d693786771814da1068d3422e659dcc4

Sharing

Copy URL

Twitter E-mail

General

Target

d693786771814da1068d3422e659dcc4
Size

631KB
MD5

d693786771814da1068d3422e659dcc4
SHA1

a04a3ba508faacd82f7a787722610ba83bb33805
SHA256

79551a4bc7453a47bf6ecabe218c80f7d8d57bb41a9900541d86d990b5cc8188
SHA512

b7e85b731fefeca6c9cbeccf2e32df5fd849acef3c63345a117b80eed2b6be1d7a3455ffd74e75d987491634e4db99e4d4f85cc1b8dd06681f77f7fb8413f187
SSDEEP

12288:ynMPoeOAiL2UhOZ3dPwRnpGxabI1NOrwM1qVEW81XFmHfa:mMPoesL2UU3NusxabI1NOrnTW898a

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/CommonFuncDll.dll
unpack001/$PLUGINSDIR/Loader.exe
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

d693786771814da1068d3422e659dcc4
.exe windows:5 windows x86 arch:x86

03e79a94d0dcb51acdcf1e8fbb5bd993

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

01-12-2016 00:00

Not After

24-01-2019 23:59

Subject

CN=PPLive Corporation,OU=R&D Center,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30-11-2016 00:00

Not After

24-01-2019 23:59

Subject

CN=PPLive Corporation,OU=R&D Center,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:4e:c9:85:c2:dd:51:3c:a5:17:cd:e4:b9:35:0f:07:3e:3f:7b:e6:8b:33:c7:77:02:ef:3f:86:54:7f:78:e0
Signer

Actual PE Digest

14:4e:c9:85:c2:dd:51:3c:a5:17:cd:e4:b9:35:0f:07:3e:3f:7b:e6:8b:33:c7:77:02:ef:3f:86:54:7f:78:e0

Digest Algorithm

sha256

PE Digest Matches

true

31:15:7a:04:5c:5a:13:c1:42:06:2c:1f:84:bf:af:9d:f4:02:a9:7c
Signer

Actual PE Digest

31:15:7a:04:5c:5a:13:c1:42:06:2c:1f:84:bf:af:9d:f4:02:a9:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
SetFileTime
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
LocalFree
WideCharToMultiByte
OutputDebugStringA
GetCommandLineW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryA
CreateProcessA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
RemoveDirectoryA
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
MulDiv
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

ScreenToClient
GetMessagePos
CallWindowProcA
IsWindowVisible
LoadBitmapA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
CheckDlgButton
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageA
FindWindowExA
LoadCursorA
SetCursor
GetWindowLongA
GetSysColor
CharNextA
ExitWindowsEx
DialogBoxParamA
DestroyWindow
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
PostMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SendMessageTimeoutA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegEnumKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumValueA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BindDLL.dll
.dll windows:4 windows x86 arch:x86

c1b3b5bca8b585a3dee2226573825a4f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-10-2012 00:00

Not After

09-01-2016 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:7e:81:be:30:30:84:12:96:74:7f:34:8f:6e:97:b0:28:c5:08:99
Signer

Actual PE Digest

8b:7e:81:be:30:30:84:12:96:74:7f:34:8f:6e:97:b0:28:c5:08:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord537
ord6467
ord825
ord800
ord535
ord1168
ord3147
ord2554
ord823
ord858
ord860
ord6663
ord926
ord2827
ord4202
ord5710
ord4129
ord1176
ord1575
ord1116
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord540
ord2512
ord600
ord826
ord4486
ord6375
ord2818
ord4274
ord269

msvcrt

_atoi64
__CxxFrameHandler
__dllonexit
_mbscmp
_purecall
_initterm
_onexit
malloc
??1type_info@@UAE@XZ
_adjust_fdiv
free

kernel32

LocalFree
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree
GetCommandLineA
OutputDebugStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
DeleteFileA
GetProcAddress
FreeLibrary
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
LocalAlloc

