FatalAppExitA
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetTimeFormatA

user32

SendMessageW
LoadStringW
wsprintfW
FindWindowW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken

shell32

SHGetFolderPathAndSubDirW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

PathFileExistsW
PathAppendW

Exports

Exports

CheckPath
FindModuleInProcessByDirectoryAndKillProcess
FindModuleInProcessByNameAndKillProcess
FindModuleInProcessByPathAndKillProcess
FindParentProcess
FindShortCutPath
JustDoIt
KillProcessByID
KillProcessByName
Log
SetHomePage

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 3.9MB

.ndata Size: - Virtual size: 692KB

.rsrc Size: 16KB - Virtual size: 15KB

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

a610acde1f6a9bf4f5c18fd9c61833ec

Headers

File Characteristics

PDB Paths

Imports

psapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 200KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 9KB

f4f76ee7fd7311a49aedda549ac442f9

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

59:c2:07:21:72:c5:90:d2:d4:3d:e9:f3:bc:4f:33:c5Certificate

Extended Key Usages

Key Usages

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8Certificate

Extended Key Usages

Key Usages

3dCertificate

Key Usages

01Certificate

Key Usages

40:64:f2:bb:1b:38:6b:11:c5:a3:18:8b:be:a5:55:45:c1:90:5c:10Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

shlwapi

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 3.9MB

.ndata
Size: - Virtual size: 692KB

.rsrc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 200KB - Virtual size: 200KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 9KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

59:c2:07:21:72:c5:90:d2:d4:3d:e9:f3:bc:4f:33:c5
Certificate

25:e7:3b:77:32:8e:5c:a0:aa:57:f8:65:68:dc:f6:e8
Certificate

3d
Certificate

01
Certificate

40:64:f2:bb:1b:38:6b:11:c5:a3:18:8b:be:a5:55:45:c1:90:5c:10
Signer

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 512B - Virtual size: 436B

aa:69:8d:f3:65:af:30:93:d3:74:00:ef:d3:2e:50:da:7e:cb:e4:a6
Signer

.text
Size: 81KB - Virtual size: 80KB

.itext
Size: 3KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 3KB

.bss
Size: - Virtual size: 21KB

.idata
Size: 4KB - Virtual size: 3KB

.tls
Size: - Virtual size: 8B

.rdata
Size: 512B - Virtual size: 24B

.rsrc
Size: 112KB - Virtual size: 111KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

2b:f3:65:a2:f8:67:60:12:8a:ac:56:c4:1e:82:aa:7e
Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 692KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B