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathA

shlwapi

PathRemoveFileSpecA
PathAppendA
PathFileExistsA

msvcp60

??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ

Exports

Exports

ParserBindINI

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CommonFuncDll.dll
.dll windows:5 windows x86 arch:x86

f0b3dd0741e7e29596d04d99a5b34a7a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\installPacket\winclient\output\Win32_Release\pdb\CommonFuncDll.pdb

Imports

kernel32

GetSystemInfo
SystemTimeToFileTime
GetTickCount
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
GetTempPathA
CreateDirectoryW
GetFullPathNameA
CreateFileA
DeleteFileA
FindFirstFileA
FindNextFileA
GetVersionExA
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersion
LocalAlloc
LocalFree
GetCurrentThreadId
WriteFile
FlushFileBuffers
lstrcmpiA
lstrcpyA
GetCommandLineA
GetEnvironmentVariableA
GetEnvironmentVariableW
OutputDebugStringA
RemoveDirectoryA
SetFileAttributesW
GlobalFree
lstrcpynA
GlobalAlloc
CloseHandle
FindClose
ReadFile
GetVersionExW
GetFileSize
WaitForMultipleObjects
WaitForSingleObject
SetLastError
TerminateThread
CreateThread
GetCurrentProcessId
GetCurrentProcess
OpenProcess
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
lstrlenA
WideCharToMultiByte
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DeviceIoControl
LoadLibraryW
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
CreateFileW
SetStdHandle
DecodePointer
OutputDebugStringW
LoadLibraryExW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
GetFileType
GetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
LockResource
GetLocalTime
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwind
GetCPInfo
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc

user32

wsprintfW
SendMessageA
wsprintfA

advapi32

CryptDestroyKey
RegOpenKeyExW
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
SetEntriesInAclA
CryptDestroyHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptGenRandom
CryptGetProvParam
CryptGetKeyParam
CryptSetKeyParam
RegQueryValueExW
CryptGenKey
CryptReleaseContext
CryptAcquireContextA
GetNamedSecurityInfoA
GetEffectiveRightsFromAclA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
SHGetSpecialFolderPathW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
PropVariantClear
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

SysStringLen
VarBstrCmp
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathAppendA
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecW
SHStrDupW
UrlUnescapeA
PathAppendW

wininet

HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
InternetCloseHandle
InternetOpenA
InternetCanonicalizeUrlA

winmm

timeGetTime

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain

crypt32

CertGetNameStringA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

urlmon

URLDownloadToFileW

Exports

Exports

??0MD5Sum@@QAE@ABV0@@Z
??0MD5Sum@@QAE@ABV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@@Z
??0MD5Sum@@QAE@PBEI@Z
??0MD5Sum@@QAE@PB_W@Z
??0MD5Sum@@QAE@XZ
??1MD5Sum@@QAE@XZ
??4MD5Sum@@QAEAAV0@ABV0@@Z
?Calculate@MD5Sum@@QAE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@ABV23@@Z
?Calculate@MD5Sum@@QAE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PBEI@Z
?Calculate@MD5Sum@@QAE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PB_W@Z
?GetHash@MD5Sum@@QBE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@XZ
?GetRawHash@MD5Sum@@QBEPBEXZ
?MD5Final@@YAXQAEPAUMD5_CTX@@@Z
?MD5Init@@YAXPAUMD5_CTX@@@Z
?MD5Update@@YAXPAUMD5_CTX@@PBEI@Z
AddForProc
AddToVideosLibrary
AddTrustSign
AsyncRMVersionDir
CheckEveryone
CheckFFMpeg
CheckForProc
CheckParentSign
CheckSound
CleanForProc
ConnectTypeFile
CreateHotChannel
CreatePPFoldersAndShortcut
DecodeConfigInfo
EncodeConfigInfo
Encrypt
GetAllUserDocumentPath
GetCommentsInfoDll
GetCurUserDocumentPath
GetHardDiskID
GetLocalFileTime
GetPPCustomName
GetParentProcessName
HTTPDownloadThread
IsFlagSet
IsMultiCore
PPGetDiskId
PPShortcutAddProp
RMAllVersionDir
RMNotUsedVersionDir
RMOldVersionDir
RemoveFolderFromLibrary
RestartAsAdmin
URLEncode
UnRegisterAllLink
UserFirstLoginTime
VerPPSign
WaitForProc

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

c53888ac9334ded2b5cf4282180fc0f9

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-10-2012 00:00

Not After

09-01-2016 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:19:0c:d9:a3:37:00:05:8d:d2:7f:36:f7:c4:f5:4c:4a:5d:f5:57
Signer

Actual PE Digest

fa:19:0c:d9:a3:37:00:05:8d:d2:7f:36:f7:c4:f5:4c:4a:5d:f5:57

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strchr
strrchr

kernel32

CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcatA
SleepEx
lstrlenA
MulDiv
WriteFile
GetLastError
GlobalFree
DeleteFileA
CloseHandle
lstrcpynA

user32

SetWindowLongA
wsprintfA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
ShowWindow
GetDlgItem
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
SendMessageA
SetWindowTextA
RegisterWindowMessageA

wininet

InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile
InternetErrorDlg

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Loader.exe
.exe windows:5 windows x86 arch:x86

357e545fc3a2a533859a7713b717522f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\installPacket\winclient\output\Win32_Release\pdb\Loader.pdb

Imports

kernel32

RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
SizeofResource
CreateProcessA
GetEnvironmentVariableA
OutputDebugStringA
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
Sleep
lstrcpyA
LoadLibraryA
GetTempPathA
GetTempFileNameA
CopyFileA
GetProcessHeap
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
FreeEnvironmentStringsW
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
DecodePointer
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
LoadLibraryExW
GetModuleFileNameW
WriteFile
GetStdHandle
GetModuleHandleW
CloseHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RtlUnwind
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetCommandLineA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId

user32

DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
CharNextA
UpdateWindow
PostQuitMessage
RegisterClassExA
CreateWindowExA
ShowWindow
LoadCursorA
PostMessageA
IsWindow

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CreateBindCtx
CoTaskMemFree
CoInitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen

shlwapi

StrStrIW
PathAppendA
PathFindExtensionA
PathFindFileNameA

wininet

InternetCrackUrlA

urlmon

RevokeBindStatusCallback
RegisterBindStatusCallback
CreateURLMoniker

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MyButtonLinker.dll
.dll windows:4 windows x86 arch:x86

e5caeef9b9db0703f6d72352f41dc4ed

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:7f:4d:7d:6c:1a:2b:a7:ef:81:d5:0c:89:d7:65
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

19-11-2009 00:00

Not After

18-11-2012 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:52:8f:56:28:8f:ef:f7:57:78:6c:47:25:f4:3c:13:cf:d9:37:45
Signer

Actual PE Digest

e6:52:8f:56:28:8f:ef:f7:57:78:6c:47:25:f4:3c:13:cf:d9:37:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord800
ord795
ord2614
ord540
ord1929
ord4275
ord5290
ord5277
ord6199
ord3874
ord5981
ord6215
ord858
ord535
ord4299
ord3797
ord6880
ord941
ord5572
ord2915
ord1200
ord926
ord2818
ord860
ord5875
ord825
ord3619
ord3626
ord3663
ord2414
ord1641
ord2860
ord3259
ord2864
ord4353
ord3402
ord3721
ord567
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord537
ord6467
ord6241
ord823
ord1176
ord1575
ord1168
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord2859
ord3798
ord1578
ord600
ord826
ord269
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord2379
ord6055
ord1116

msvcrt

__CxxFrameHandler
strstr
_mbsstr
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

LocalFree
GlobalAlloc
lstrcpynA
GlobalFree
GetModuleHandleA
GetModuleFileNameA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
LocalAlloc

user32

PtInRect
MessageBeep
LoadCursorA
CopyIcon
InflateRect
SendMessageA
IsWindow
GetSysColor
SetCursor
ReleaseCapture
GetWindowRect
GetClientRect
BeginPaint
wsprintfA
EnableWindow
GetParent
SetCapture
InvalidateRect
ReleaseDC
GetDC
EndPaint

gdi32

GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
CreateFontA

advapi32

RegOpenKeyExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteA

Exports

Exports

CreateLinker

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPBindDAC.dll
.dll windows:4 windows x86 arch:x86

29f8ee0fe4380af88e2369708a7c1fee

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01-05-2012 00:00

Not After

31-12-2012 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-10-2012 00:00

Not After

09-01-2016 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:4b:31:80:06:5e:eb:07:23:18:4a:27:65:fd:bd:ec:c4:21:aa:55
Signer

Actual PE Digest

c1:4b:31:80:06:5e:eb:07:23:18:4a:27:65:fd:bd:ec:c4:21:aa:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord6467
ord537
ord5302
ord668
ord858
ord535
ord2781
ord3181
ord3178
ord4058
ord2770
ord356
ord860
ord823
ord540
ord2818
ord5572
ord2915
ord1116
ord941
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord1168
ord1575
ord1176
ord800
ord939

msvcrt

isalnum
wcslen
__CxxFrameHandler
strtoul
_mbscmp
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit

kernel32

LocalAlloc
lstrcpynA
GlobalFree
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
OutputDebugStringA
CreateProcessA
GetPrivateProfileStringA
GetEnvironmentVariableA
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
LocalFree

shlwapi

PathFileExistsA
PathAppendA

msvcp60

??1Init@ios_base@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

Exports

Exports

AddChannelName
AddCustomName
AddFinishSoftID
AddProductName
AddSoftID
AddSourceChannelName
Clean
Upload
UploadFinish

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PictureWindow.dll
.dll windows:4 windows x86 arch:x86

97c005c0142077e3e445df4a2487c78e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-10-2012 00:00

Not After

09-01-2016 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:86:16:25:07:21:22:38:92:be:5c:23:14:62:7f:4c:e2:f2:88:b4
Signer

Actual PE Digest

8f:86:16:25:07:21:22:38:92:be:5c:23:14:62:7f:4c:e2:f2:88:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA

mfc42

ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord3721
ord567
ord825
ord795
ord4275
ord2393
ord665
ord1979
ord1567
ord5442
ord268
ord3318
ord5186
ord354
ord1168
ord755
ord6605
ord470
ord6453
ord823
ord800
ord540
ord2818
ord535
ord858
ord4274
ord6375
ord4486
ord2554
ord5163
ord5731
ord3830
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord3953
ord4622
ord3738
ord561
ord815
ord2116
ord2864
ord537
ord6467
ord6241
ord860
ord6385
ord1116
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord2385
ord5241
ord4407
ord1776
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord3922
ord6374
ord4078
ord6055
ord342
ord1182
ord1577
ord1575
ord1176
ord2512

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_mbscmp
__CxxFrameHandler
memcpy
_beginthreadex
memcmp
free
malloc
_initterm
_adjust_fdiv

kernel32

LocalFree
lstrcpynA
CreateThread
GetModuleHandleA
GetModuleFileNameA
LoadLibraryA
GetCurrentThreadId
OutputDebugStringA
SetEvent
ResetEvent
WaitForSingleObject
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
CloseHandle
CreateEventA
LocalAlloc

user32

SetRect
ReleaseDC
GetCursorPos
GetWindowRect
GetDC
InvalidateRect
FillRect
GetClientRect
GetSysColor
EnableWindow
IsWindow
KillTimer
SetTimer
SetCursor
LoadCursorA
SendMessageA
PtInRect

gdi32

SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateSolidBrush
StretchBlt
SetStretchBltMode
BitBlt
GetDeviceCaps
DeleteObject

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

ole32

CreateStreamOnHGlobal

olepro32

ord251

msvcp60

??0_Winit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

ClearFunc
CreatePictureWindowFunc
KillTimerFunc
LoadImageFunc
NewDownloadPictureThread
SetTimerFunc
ShowNextPictureFunc
SubClassWindowFunc

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10-10-2012 00:00

Not After

09-01-2016 23:59

Subject

CN=PPLive Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Planning Dept.,O=PPLive Corporation,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/baiduleft.jpg
.jpg
$PLUGINSDIR/baidusobar.jpg
.jpg
$PLUGINSDIR/finish_header.jpg
.jpg
$PLUGINSDIR/finish_header_en.jpg
.jpg
$PLUGINSDIR/gtapi_signed.dll
.dll windows:4 windows x86 arch:x86

7ffe854b1d056041e067b211f52d2336

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-06-2007 00:00

Not After

18-06-2010 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7f:49:f1:ae:00:b6:0e:1b:16:b2:e8:21:97:1a:8f:5a:54:fe:ce:ee
Signer

Actual PE Digest

7f:49:f1:ae:00:b6:0e:1b:16:b2:e8:21:97:1a:8f:5a:54:fe:ce:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gtapi.pdb

Imports

kernel32

GetVersion
GetProcAddress
GetCurrentProcessId
lstrlenA
LoadLibraryW
LocalFree
Sleep
FreeLibrary
GetLocalTime
LoadLibraryA
LocalAlloc
GetFileAttributesW
GetModuleFileNameW
GetModuleFileNameA
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
OpenProcess
GetACP
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
SetLastError
lstrcmpA
GetLastError
CloseHandle
GetVersionExA
GetModuleHandleW
GetCPInfo
OutputDebugStringA

user32

EnumChildWindows
GetClassNameA
FindWindowExA
MessageBoxA
CharUpperA
CharNextA
PostMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA

Exports

Exports

CanReOfferToolbar
CancelToolbarInstall
GetToolbarInstallerProgress
PrepToolbarForReOffer
ToolbarCompatibilityCheck

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nocommend.png
.jpg
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/recommend-cn.jpg
.jpg
$PLUGINSDIR/recommend-en.jpg
.jpg
$PLUGINSDIR/upgrade_bg1.bmp
$PLUGINSDIR/upgradepage_title.bmp

Sharing

General

Malware Config

Signatures

Files

03e79a94d0dcb51acdcf1e8fbb5bd993

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

14:4e:c9:85:c2:dd:51:3c:a5:17:cd:e4:b9:35:0f:07:3e:3f:7b:e6:8b:33:c7:77:02:ef:3f:86:54:7f:78:e0Signer

31:15:7a:04:5c:5a:13:c1:42:06:2c:1f:84:bf:af:9d:f4:02:a9:7cSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 107KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 174KB - Virtual size: 173KB

c1b3b5bca8b585a3dee2226573825a4f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:dbCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

8b:7e:81:be:30:30:84:12:96:74:7f:34:8f:6e:97:b0:28:c5:08:99Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

shlwapi

msvcp60

Exports

Exports

Sections

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:e1:77:19:b0:92:16:4c:d3:ea:fd:fa:44:e8:5b:a1
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

19:4d:a4:e4:52:44:46:f7:c6:e3:d3:6e:0f:7b:28:86
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

14:4e:c9:85:c2:dd:51:3c:a5:17:cd:e4:b9:35:0f:07:3e:3f:7b:e6:8b:33:c7:77:02:ef:3f:86:54:7f:78:e0
Signer

31:15:7a:04:5c:5a:13:c1:42:06:2c:1f:84:bf:af:9d:f4:02:a9:7c
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 107KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 174KB - Virtual size: 173KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

8b:7e:81:be:30:30:84:12:96:74:7f:34:8f:6e:97:b0:28:c5:08:99
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 840B

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 21KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 11KB - Virtual size: 10KB

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

70:d9:a6:4c:ff:b3:e1:f6:49:29:ef:fd:88:f4:7e:db
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

fa:19:0c:d9:a3:37:00:05:8d:d2:7f:36:f7:c4:f5:4c:4a:5d:f5:57
Signer

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB