fae4807172d9bf52ba5a0602882abf8d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fae4807172d9bf52ba5a0602882abf8d_JaffaCakes118
Size

9.2MB
MD5

fae4807172d9bf52ba5a0602882abf8d
SHA1

b9eecd4f10285781cc5b55f7ce9768e541ff4432
SHA256

28a5dbb80a8178c23edefc8ead5c812ba5bfb9078fb5ad3c624dee8eed10537f
SHA512

2a3cc3eb9513998241deb84616b3c1218e6007a58cb1c67ea604a0d8c0180be97efde4db8ce2b3bf8953628f52d1291fe17743ff6f48fd01085b6344269bfd13
SSDEEP

196608:3zFXfW7YCc7BNQR5zevFOhbyy96ZEiWow/92vNb6kSUPRWx:39fAc7kxmIRyIiWT9296c2

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$_2_/CCTVPlayer.ocx	acprotect
static1/unpack001/$_2_/CCTVUpdateInstall.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$_2_/CCTVPlayer.ocx	upx
static1/unpack001/$_2_/CCTVUpdateInstall.dll	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$R1/npstartservicep.dll
unpack001/$R1/npuuseep.dll
unpack001/$SYSDIR/GdiPlus.dll
unpack001/$SYSDIR/apphelp.dll
unpack002/out.upx
unpack003/out.upx
unpack001/$_2_/npstartservicep.dll
unpack001/$_2_/npuuseep.dll
unpack001/$_2_/rmsp011.ax
unpack004/$PLUGINSDIR/FindProcDLL.dll
unpack004/$PLUGINSDIR/KillProcDLL.dll
unpack004/$PLUGINSDIR/nsExec.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$_2_/uninst.exe	nsis_installer_1
static1/unpack001/$_2_/uninst.exe	nsis_installer_2

Files

fae4807172d9bf52ba5a0602882abf8d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d4:6c:bd:ba:3c:8b:bb:52:9c:de:f8:3f:12:a9:00:24:66:47:87:77
Signer

Actual PE Digest

d4:6c:bd:ba:3c:8b:bb:52:9c:de:f8:3f:12:a9:00:24:66:47:87:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ConvertStringSidToSidA
LookupAccountNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
GetUserNameA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetNamedSecurityInfoA
OpenProcessToken
LookupAccountSidA
ConvertSidToStringSidA
GetSidSubAuthority
GetSidSubAuthorityCount

kernel32

lstrcmpiA
lstrcpyA
LocalAlloc
lstrlenA
LocalFree
GetLastError
GlobalFree
lstrcpynA
GlobalAlloc
GetFileAttributesA
CloseHandle
GetCurrentProcess
lstrcatA

user32

wsprintfA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
IsUserTheAdministrator
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$R1/npstartservicep.dll
.dll windows:5 windows x86 arch:x86

a5f969081a67bbfded70752d9bbd68ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\Mozilla Firefox\plugins\npstartservicep.pdb

Imports

kernel32

RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetCommandLineA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
FileTimeToSystemTime
GetModuleHandleW
GetThreadLocale
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
InterlockedIncrement
GetCurrentProcessId
GlobalFlags
lstrcmpA
FormatMessageA
MulDiv
SetErrorMode
GetModuleFileNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
WideCharToMultiByte
CompareStringA
LoadLibraryA
GetLastError
SetLastError
MultiByteToWideChar
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
SizeofResource
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
VirtualFree
FreeResource

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
UnregisterClassA
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
EnableWindow
UpdateWindow
FrameRect
DefWindowProcA
IsWindowVisible
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CharUpperA
RegisterClipboardFormatA
GetWindowLongA
InvalidateRect
SetWindowLongA
BeginPaint
GetClientRect
DrawTextA
EndPaint
EndDialog
SendMessageA
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
GetMenu
CallWindowProcA
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
MoveWindow

gdi32

ExtSelectClipRgn
DeleteDC
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
VariantClear

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R1/npuuseep.dll
.dll windows:5 windows x86 arch:x86

ae16462ba4ca0932b9c5eaf536e2af2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\npuuseep.pdb

Imports

kernel32

HeapFree
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
HeapAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
GetModuleHandleW
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
GlobalFlags
lstrcmpA
GetCurrentProcessId
SetErrorMode
GetModuleFileNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetThreadLocale
WideCharToMultiByte
InterlockedIncrement
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualFree
OutputDebugStringA

user32

MessageBeep
GetNextDlgGroupItem
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
UnregisterClassA
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClientRect
EnableWindow
UpdateWindow
FrameRect
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PostThreadMessageA
CharUpperA
RegisterClipboardFormatA
DefWindowProcA
GetWindowLongA
InvalidateRect
SetWindowLongA
BeginPaint
DrawTextA
EndPaint
CharNextA
GetWindow
GetDlgCtrlID
CopyRect
PtInRect
OffsetRect
SendMessageA
GetParent
GetDlgItem
IsWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
SetWindowPos
GetMenu
CallWindowProcA
GetMenuState

gdi32

ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
GetStockObject
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectA
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID

oleaut32

OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/GdiPlus.dll
.dll windows:5 windows x86 arch:x86

7941976a82dd7ff8b1a2ea069878fab3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetOEMCP
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
InterlockedExchange
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
DisableThreadLibraryCalls
RaiseException
Sleep
CloseHandle
WriteFile
CreateFileA
WaitForSingleObject
SetEvent
lstrcmpiA
CreateThread
CreateEventA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
GetSystemDefaultLCID
GetProcAddress
GetModuleHandleW
GetACP
GetVersionExA
VirtualQuery
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
GetCommandLineA
GetSystemInfo
HeapReAlloc
HeapFree
VirtualAlloc
IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
IsDBCSLeadByteEx
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
GetFileTime
SearchPathW
SearchPathA
InterlockedIncrement
CreateSemaphoreA
lstrcpyW
lstrcatW
LoadLibraryW
lstrcpyA
lstrcatA
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetProfileSectionA
CreateFileW
SetEndOfFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
GetLastError
VirtualFree
GlobalAlloc
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
GetSystemDirectoryW
GetWindowsDirectoryA
FreeLibrary
HeapDestroy
LoadLibraryA

user32

ReleaseDC
LoadBitmapW
LoadBitmapA
wsprintfW
SystemParametersInfoA
GetDC
wsprintfA
GetSysColor
UnregisterClassA
DestroyWindow
GetSystemMetrics
DefWindowProcA
CreateWindowExA
RegisterClassA
DispatchMessageA
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
GetClientRect
GetDesktopWindow
GetWindowRect
WindowFromDC
CreateIconIndirect
GetIconInfo
ClientToScreen
wvsprintfA
GetDCEx
GetWindowLongA
GetClassLongA

gdi32

GetNearestPaletteIndex
GetDIBColorTable
FillRgn
SetMiterLimit
CreateSolidBrush
StrokePath
GetGraphicsMode
SetPolyFillMode
FillPath
StrokeAndFillPath
GetViewportExtEx
ExtTextOutA
GetTextCharsetInfo
TranslateCharsetInfo
PolylineTo
Polyline
LineTo
GetCurrentPositionEx
ArcTo
SetArcDirection
SelectClipPath
GetPath
CloseFigure
AbortPath
FlattenPath
WidenPath
BeginPath
Ellipse
AngleArc
PolyBezierTo
PolyBezier
RoundRect
PolyDraw
Pie
Chord
Arc
EndPath
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
MoveToEx
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
StretchBlt
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreatePen
CreateDIBitmap
CreatePatternBrush
ExtSelectClipRgn
GetBkMode
GetTextAlign
ModifyWorldTransform
ExtCreateRegion
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
StretchDIBits
SetTextAlign
SetTextJustification
PolyPolygon
PlayMetaFileRecord
ExtCreatePen
GetWorldTransform
GetROP2
SetROP2
Rectangle
Polygon
IntersectClipRect
SetBrushOrgEx
GetClipRgn
SelectClipRgn
GetBkColor
GetTextColor
CreatePenIndirect
GetObjectW
DPtoLP
CreateDIBPatternBrushPt
ExtTextOutW
SetBitmapBits
CreateEnhMetaFileW
GdiComment
GetMetaFileW
GetMetaFileA
SaveDC
SetWindowOrgEx
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreatePalette
GetSystemPaletteEntries
GetSystemPaletteUse
GetDeviceCaps
ExtEscape
GetObjectType
GetPixel
SetDIBColorTable
DeleteObject
SelectPalette
GetTextFaceA
GetTextMetricsA
GetTextFaceW
GetTextMetricsW
EnumFontFamiliesExA
EnumFontFamiliesExW
SelectObject
CreateFontIndirectW
CreateFontIndirectA
GetRegionData
DeleteDC
CreateDCA
CreateICA
CreateRectRgn
GetRandomRgn
LPtoDP
GetWindowExtEx
PolyPolyline
GetWindowOrgEx
GetViewportOrgEx
GetMapMode
SetICMMode
Escape
GetDCOrgEx
GetObjectA
GetCurrentObject
GetDIBits
CreateCompatibleDC
CreateDIBSection
RealizePalette
GetPaletteEntries
GdiFlush
PatBlt
CreateBrushIndirect

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

advapi32

RegSetValueExA
RegCloseKey
RegEnumValueW
RegQueryInfoKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExA
RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExW
RegSetValueExW
RegEnumValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/apphelp.dll
.dll windows:5 windows x86 arch:x86

dec06903c26449c624097810a1a654c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

apphelp.pdb

Imports

kernel32

RaiseException
InterlockedExchange
FreeLibrary
LocalAlloc
VerLanguageNameW
GetSystemDirectoryW
GetFileAttributesW
GetCurrentDirectoryW
CreateFileW
SetFilePointer
WriteFile
FindFirstFileW
FindNextFileW
FindClose
GetLongPathNameW
GetModuleHandleW
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
CloseHandle
GetSystemWindowsDirectoryW
GetLastError
GetUserDefaultUILanguage
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
BaseDumpAppcompatCache
BaseFlushAppcompatCache
GetDriveTypeW
BaseCheckAppcompatCache
BaseUpdateAppcompatCache
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
LoadLibraryA

ntdll

NtUnmapViewOfSection
NtProtectVirtualMemory
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtQuerySystemInformation
NtQueryVirtualMemory
RtlAnsiStringToUnicodeString
RtlxAnsiStringToUnicodeSize
NlsMbCodePageTag
RtlInitString
RtlGetFullPathName_U
RtlUnicodeStringToInteger
DbgPrint
NtWriteFile
NtQueryAttributesFile
NtQueryInformationProcess
RtlGetVersion
NtSetInformationFile
RtlInitAnsiString
strpbrk
strspn
qsort
RtlGUIDFromString
NtQueryInformationFile
NtQueryKey
NtCreateKey
NtSetValueKey
NtSetInformationKey
NtDeleteKey
NtDeleteValueKey
wcspbrk
_vsnprintf
sprintf
strncpy
strchr
atol
isdigit
wcscmp
RtlSecondsSince1970ToTime
RtlUpcaseUnicodeChar
toupper
RtlUpcaseUnicodeString
RtlCopyUnicodeString
RtlUpcaseUnicodeToMultiByteN
LdrAccessResource
LdrFindResource_U
RtlUnwind
NtCreateSection
NtMapViewOfSection
RtlQueryEnvironmentVariable_U
RtlTimeToTimeFields
NtOpenFile
NtQueryDirectoryFile
_wcsnicmp
wcsspn
RtlFormatCurrentUserKeyPath
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
_alloca_probe
wcschr
_snwprintf
RtlDoesFileExists_U
wcsncpy
swprintf
RtlDuplicateUnicodeString
LdrGetDllHandle
RtlDosPathNameToNtPathName_U
NtCreateFile
RtlpEnsureBufferSize
RtlNtPathNameToDosPathName
wcscpy
RtlStringFromGUID
RtlFreeHeap
RtlFreeUnicodeString
RtlExpandEnvironmentStrings_U
NtOpenKey
NtQueryValueKey
NtClose
_wcsicmp
wcscat
wcsrchr
RtlInitUnicodeString
RtlUnicodeStringToAnsiString
RtlFreeAnsiString
wcslen
RtlAllocateHeap
NtEnumerateValueKey
memmove

Exports

Exports

AllowPermLayer
ApphelpCheckExe
ApphelpCheckIME
ApphelpCheckInstallShieldPackage
ApphelpCheckMsiPackage
ApphelpCheckRunApp
ApphelpCheckShellObject
ApphelpFixMsiPackage
ApphelpFixMsiPackageExe
ApphelpFreeFileAttributes
ApphelpGetFileAttributes
ApphelpGetNTVDMInfo
ApphelpQueryModuleData
ApphelpShowDialog
ApphelpShowUI
ApphelpUpdateCacheEntry
GetPermLayers
SdbCloseApphelpInformation
SdbCloseDatabase
SdbCreateMsiTransformFile
SdbDeletePermLayerKeys
SdbEnumMsiTransforms
SdbFindFirstMsiPackage
SdbFindFirstMsiPackage_Str
SdbFindFirstNamedTag
SdbFindFirstTag
SdbFindFirstTagRef
SdbFindNextMsiPackage
SdbFindNextTag
SdbFindNextTagRef
SdbFreeFlagInfo
SdbGetBinaryTagData
SdbGetDatabaseID
SdbGetDatabaseMatch
SdbGetDatabaseVersion
SdbGetEntryFlags
SdbGetFirstChild
SdbGetMsiPackageInformation
SdbGetNextChild
SdbGetPermLayerKeys
SdbGetStandardDatabaseGUID
SdbGetStringTagPtr
SdbGetTagDataSize
SdbGetTagFromTagID
SdbGrabMatchingInfo
SdbGrabMatchingInfoEx
SdbInitDatabase
SdbOpenApphelpDetailsDatabase
SdbOpenApphelpDetailsDatabaseSP
SdbOpenApphelpInformation
SdbOpenDatabase
SdbQueryApphelpInformation
SdbQueryData
SdbQueryDataEx
SdbQueryFlagInfo
SdbReadBYTETag
SdbReadBYTETagRef
SdbReadBinaryTag
SdbReadDWORDTag
SdbReadDWORDTagRef
SdbReadEntryInformation
SdbReadMsiTransformInfo
SdbReadQWORDTag
SdbReadQWORDTagRef
SdbReadStringTag
SdbReadStringTagRef
SdbReadWORDTag
SdbReadWORDTagRef
SdbRegisterDatabase
SdbRegisterDatabaseEx
SdbReleaseDatabase
SdbResolveDatabase
SdbSetPermLayerKeys
SdbTagIDToTagRef
SdbTagRefToTagID
SdbTagToString
SdbUnregisterDatabase
SetPermLayers
ShimDumpCache
ShimFlushCache

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/nsisweb.exe
.exe windows:4 windows x86 arch:x86

9f0b5a46eefc5ec9c61f27de009462af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f5:1d:f4:81:e0:c8:a1:bb:1c:76:72:33:9b:c0:4c:72:82:da:01:5d
Signer

Actual PE Digest

f5:1d:f4:81:e0:c8:a1:bb:1c:76:72:33:9b:c0:4c:72:82:da:01:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaLateIdCall
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
_adj_fprem1
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
_CIsin
__vbaChkstk
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaI2I4
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
EVENT_SINK_Release
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
ord712
_adj_fprem
_adj_fdivr_m64
__vbaFPException
_CIlog
__vbaErrorOverflow
__vbaNew2
__vbaR8Str
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaLateMemCall
__vbaVarDup
__vbaR8IntI2
_CIatan
__vbaStrMove
__vbaAryCopy
__vbaR8IntI4
_allmul
__vbaLateIdSt
_CItan
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/nsisweb.swf
$_2_/$PROGRAMFILES/shop.ico
$_2_/CCTVPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bf
Signer

Actual PE Digest

59:50:c3:e6:fa:00:fb:18:17:06:d5:44:58:ec:32:d8:d8:52:a8:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 592KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 327KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 556KB - Virtual size: 553KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/CCTVUpdateInstall.dll
.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d
Signer

Actual PE Digest

a5:55:42:f4:97:25:73:40:5a:71:a9:d3:1f:a4:2e:63:f4:94:59:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

UPX0
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/CoCode.dll
.dll windows:5 windows x86 arch:x86

fd41c89ab9f125174e3a5d62ed38c115

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

57:3f:f6:bb:81:e8:a3:ec:3f:a2:82:32:4a:b2:3d:55:3f:0d:90:4a
Signer

Actual PE Digest

57:3f:f6:bb:81:e8:a3:ec:3f:a2:82:32:4a:b2:3d:55:3f:0d:90:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\myprog\CoCode\CoCode\Release\CoCode.pdb

Imports

kernel32

GetTickCount
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
GetLastError
CreateSemaphoreW
CloseHandle
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
GetCurrentProcessId
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleHandleA

Exports

Exports

eric
ericex
ericexex
ericexexex
erichahaha
ericzhao
ericzsq
zhaoeric
zsq
zsqeric

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Localserver.dll
.dll windows:5 windows x86 arch:x86

66f93ca7b3a568cab36e256f23099d7d

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d6:ff:23:f8:ab:0e:35:4d:d2:cb:b5:66:66:d8:75:cd:d9:b8:2c:92
Signer

Actual PE Digest

d6:ff:23:f8:ab:0e:35:4d:d2:cb:b5:66:66:d8:75:cd:d9:b8:2c:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyFiles\UUSEEProject\client\mongoose\mongoose_src\Localserver_flash\Release\Localserver.pdb

Imports

ws2_32

recvfrom
socket
htons
htonl
bind
sendto
ioctlsocket
__WSAFDIsSet
listen
send
closesocket
recv
WSACleanup
shutdown
ntohs
ntohl
select
inet_ntoa
accept
inet_addr
WSAStartup

kernel32

GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleW
InterlockedIncrement
GetCurrentProcessId
GlobalGetAtomNameA
GetFileSizeEx
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
GlobalAddAtomA
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalDeleteAtom
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
ExitProcess
HeapFree
CreateProcessA
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
SetHandleCount
GetStdHandle
GetStartupInfoA
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
HeapCreate
HeapDestroy
VirtualFree
CreatePipe
GetExitCodeProcess
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
CreateFileW
TlsGetValue
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetFileTime
WriteFile
CreateFileA
GetFileAttributesA
GetFullPathNameA
lstrlenA
DeleteFileW
CloseHandle
ReleaseMutex
GetCurrentThreadId
GetFileAttributesExW
FindNextFileW
CreateMutexA
LoadLibraryA
GetProcAddress
SetLastError
GetLastError
CreateDirectoryA
GetModuleFileNameW
GetFileAttributesW
CreateEventA
LoadLibraryW
SetEvent
CreateDirectoryW
FindFirstFileW
Sleep
RemoveDirectoryA
DeleteFileA
GetModuleHandleA
GetCommandLineA
FindClose
FindNextFileA
FindFirstFileA
lstrcmpA
GetTickCount
MultiByteToWideChar
SetThreadPriority
CreateThread
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
WaitForSingleObject
InterlockedDecrement
WriteConsoleA
SetErrorMode

user32

DestroyMenu
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
CharUpperA
GetWindowTextA
GetWindowThreadProcessId
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SendMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
ShowWindow
AdjustWindowRectEx
UnhookWindowsHookEx
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetFocus
GetClientRect

gdi32

SetMapMode
GetClipBox
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
PtVisible
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetStockObject
GetDeviceCaps
DeleteObject
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

wininet

InternetQueryDataAvailable
HttpQueryInfoA
InternetCloseHandle
InternetGetLastResponseInfoA
InternetOpenA
InternetSetStatusCallback
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestA
InternetConnectA
HttpOpenRequestA

Exports

Exports

??4CLocalserver@@QAEAAV0@ABV0@@Z
fnLocalserverSetCallback
fnLocalserverStart
fnLocalserverStop

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/MediaCenter.ini
$_2_/Reli_CCTV.dll
.dll regsvr32 windows:4 windows x86 arch:x86

8e7a487f434a52da46b0a7af2721e8b2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:f0:63:e7:4d:0e:0a:6f:96:37:a1:cb:0e:e7:ae:25
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

10/12/2009, 00:00

Not After

08/01/2013, 23:59

Subject

CN=CCTV International Networks Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Video Technology,O=CCTV International Networks Co.\, Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

63:18:0f:11:ac:cb:dc:64:6b:71:e1:d6:ef:10:80:99:ee:1c:7e:e9
Signer

Actual PE Digest

63:18:0f:11:ac:cb:dc:64:6b:71:e1:d6:ef:10:80:99:ee:1c:7e:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\hjoost\builds\cctv\bin\lite_release\Reli_CCTV_dll.pdb

Imports

gdiplus

GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetSmoothingMode
GdipCreateSolidFill
GdipCreateRegion
GdipGraphicsClear
GdipCreateFromHWND
GdipCreateBitmapFromGraphics
GdipSetEmpty
GdipDeleteRegion
GdipCreateFromHDC
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetDC
GdipReleaseDC
GdipDrawString
GdipFillEllipse
GdipCloneBrush
GdipCreateHBITMAPFromBitmap
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetClipRegion
GdipDrawImageI
GdipCreateTexture
GdipMeasureString
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipIsVisibleRegionRectI
GdipFillRectangleI
GdipImageRotateFlip
GdipCreateBitmapFromGdiDib
GdipCombineRegionRegion
GdipCreatePen1
GdipSetStringFormatFlags
GdipDeleteFont
GdipCombineRegionRectI
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeletePen
GdipCreateLineBrushFromRectI
GdipDeleteBrush
GdipDrawRectangleI
GdiplusStartup
GdiplusShutdown

wininet

InternetCanonicalizeUrlW
HttpSendRequestW
InternetSetStatusCallbackW
InternetSetOptionW
HttpOpenRequestW
InternetConnectW
InternetCrackUrlW
InternetReadFileExA
InternetCloseHandle
InternetGetLastResponseInfoW
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetQueryOptionW
InternetOpenW
InternetOpenA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
CreateUrlCacheEntryW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetQueryDataAvailable

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

kernel32

LoadLibraryExW
EnterCriticalSection
lstrcmpiW
SetEvent
GetTickCount
WideCharToMultiByte
FindNextFileW
MoveFileExW
GetTempPathW
GetTempFileNameW
CreateMutexW
LockResource
CreateEventW
FindFirstFileW
CreateThread
FindClose
CopyFileW
CreateFileW
CloseHandle
WriteFile
Sleep
CreateDirectoryW
WaitForSingleObject
DeleteFileW
GetCurrentThreadId
Module32NextW
GetCurrentProcessId
Process32FirstW
Process32NextW
MulDiv
MapViewOfFile
GetCurrentProcess
FlushInstructionCache
LocalAlloc
LocalFree
SetLastError
GetLongPathNameW
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
UnmapViewOfFile
Module32FirstW
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
InterlockedCompareExchange
GetProcessHeap
GetProcAddress
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
GetModuleHandleA
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapSize
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
FindResourceW
IsValidCodePage
RtlUnwind
SetHandleCount
GetFileType
GetLastError
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetFilePointer
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
SetEndOfFile
ReadFile
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrlenA
SetFilePointerEx
GetUserDefaultLangID
GetThreadPriority
CreateSemaphoreW
ReleaseSemaphore
lstrcpynW
lstrcmpW
FindResourceExW
CreateFileMappingW
DuplicateHandle
TryEnterCriticalSection
FreeResource
CreateProcessW
GetFileSizeEx
QueueUserWorkItem
GetSystemTime
SystemTimeToFileTime
CompareFileTime
RemoveDirectoryW
GetCurrentDirectoryW
LoadResource
InterlockedDecrement
SizeofResource
SetCurrentDirectoryW
InterlockedIncrement
GetSystemDirectoryW
QueryPerformanceFrequency
SetThreadPriority
SetThreadExecutionState
LoadLibraryW
GetLocalTime
GetVersionExW
WaitForMultipleObjects
ResetEvent
DeleteFileA
lstrlenW
GetModuleFileNameW
HeapFree
GetModuleHandleW
MultiByteToWideChar
HeapAlloc
HeapDestroy
SetThreadLocale
HeapCreate
RaiseException
DeleteCriticalSection
GetThreadLocale
LeaveCriticalSection
FreeLibrary
InitializeCriticalSection
GetOEMCP
GetStartupInfoA

user32

GetWindowRect
EndDialog
GetKeyState
GetDC
OffsetRect
DispatchMessageW
TranslateMessage
FillRect
GetActiveWindow
FrameRect
InflateRect
PostThreadMessageW
ShowWindow
UnregisterClassA
PtInRect
UnionRect
CallWindowProcW
SetWindowRgn
IntersectRect
EqualRect
EndPaint
BeginPaint
DestroyWindow
DialogBoxParamW
GetMessageW
PostMessageW
SetTimer
CreateWindowExW
DefWindowProcW
RegisterClassW
PostQuitMessage
SendMessageW
GetCursorPos
GetDlgItem
LoadCursorW
SendNotifyMessageW
GetParent
SetFocus
GetWindow
GetClientRect
SystemParametersInfoW
CopyRect
GetClassInfoExW
IsWindowVisible
SetWindowPos
GetWindowLongW
RegisterClassExW
SetWindowLongW
UpdateWindow
GetFocus
MsgWaitForMultipleObjects
PeekMessageW
MoveWindow
SetParent
MessageBoxW
EnumDisplaySettingsW
GetSystemMetrics
InvalidateRect
ReleaseDC
DrawTextW
SetRect
RegisterWindowMessageW
GetQueueStatus
GetWindowThreadProcessId
BringWindowToTop
IsRectEmpty
GetKeyboardState
FindWindowW
WaitForInputIdle
GetClassNameW
TrackMouseEvent
SetForegroundWindow
ScreenToClient
ShowCursor
MapWindowPoints
IsChild
SetCapture
ReleaseCapture
SetCursor
CloseWindow
CharNextW
IsWindow
KillTimer

gdi32

BitBlt
SelectClipRgn
IntersectClipRect
CreateDIBSection
CreateCompatibleDC
SetTextColor
SetBkMode
DeleteObject
GetDeviceCaps
GetStockObject
CreateFontW
DeleteDC
CreateRectRgnIndirect
SaveDC
SetViewportOrgEx
RestoreDC
SetWindowOrgEx
SetMapMode
LPtoDP
CreateDCW
CreateFontIndirectW
CreateSolidBrush
CreateDIBPatternBrush
SetBkColor
SelectObject

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueW
RegDeleteKeyW
RegQueryValueExW

shell32

ShellExecuteW

ole32

CoGetMalloc
GetRunningObjectTable
MkParseDisplayName
CreateBindCtx
CoFreeUnusedLibraries
CoInitialize
CLSIDFromString
CreateOleAdviseHolder
WriteClassStm
OleRegEnumVerbs
OleRegGetMiscStatus
OleSaveToStream
OleLoadFromStream
OleRegGetUserType
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoInitializeEx

oleaut32

UnRegisterTypeLi
VariantClear
VariantInit
VariantChangeType
SysStringLen
SysAllocStringByteLen
SysStringByteLen
OleCreatePropertyFrame
RegisterTypeLi
LoadRegTypeLi
SafeArrayCreateVector
GetErrorInfo
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
VarUI4FromStr
LoadTypeLi
SysAllocString

winmm

timeKillEvent
timeGetTime
timeBeginPeriod
timeEndPeriod
timeSetEvent
waveOutClose
waveOutSetVolume
waveOutGetVolume
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveOutReset
waveOutOpen

msimg32

TransparentBlt

iphlpapi

GetPerAdapterInfo
GetAdaptersInfo

ws2_32

send
recv
ntohs
inet_addr
gethostbyname
htons
socket
connect
setsockopt
closesocket
htonl
ntohl
WSAGetLastError

comdlg32

GetSaveFileNameW

Exports

Exports

CheckOccupy
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HelperEntry

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/StartService.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

1663b387070e1f2c5003e887dfce3818

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:55:39:09:d5:ff:b9:2c:dd:bb:12:13:36:26:14:63:3e:3c:6b:8c
Signer

Actual PE Digest

66:55:39:09:d5:ff:b9:2c:dd:bb:12:13:36:26:14:63:3e:3c:6b:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\UuseeSource\projects\uusee_transformer\StartService\Release\StartService.pdb

Imports

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFileExistsW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

RaiseException
ExitProcess
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
HeapFree
GetProfileIntW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FindResourceExW
GetVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenA
CreateFileW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
RtlUnwind
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
GetModuleHandleA
WritePrivateProfileStringW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
IsDBCSLeadByte
GetUserDefaultLCID
GlobalFindAtomW
LoadLibraryA
GetVersionExA
FreeResource
GetCurrentProcessId
GlobalAddAtomW
CloseHandle
InterlockedIncrement
CompareStringW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryW
CompareStringA
WideCharToMultiByte
InterlockedExchange
lstrcmpW
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
lstrlenW
MulDiv
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
SetLastError
GetModuleHandleW
GetProcAddress
CreateProcessW
Sleep
GetTickCount
LocalAlloc
MultiByteToWideChar
GetLastError
LockResource
GetVersionExW
SizeofResource
LoadResource
FindResourceW
LockFile
GetCommandLineA
IsValidCodePage

user32

GetDCEx
GetDialogBaseUnits
GetTabbedTextExtentA
CharUpperW
DestroyIcon
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
FillRect
GetSysColorBrush
UnregisterClassW
LockWindowUpdate
EnumChildWindows
RegisterClipboardFormatW
SetRect
SetWindowRgn
IsRectEmpty
CreateMenu
DestroyMenu
SetRectEmpty
LoadCursorW
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCapture
ReleaseDC
GetDC
ReleaseCapture
MoveWindow
SetWindowTextW
IsDialogMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EnableWindow
UnhookWindowsHookEx
RemoveMenu
GetSubMenu
EqualRect
GetDlgCtrlID
PtInRect
GetMenu
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
CallWindowProcW
SetWindowPos
DestroyWindow
GetDesktopWindow
SetWindowLongW
InvalidateRect
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostQuitMessage
PostMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
SendMessageW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageW
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageW
TranslateMessage
GetMessageW
CallNextHookEx
SetWindowsHookExW
SetCursor
MessageBoxW
IsWindowEnabled
GetLastActivePopup
GetWindowLongW
GetWindowThreadProcessId
SetParent
DrawEdge
ShowWindow
UpdateWindow
GetWindowRect
OffsetRect
InflateRect
DefWindowProcW
CopyRect
RegisterWindowMessageW

gdi32

CreatePen
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
GetTextAlign
GetTextMetricsW
EnumFontFamiliesExW
PatBlt
Rectangle
UnrealizeObject
GetStockObject
CreatePatternBrush
GetCurrentPositionEx
CreateMetaFileW
LPtoDP
CreateBitmap
CreateDCW
ScaleWindowExtEx
CopyMetaFileW
SetRectRgn
GetDeviceCaps
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateRectRgn
SelectClipRgn
DeleteObject
MoveToEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateRectRgnIndirect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CombineRgn
GetObjectW
SetBkColor
SetTextColor
GetClipBox
DeleteDC
DeleteMetaFile
CloseMetaFile
SetWindowExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyW
RegCreateKeyExW
RegSetValueW
StartServiceW
QueryServiceStatusEx
ChangeServiceConfigW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW

shell32

ExtractIconW
SHGetFolderPathW

ole32

ReadClassStm
CreateStreamOnHGlobal
CoDisconnectObject
CreateDataAdviseHolder
OleSaveToStream
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateOleAdviseHolder
CreateDataCache
CoRevokeClassObject
CoRegisterClassObject
OleLoadFromStream
OleDuplicateData
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
ReadFmtUserTypeStg
CoTaskMemFree
CoCreateInstance
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StringFromGUID2

oleaut32

OleCreatePictureIndirect
OleCreateFontIndirect
SysAllocString
OleLoadPicture
LoadRegTypeLi
SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysFreeString
SysStringByteLen
SysStringLen
OleCreatePropertyFrame
VariantClear
VariantChangeType
VariantInit
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UFDeMux.ax
.dll regsvr32 windows:4 windows x86 arch:x86

e3c137f27b904b663fa5c90fb96b156a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

08:2e:b5:51:18:53:79:66:42:71:40:8b:bb:fa:e2:8a:2e:c5:31:ab
Signer

Actual PE Digest

08:2e:b5:51:18:53:79:66:42:71:40:8b:bb:fa:e2:8a:2e:c5:31:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveOutGetNumDevs

kernel32

WaitForSingleObject
ResetEvent
CloseHandle
InterlockedExchange
SetThreadPriority
Sleep
lstrcpynW
lstrlenW
InterlockedIncrement
InterlockedDecrement
CreateEventW
VirtualFree
lstrcmpW
GetCurrentProcess
GetCurrentThreadId
VirtualAlloc
SetEvent
GetProcAddress
GetModuleHandleW
GetTickCount
GetLastError
GetVersionExW
CreateThread
MultiByteToWideChar
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
GetStringTypeW
GetStringTypeA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LCMapStringA
LCMapStringW
SetStdHandle
FreeLibrary
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
GetConsoleMode
GetConsoleCP
SetFilePointer
RaiseException
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
HeapReAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
HeapSize
GetLocaleInfoA
WriteConsoleA

advapi32

RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyW

ole32

CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UFSource.ax
.dll regsvr32 windows:4 windows x86 arch:x86

376d0c418d10c2eeaba61ca79a12d2e1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:00:8b:66:a6:15:9b:6f:9a:cd:86:3e:8d:43:bd:7f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

03/04/2009, 00:00

Not After

03/04/2010, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=bei jing,ST=china,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a9:19:13:85:b9:ea:b4:63:ee:21:57:e4:52:74:4a:e8:66:3b:06:eb
Signer

Actual PE Digest

a9:19:13:85:b9:ea:b4:63:ee:21:57:e4:52:74:4a:e8:66:3b:06:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\FFormat\UFSource\Release\UFSource.pdb

Imports

kernel32

CloseHandle
WaitForMultipleObjects
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersion
CreateEventA
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetCurrentThreadId
GetTickCount
GetVersionExA
CreateSemaphoreA
InterlockedIncrement
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualFree
GetCurrentProcess
VirtualAlloc
FreeLibrary
LoadLibraryA
lstrlenA
GetModuleFileNameA
DisableThreadLibraryCalls
GetLocaleInfoA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapSize
GetLastError
CreateThread
ResetEvent
SetEvent
InterlockedDecrement
HeapReAlloc
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter

user32

wsprintfA

advapi32

RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA

ole32

StringFromGUID2
CoTaskMemFree
CoFreeUnusedLibraries
CoCreateInstance
CoUninitialize
CoTaskMemAlloc
CoInitialize

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UUNet.dll
.dll windows:5 windows x86 arch:x86

32e183d185907fe885bb780feaaf8e95

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

44:6e:57:1a:23:33:a9:ee:3a:a5:32:fa:93:dd:b7:34:f5:32:7b:58
Signer

Actual PE Digest

44:6e:57:1a:23:33:a9:ee:3a:a5:32:fa:93:dd:b7:34:f5:32:7b:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Program Files (x86)\Common Files\uusee\UUNet.pdb

Imports

ws2_32

WSACleanup
inet_addr
inet_ntoa
ioctlsocket
connect
WSAStartup
recvfrom
select
htons
sendto
htonl
recv
bind
socket
__WSAFDIsSet
closesocket
gethostbyname
send

iphlpapi

GetBestInterface
GetIpAddrTable

kernel32

HeapSize
HeapReAlloc
GetProcessHeap
SetEndOfFile
GetDriveTypeW
WriteConsoleW
IsProcessorFeaturePresent
SetStdHandle
CreateFileW
CompareStringW
LoadLibraryW
EncodePointer
CloseHandle
CreateMutexW
WaitForSingleObject
GetTickCount
Sleep
GetFileAttributesA
FindFirstFileA
FindClose
FindNextFileA
ReleaseMutex
GetTempPathA
DeleteFileA
CreateThread
GetStringTypeW
GetCurrentProcessId
QueryPerformanceCounter
GetLastError
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetEnvironmentVariableA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
HeapCreate
HeapDestroy
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
RtlUnwind
MultiByteToWideChar
ReadFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
SetFilePointer
LCMapStringW
FlushFileBuffers
GetTimeZoneInformation
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
GetCurrentDirectoryW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW

ole32

CoCreateGuid
StringFromGUID2

Exports

Exports

CORE_dumpdata
CORE_getdata
CORE_getdatabyid
CORE_getstatusEx
CORE_init
CORE_play
CORE_quit
CORE_seekpack
CORE_stop

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UUPlayer.exe
.exe windows:4 windows x86 arch:x86

cdc28a82c5f93ee4c8db41c7ffe0dc6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:19:69:ea:ed:e5:7e:56:5d:a9:f3:80:6b:3b:cf:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/04/2008, 00:00

Not After

28/04/2009, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=development,O=Beijing Shi Yue Network Technology Co.\, Ltd.,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:28:0e:b8:c0:0f:42:50:25:d5:5f:ee:48:75:91:8e:05:68:51:ab
Signer

Actual PE Digest

dd:28:0e:b8:c0:0f:42:50:25:d5:5f:ee:48:75:91:8e:05:68:51:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord4480
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord4272
ord2756
ord4199
ord1569
ord6371
ord4269
ord540
ord538
ord858
ord800
ord3131
ord535
ord1165

msvcrt

__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
__CxxFrameHandler
__p__commode

kernel32

GetStartupInfoW
GetCommandLineW
GetModuleHandleW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/UUPlayer.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

13ddf149e28cb7200506a2e61957cc8f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:0b:11:37:53:c9:3f:ad:a6:2b:ff:48:e4:6b:7b:b0:43:8b:ce:da
Signer

Actual PE Digest

ba:0b:11:37:53:c9:3f:ad:a6:2b:ff:48:e4:6b:7b:b0:43:8b:ce:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord535
ord798
ord1997
ord6392
ord6407
ord3337
ord3811
ord5194
ord533
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord5714
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2541
ord4949
ord6199
ord4459
ord3663
ord3626
ord6819
ord2414
ord283
ord6880
ord6030
ord2864
ord926
ord6930
ord6928
ord1601
ord4204
ord6282
ord1105
ord4441
ord2795
ord4129
ord5683
ord939
ord6877
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord924
ord823
ord860
ord537
ord540
ord2818
ord922
ord858
ord800
ord4738
ord825
ord1131

msvcrt

memcpy
_ftol
sprintf
_strnicmp
__CxxFrameHandler
printf
isalnum
strncpy
localtime
time
isalpha
_ismbcdigit
strchr
wcsncpy
wcslen
strtok
atof
atoi
_adjust_fdiv
malloc
_initterm
free
__dllonexit
_onexit
??1type_info@@UAE@XZ

kernel32

CreateThread
TerminateProcess
GetSystemTime
GetTempPathA
GetPrivateProfileStringA
GetCurrentProcess
SetPriorityClass
CreateFileA
CloseHandle
CreateProcessA
GetVersionExA
ReadFile
PeekNamedPipe
GetTickCount
GetModuleFileNameA
GetModuleHandleA
LocalFree
LocalAlloc
CreatePipe
CreateDirectoryA
DeviceIoControl
Sleep
WriteFile

user32

FillRect
MessageBoxA
wsprintfA
EnableWindow
SendMessageA
GetWindowRect

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

ws2_32

htons
gethostbyname
inet_addr
sendto
closesocket
WSACleanup
WSAStartup
socket

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/UUSeeMediaCenter.exe
.exe windows:4 windows x86 arch:x86

3cc3d5d5b5f2322e97270f09794726e6

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:6f:fa:4f:d8:8d:3b:05:98:36:af:a1:f1:45:2c:6d:cd:06:2f:78
Signer

Actual PE Digest

dd:6f:fa:4f:d8:8d:3b:05:98:36:af:a1:f1:45:2c:6d:cd:06:2f:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegEnumValueW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegCreateKeyExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

EmptyWorkingSet
GetModuleFileNameExW

mfc42u

ord3574
ord426
ord726
ord6278
ord6195
ord4279
ord5706
ord5679
ord1570
ord1568
ord2385
ord5349
ord5352
ord5804
ord5199
ord3224
ord2755
ord389
ord4273
ord6655
ord1172
ord942
ord6373
ord6374
ord1230
ord2078
ord3806
ord551
ord2859
ord4219
ord1940
ord2388
ord3341
ord5296
ord5299
ord4074
ord4693
ord5303
ord5285
ord817
ord565
ord2718
ord4221
ord941
ord2248
ord927
ord5819
ord3659
ord996
ord415
ord613
ord289
ord715
ord5637
ord3658
ord3566
ord3621
ord3568
ord640
ord2406
ord5781
ord1634
ord1633
ord323
ord2854
ord1859
ord1130
ord2861
ord3614
ord816
ord5785
ord562
ord283
ord2746
ord1863
ord5603
ord2754
ord897
ord1854
ord4215
ord2576
ord3649
ord2430
ord1173
ord2858
ord6138
ord2559
ord5784
ord5783
ord5871
ord4272
ord2606
ord3915
ord472
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord6190
ord2855
ord5568
ord2914
ord3697
ord1083
ord501
ord1637
ord1614
ord4197
ord5852
ord536
ord2745
ord696
ord1258
ord5638
ord4180
ord5624
ord4616
ord2444
ord4018
ord909
ord1808
ord2447
ord2538
ord3810
ord291
ord1109
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord1717
ord5252
ord4421
ord706
ord1857
ord5095
ord2093
ord5098
ord3346
ord976
ord4147
ord2374
ord5279
ord5250
ord2437
ord674
ord1850
ord2094
ord5469
ord645
ord1856
ord5248
ord1834
ord5801
ord4140
ord5480
ord3227
ord1134
ord1137
ord4155
ord2144
ord1851
ord1811
ord3097
ord6150
ord2523
ord4358
ord4052
ord5467
ord4116
ord2381
ord5077
ord1702
ord1706
ord5230
ord6365
ord5275
ord5244
ord2436
ord331
ord4231
ord6644
ord2706
ord6871
ord3651
ord407
ord3652
ord408
ord3645
ord401
ord3618
ord366
ord3638
ord394
ord773
ord4242
ord4243
ord4240
ord4237
ord4241
ord4451
ord4718
ord5047
ord4493
ord4804
ord4768
ord3016
ord6451
ord4452
ord4494
ord4495
ord4769
ord668
ord2762
ord356
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord5298
ord4692
ord5710
ord3733
ord815
ord561
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord6113
ord1202
ord1131
ord824
ord826
ord2717
ord6381
ord2822
ord1941
ord4029
ord3348
ord2425
ord2541
ord4030
ord6091
ord4027
ord3519
ord6088
ord5715
ord3791
ord3132
ord4278
ord4281
ord6194
ord3868
ord3869
ord3866
ord3083
ord5944
ord4293
ord6192
ord6210
ord4117
ord2633
ord5976
ord2620
ord1666
ord1676
ord5431
ord6211
ord2910
ord6376
ord6193
ord4294
ord2294
ord4847
ord2243
ord2721
ord2722
ord6466
ord2719
ord6445
ord5602
ord6868
ord925
ord861
ord858
ord940
ord922
ord4199
ord2756
ord823
ord5856
ord540
ord2810
ord1155
ord860
ord6303
ord521
ord711
ord413
ord354
ord5180
ord3313
ord1971
ord665
ord538
ord3785
ord6149
ord1594
ord537
ord2680
ord4124
ord800
ord535
ord2371
ord4704
ord4282
ord4229
ord818
ord2127
ord772
ord825
ord500
ord3696
ord324
ord567
ord1165
ord1143
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4418
ord3397
ord3131
ord5286
ord4347
ord1768
ord6051
ord3701

msvcrt

_stricmp
_strlwr
_itoa
strtok
atol
strstr
fopen
ftell
fseek
_wtoi
swscanf
wprintf
wcsstr
wcslen
_snprintf
_mbstok
isalpha
wcscpy
wcscat
memmove
_atoi64
wcsncpy
_vsnwprintf
_vsnprintf
fprintf
fputc
isalnum
isspace
strncmp
tolower
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_controlfp
__CxxFrameHandler
_wcsicmp
rand
_waccess
_wremove
fflush
fclose
fwrite
_wfopen
srand
memcpy
fread
memset
strlen
sscanf
sprintf
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_purecall
malloc
free
strcmp
_ftol
strchr
strcpy
wcscmp
exit
strcat
_except_handler3
memcmp
?what@exception@@UBEPBDXZ
_wtol
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
time
localtime
swprintf
printf
strncat
getenv
atoi

kernel32

GetPrivateProfileStringW
lstrlenW
GetTempPathW
GetTickCount
DeleteFileW
CopyFileW
LoadLibraryW
GetProcAddress
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDrives
GetTempPathA
CreateThread
HeapFree
HeapAlloc
LocalFree
FindClose
FindNextFileA
FindFirstFileA
GetCommandLineW
SetFileAttributesW
DeleteFileA
WritePrivateProfileStringW
MoveFileExW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
LocalAlloc
WideCharToMultiByte
CreateDirectoryW
ResumeThread
LockResource
LoadResource
FindResourceW
GetVersion
FormatMessageW
MulDiv
SetLastError
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GetSystemDirectoryW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
lstrcmpW
HeapReAlloc
GetStartupInfoW
MultiByteToWideChar
GlobalFree
GlobalUnlock
lstrcpyW
GlobalLock
GlobalAlloc
FreeLibrary
LoadLibraryA
GetCurrentThreadId
GetLongPathNameW
CloseHandle
lstrcpynW
IsBadCodePtr
IsBadReadPtr
GetVersionExW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetCurrentProcessId
WriteFile
TerminateProcess
GetModuleHandleW
GetFileSize
Sleep
CompareStringW
OpenProcess
CreateProcessW
GetLastError
GetModuleFileNameA
InterlockedDecrement
lstrlenA
WaitForSingleObject
GetSystemDirectoryA
GlobalMemoryStatusEx

user32

LoadMenuW
GetMenuStringW
ModifyMenuW
GetMenuDefaultItem
GrayStringW
DrawTextW
TabbedTextOutW
DrawEdge
SetRect
DrawFocusRect
GetMessagePos
DrawStateW
InflateRect
GetMenuItemCount
IsRectEmpty
GetMenuItemID
GetMenu
GetMenuState
DestroyMenu
IntersectRect
UnhookWindowsHookEx
GetSystemMenu
WindowFromDC
CopyRect
GetMenuInfo
DestroyIcon
FillRect
GetMenuItemRect
GetMenuItemInfoW
LoadIconW
SendMessageW
SetTimer
RedrawWindow
ClientToScreen
GetPropW
CallWindowProcW
IsWindow
EnableWindow
wsprintfW
TranslateAcceleratorW
LoadAcceleratorsW
UpdateWindow
GetFocus
IsChild
MenuItemFromPoint
GetSubMenu
OffsetRect
IsMenu
SetMenuInfo
GetWindowDC
GetSysColor
RemovePropW
PostQuitMessage
MoveWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
WindowFromPoint
GetClassNameW
GetForegroundWindow
LoadCursorW
ShowWindow
SetPropW
BringWindowToTop
BeginPaint
EndPaint
SetWindowLongW
GetWindowLongW
DefWindowProcW
GetDC
ReleaseDC
EqualRect
UpdateLayeredWindow
RegisterClassExW
CreateWindowExW
SetWindowPos
MessageBoxW
SystemParametersInfoW
PostMessageW
GetSystemMetrics
FindWindowW
GetWindowRect
KillTimer
SetWindowsHookExW
GetClientRect
CallNextHookEx
RegisterWindowMessageW
GetParent
GetCursorPos

gdi32

Rectangle
DeleteDC
SelectClipRgn
CreateRectRgn
CombineRgn
CreateRectRgnIndirect
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
UnrealizeObject
SetBrushOrgEx
BitBlt
CreatePen
DeleteObject
GetTextExtentPoint32W
RoundRect
GetObjectW
GetPixel
SetPixel
GetNearestColor
CreateFontIndirectW
CreateCompatibleBitmap
CreatePatternBrush
CreateSolidBrush
GetStockObject
CreateCompatibleDC
CreateDIBSection
SelectObject
GetDeviceCaps

shell32

ShellExecuteW
Shell_NotifyIconW
CommandLineToArgvW
SHGetFolderPathW

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_GetIconSize

ole32

CLSIDFromProgID
CoCreateGuid
CoUninitialize
CLSIDFromString
OleDraw
CoInitialize
OleCreate
OleSetContainedObject
CoCreateInstance
OleRun
CreateStreamOnHGlobal

oleaut32

VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
SysAllocString
SysFreeString
GetErrorInfo

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0runtime_error@std@@QAE@ABV01@@Z
??1runtime_error@std@@UAE@XZ
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1Init@ios_base@std@@QAE@XZ

wininet

InternetCloseHandle
InternetSetOptionW
InternetOpenA
InternetGetConnectedState
InternetOpenUrlW
InternetReadFile
InternetQueryOptionW
HttpQueryInfoW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CertCloseStore
CryptMsgClose

ws2_32

recvfrom
WSAGetLastError
WSACleanup
WSAStartup
gethostbyaddr
gethostbyname
inet_addr
htons
inet_ntoa
socket
closesocket
sendto
recv
send
connect
setsockopt

shlwapi

PathFileExistsW
PathIsDirectoryW

iphlpapi

GetIpForwardTable
GetBestInterface
GetIpAddrTable
GetAdaptersInfo

winmm

waveOutGetNumDevs

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/UUUpgrade.exe
.exe windows:4 windows x86 arch:x86

5eed0df55019b450ba3c9652558285b2

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:e4:1e:72:c8:ef:24:39:2a:bd:28:28:61:8d:00:bc:d4:21:fc:37
Signer

Actual PE Digest

20:e4:1e:72:c8:ef:24:39:2a:bd:28:28:61:8d:00:bc:d4:21:fc:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupIterateCabinetW

shlwapi

PathFileExistsW
SHDeleteKeyW

psapi

EnumProcessModules
EnumProcesses
GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

mfc42u

ord4395
ord3634
ord692
ord4270
ord956
ord3798
ord665
ord2810
ord1971
ord6381
ord5180
ord354
ord537
ord6414
ord2755
ord4272
ord6868
ord3716
ord809
ord795
ord556
ord1088
ord2114
ord6195
ord3871
ord3792
ord6354
ord2854
ord6871
ord942
ord927
ord6451
ord3332
ord3806
ord2385
ord5352
ord5804
ord5199
ord3224
ord6055
ord389
ord925
ord922
ord6865
ord6867
ord538
ord1594
ord5706
ord940
ord3084
ord4273
ord3566
ord5781
ord3701
ord1941
ord818
ord6211
ord4294
ord755
ord470
ord2573
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord663
ord4197
ord6920
ord2756
ord2613
ord5939
ord1131
ord1196
ord1244
ord6433
ord6279
ord6278
ord536
ord941
ord6330
ord2634
ord348
ord2070
ord1172
ord2637
ord4219
ord4155
ord2858
ord6130
ord2078
ord4125
ord2397
ord3737
ord1105
ord4199
ord668
ord3176
ord4053
ord2773
ord2762
ord356
ord4215
ord2576
ord3649
ord2430
ord6266
ord1637
ord711
ord4163
ord413
ord3785
ord2567
ord4390
ord3569
ord609
ord4279
ord2746
ord4214
ord2016
ord2405
ord6362
ord1764
ord2855
ord3614
ord323
ord1633
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord2859
ord3766
ord1662
ord2644
ord6237
ord781
ord567
ord3703
ord4418
ord3397
ord5286
ord1768
ord6051
ord3087
ord2294
ord6376
ord6193
ord2371
ord4470
ord5871
ord4704
ord1165
ord1143
ord1634
ord4229
ord2362
ord2406
ord3621
ord3658
ord324
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord3568
ord2606
ord823
ord861
ord5679
ord4124
ord858
ord540
ord2910
ord5568
ord535
ord800
ord825
ord6597
ord1569

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_XcptFilter
_exit
_CxxThrowException
wcsncpy
exit
swscanf
_wcsnicmp
__p__wpgmptr
wcstod
printf
malloc
isalpha
_except_handler3
wcsstr
wcscat
vswprintf
swprintf
fwrite
fflush
_beginthreadex
strstr
strtok
atoi
_wfopen
fseek
ftell
fclose
_wcsicmp
wcscpy
_ftol
sprintf
__CxxFrameHandler
wcslen
realloc
free
__dllonexit
??1type_info@@UAE@XZ
_onexit
_controlfp
wcscmp

kernel32

GetLastError
FormatMessageW
GetPrivateProfileIntW
LeaveCriticalSection
Sleep
DeleteCriticalSection
lstrcpynW
WideCharToMultiByte
GetTickCount
GetFileAttributesW
ResetEvent
LocalAlloc
GetComputerNameW
PulseEvent
CreateMutexW
GetStartupInfoW
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameW
CloseHandle
WaitForSingleObject
GetLocalTime
FreeLibrary
LoadLibraryW
GetWindowsDirectoryW
lstrcpyW
lstrcatW
GetVersionExW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenW
GetModuleHandleW
CreateProcessW
ReadProcessMemory
GetCurrentProcess
OpenProcess
GetShortPathNameW
TerminateProcess
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
GetProcAddress
CreateFileW
LoadLibraryExW
SetErrorMode
GetLongPathNameW
ExitProcess
GetModuleFileNameA
GetCurrentDirectoryW
MoveFileExW
DeleteFileW
CopyFileW
GetCommandLineW
GetPrivateProfileSectionW
GetTempPathW
TerminateThread
SetEvent
WriteFile
ReadFile
LocalFree
GetFileSize

user32

GetSystemMetrics
ScreenToClient
PostMessageW
SetWindowRgn
DrawIconEx
LoadBitmapW
SetRect
wsprintfW
EnumWindows
GetWindowThreadProcessId
SetCursorPos
FindWindowW
FindWindowExW
IsRectEmpty
GetCursorPos
RedrawWindow
LoadCursorW
CopyIcon
GetNextDlgGroupItem
GetParent
InflateRect
GetSysColor
InvalidateRect
SystemParametersInfoW
SetWindowLongW
GetClientRect
SetCursor
DestroyCursor
PtInRect
GrayStringW
DrawTextW
TabbedTextOutW
GetDC
ReleaseDC
SetWindowTextW
EnableWindow
KillTimer
LoadIconW
SendMessageW
SetTimer
ReleaseCapture
GetCapture
WindowFromPoint
DrawFocusRect
GetWindowLongW
LoadMenuW
GetSubMenu
SetWindowPos
UpdateWindow
SetForegroundWindow
DrawIcon
DrawEdge
FillRect
MessageBoxA
GetActiveWindow
IntersectRect
ClientToScreen
OffsetRect
GetWindow
IsWindow
CharLowerW
IsIconic
GetSystemMenu
GetWindowRect
AppendMenuW

gdi32

GetTextExtentPoint32W
StretchBlt
TextOutW
GetPixel
CombineRgn
CreateRectRgn
CreateFontW
Rectangle
GetDeviceCaps
Escape
SelectClipRgn
RectVisible
PtVisible
SetBkMode
CreateFontIndirectW
SetTextColor
GetStockObject
GetObjectW
ExtTextOutW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
CreateSolidBrush
DeleteObject

advapi32

ConvertSidToStringSidW
CreateProcessAsUserW
QueryServiceStatusEx
StartServiceW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
RegEnumValueW
RegDeleteValueW
RegCreateKeyExW
ImpersonateLoggedOnUser
GetUserNameW
RevertToSelf
ChangeServiceConfigW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW
RegCloseKey
LookupAccountNameW

shell32

SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetSpecialFolderLocation
ShellExecuteW
Shell_NotifyIconW
SHCreateDirectoryExW
SHFileOperationW
CommandLineToArgvW

comctl32

_TrackMouseEvent

ole32

OleInitialize
CoInitialize
OleUninitialize
CoCreateInstance
OleRun

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
GetErrorInfo

urlmon

URLDownloadToFileW

ws2_32

htons
gethostbyname
inet_addr
connect
closesocket
WSACleanup
sendto
send
WSAStartup
recv
socket

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

userenv

CreateEnvironmentBlock

Sections

.text
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/UUUpgrade.ini
$_2_/in_net.dll
.dll windows:4 windows x86 arch:x86

22d50d98242a7c0b374bed94e8f38697

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

51:99:d5:fe:3a:d9:dd:54:43:97:73:11:75:f2:0b:92:be:f4:fc:30
Signer

Actual PE Digest

51:99:d5:fe:3a:d9:dd:54:43:97:73:11:75:f2:0b:92:be:f4:fc:30

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
CreateErrorInfo
GetErrorInfo
SetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegFlushKey
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
CreateWindowExA
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassA
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoA
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExA
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetWindowLongA
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropA
SetParent
SetMenuItemInfoA
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongA
SetCapture
SetActiveWindow
SendMessageW
SendMessageA
ScrollWindow
ScreenToClient
RemovePropA
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageA
RegisterClipboardFormatA
RegisterClassA
RedrawWindow
PtInRect
PostQuitMessage
PostMessageA
PeekMessageW
PeekMessageA
OffsetRect
OemToCharA
MsgWaitForMultipleObjects
MessageBoxA
MapWindowPoints
MapVirtualKeyA
LoadStringA
LoadKeyboardLayoutA
LoadIconA
LoadCursorA
LoadBitmapA
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageW
IsDialogMessageA
IsChild
InvalidateRect
IntersectRect
InsertMenuItemA
InsertMenuA
InflateRect
GetWindowThreadProcessId
GetWindowTextA
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowLongA
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropA
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringA
GetMenuState
GetMenuItemInfoA
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongA
GetClassInfoA
GetCapture
GetActiveWindow
FrameRect
FindWindowA
FillRect
EqualRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextA
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageW
DispatchMessageA
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcA
DefMDIChildProcA
DefFrameProcA
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CallWindowProcA
CallNextHookEx
BeginPaint
CharNextA
CharLowerBuffA
CharLowerA
CharUpperBuffA
CharToOemA
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
lstrcpyA
WriteFile
WaitForSingleObject
VirtualQuery
VirtualAlloc
TryEnterCriticalSection
Sleep
SizeofResource
SetThreadLocale
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryA
ReleaseMutex
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
OpenMutexA
MultiByteToWideChar
MulDiv
MoveFileA
LockResource
LoadResource
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomA
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomA
GetVersionExA
GetVersion
GetUserDefaultLCID
GetTimeZoneInformation
GetTickCount
GetThreadLocale
GetTempPathA
GetSystemTime
GetSystemInfo
GetStdHandle
GetQueuedCompletionStatus
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetFileSize
GetFileAttributesA
GetExitCodeThread
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCurrentProcessId
GetComputerNameA
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
FreeLibrary
FormatMessageA
FindResourceA
FindNextFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
EnumCalendarInfoA
EnterCriticalSection
DeleteFileA
DeleteCriticalSection
CreateThread
CreateMutexA
CreateIoCompletionPort
CreateFileA
CreateEventA
CreateDirectoryA
CompareStringA
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsA
GetTextExtentPoint32A
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectA
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionA
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectA
CreateEnhMetaFileA
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileA
CloseEnhMetaFile
BitBlt

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

ole32

CLSIDFromString
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wsock32

__WSAFDIsSet
WSACleanup
WSAStartup
WSAGetLastError
gethostname
getservbyname
gethostbyname
socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
htonl
connect
closesocket
bind

ws2_32

WSAAccept
WSARecv
WSASend
WSASocketA
WSAGetLastError
closesocket

iphlpapi

GetIpAddrTable
GetBestInterface

Exports

Exports

uuseePSPmodlePlugin
uuseePSPmodlePlugin2
uuseePSPmodlePlugin3
uuseePSPmodlePlugin4
uuseePSPmodlePlugin5

Sections

.text
Size: 781KB - Virtual size: 781KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 205B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/mp4demux.ax
.dll regsvr32 windows:5 windows x86 arch:x86

72d142329241c8914f504c6d32b909b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

79:c4:e6:dd:90:b8:22:0d:ce:5f:e2:95:8c:98:3d:62:25:75:fa:be
Signer

Actual PE Digest

79:c4:e6:dd:90:b8:22:0d:ce:5f:e2:95:8c:98:3d:62:25:75:fa:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
ResetEvent
InterlockedDecrement
CreateThread
CloseHandle
GetCurrentThreadId
Sleep
InterlockedIncrement
GetModuleHandleW
GetTickCount
GetVersionExW
InterlockedExchange
GetLastError
GetProcAddress
CreateEventW
GetCurrentProcess
SetEvent
lstrcmpW
VirtualAlloc
FreeLibrary
LoadLibraryW
lstrlenA
MultiByteToWideChar
lstrlenW
GetModuleFileNameA
DisableThreadLibraryCalls
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
FlushFileBuffers
CreateFileA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetLocaleInfoW
VirtualFree
HeapFree
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
WideCharToMultiByte
GetStringTypeW
GetProcessHeap
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapAlloc
LCMapStringA
LCMapStringW
GetCPInfo
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetModuleHandleA
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
InitializeCriticalSectionAndSpinCount

user32

SetRect

advapi32

RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegSetValueW
RegCreateKeyW
RegSetValueExW

ole32

CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
StringFromGUID2
CoUninitialize

oleaut32

SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/npstartservicep.dll
.dll windows:5 windows x86 arch:x86

a5f969081a67bbfded70752d9bbd68ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files\Mozilla Firefox\plugins\npstartservicep.pdb

Imports

kernel32

RtlUnwind
RaiseException
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
HeapAlloc
GetCommandLineA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
FileTimeToSystemTime
GetModuleHandleW
GetThreadLocale
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
InterlockedIncrement
GetCurrentProcessId
GlobalFlags
lstrcmpA
FormatMessageA
MulDiv
SetErrorMode
GetModuleFileNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
WideCharToMultiByte
CompareStringA
LoadLibraryA
GetLastError
SetLastError
MultiByteToWideChar
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
SizeofResource
GlobalLock
GlobalUnlock
GlobalFree
FindResourceA
LoadResource
LockResource
VirtualFree
FreeResource

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
UnregisterClassA
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
ShowWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
EnableWindow
UpdateWindow
FrameRect
DefWindowProcA
IsWindowVisible
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CharUpperA
RegisterClipboardFormatA
GetWindowLongA
InvalidateRect
SetWindowLongA
BeginPaint
GetClientRect
DrawTextA
EndPaint
EndDialog
SendMessageA
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
GetMenu
CallWindowProcA
GetDlgCtrlID
PtInRect
CopyRect
EqualRect
MoveWindow

gdi32

ExtSelectClipRgn
DeleteDC
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
TextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID

oleaut32

VariantChangeType
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocStringByteLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
VariantClear

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/npuuseep.dll
.dll windows:5 windows x86 arch:x86

ae16462ba4ca0932b9c5eaf536e2af2a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\npuuseep.pdb

Imports

kernel32

HeapFree
RtlUnwind
RaiseException
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSize
Sleep
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
HeapAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetCommandLineA
GetFileTime
GetFileSizeEx
GetFileAttributesA
FileTimeToLocalFileTime
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetTickCount
GetModuleHandleW
FileTimeToSystemTime
GetOEMCP
GetCPInfo
GetLocaleInfoA
InterlockedExchange
GlobalFlags
lstrcmpA
GetCurrentProcessId
SetErrorMode
GetModuleFileNameA
CloseHandle
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
FormatMessageA
LocalFree
MulDiv
GlobalAlloc
InterlockedDecrement
GetModuleFileNameW
lstrlenA
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
FreeLibrary
CompareStringA
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetModuleHandleA
GetProcAddress
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
GetThreadLocale
WideCharToMultiByte
InterlockedIncrement
MultiByteToWideChar
FindResourceA
LoadResource
LockResource
SizeofResource
VirtualFree
OutputDebugStringA

user32

MessageBeep
GetNextDlgGroupItem
LoadCursorA
GetSysColorBrush
PostQuitMessage
DestroyMenu
GetWindowThreadProcessId
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
UnregisterClassA
GetMessageA
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClientRect
EnableWindow
UpdateWindow
FrameRect
PostMessageA
GetSubMenu
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
PostThreadMessageA
CharUpperA
RegisterClipboardFormatA
DefWindowProcA
GetWindowLongA
InvalidateRect
SetWindowLongA
BeginPaint
DrawTextA
EndPaint
CharNextA
GetWindow
GetDlgCtrlID
CopyRect
PtInRect
OffsetRect
SendMessageA
GetParent
GetDlgItem
IsWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetSystemMetrics
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
SetWindowPos
GetMenu
CallWindowProcA
GetMenuState

gdi32

ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
GetStockObject
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextColor
GetBkColor
GetDeviceCaps
GetObjectA
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoRegisterMessageFilter
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID

oleaut32

OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy
SysAllocStringLen

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 202KB - Virtual size: 201KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/out_mmshttp.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:b8:b7:70:58:99:86:12:e2:95:f4:da:2b:5d:e1:63:af:53:91:08
Signer

Actual PE Digest

e8:b8:b7:70:58:99:86:12:e2:95:f4:da:2b:5d:e1:63:af:53:91:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetConnCount2
RebootServer2
TestPortUp2
uuseeOutmodulePlugin
uuseeOutmodulePlugin2

Sections

CODE
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/rmsp011.ax
.dll regsvr32 windows:4 windows x86 arch:x86

49685aea39d66a6911971422b8bc6724

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Video\mpc-hc_svn\bin\x86\RealMediaSplitter.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
LocalAlloc
GlobalAddAtomW
WritePrivateProfileStringW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GetModuleHandleA
GlobalFlags
CompareStringW
GetVersionExA
LoadLibraryA
GlobalFindAtomW
HeapFree
RtlUnwind
HeapAlloc
GetCommandLineA
GetProcessHeap
WriteFile
ExitProcess
SetStdHandle
GetFileType
VirtualQuery
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
ReadFile
GetThreadLocale
GetFileTime
GetFileSize
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
SetLastError
DeleteFileW
Sleep
RaiseException
GetVersion
CreateFileW
GetVolumeInformationW
FindFirstFileW
FindClose
DisableThreadLibraryCalls
CreateThread
GetVersionExW
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleW
InterlockedExchange
VirtualAlloc
CreateSemaphoreW
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventW
CloseHandle
lstrcpynW
InterlockedDecrement
InterlockedIncrement
lstrcmpW
GetLastError
lstrlenA
lstrlenW
GetSystemDirectoryW
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
HeapReAlloc

user32

LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
UnregisterClassA
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetDC
ReleaseDC
GetSysColor
UnregisterClassW
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
EnableMenuItem
CheckMenuItem
CharUpperW
GetSystemMetrics
DestroyMenu
ShowWindow
SetWindowPos
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxW
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetRect
DispatchMessageW
RegisterWindowMessageW
PeekMessageW
GetSysColorBrush

gdi32

ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
RestoreDC
SetViewportExtEx
PtVisible
SaveDC
OffsetViewportOrgEx
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
SetBkColor
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
RectVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegCreateKeyExW
RegCreateKeyW
RegSetValueW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathRemoveFileSpecA
PathFileExistsW
PathAppendW
PathAddBackslashW
PathAddBackslashA
PathRemoveFileSpecW
PathFindFileNameW

ole32

StringFromGUID2
CoCreateInstance
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/seeplayer.ocx
.dll regsvr32 windows:5 windows x86 arch:x86

1e704b06bcea9ddba4a844ab7bd325fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

60:1b:33:2e:34:56:10:64:84:eb:c0:45:b0:9c:3e:12:ed:6f:38:56
Signer

Actual PE Digest

60:1b:33:2e:34:56:10:64:84:eb:c0:45:b0:9c:3e:12:ed:6f:38:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\MyFiles\myProject\TrafficLight\UPlayer\Release\seeplayer.pdb

Imports

wmvcore

WMCreateReader
WMCreateWriter

iphlpapi

GetAdaptersInfo
GetIpAddrTable
GetBestInterface

msdmo

DMOEnum

kernel32

GetVolumeInformationA
GetShortPathNameA
GetFileSizeEx
GetVersion
FindResourceExA
GetSystemTimeAsFileTime
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
GetCommandLineA
RtlUnwind
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
GetACP
IsValidCodePage
UnlockFile
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
DebugBreak
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
CompareStringW
SetEnvironmentVariableA
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetFullPathNameA
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GlobalFlags
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetUserDefaultLCID
FindFirstFileA
GetModuleHandleW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GetProfileIntA
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
ReleaseMutex
CreateMutexA
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GlobalFree
GlobalSize
GetProcessHeap
HeapFree
LoadLibraryExA
IsDBCSLeadByte
lstrcmpiA
GetModuleHandleA
OpenFileMappingA
CopyFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetSystemDirectoryA
LocalFree
FormatMessageA
TerminateThread
CreateThread
GetSystemInfo
GetVersionExA
GetPrivateProfileIntA
WritePrivateProfileStringA
SetFileAttributesA
CreateProcessA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
LoadLibraryA
SetThreadPriority
lstrcmpA
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
SetEvent
WaitForSingleObject
CloseHandle
CreateEventA
Sleep
GetCurrentProcessId
GetLastError
MultiByteToWideChar
DeleteFileA
GetTempPathA
GetTickCount
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
lstrlenA
InterlockedDecrement
FindClose
DuplicateHandle
SetEndOfFile
InterlockedCompareExchange
GetTimeZoneInformation
IsProcessorFeaturePresent

user32

LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
BringWindowToTop
TranslateAcceleratorA
GetMenuItemInfoA
GetSysColorBrush
UnregisterClassA
LockWindowUpdate
RegisterClipboardFormatA
CreateMenu
DestroyMenu
SetWindowContextHelpId
MapDialogRect
SetRectEmpty
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
DrawEdge
ShowOwnedPopups
GetMessageA
GetActiveWindow
ValidateRect
PostQuitMessage
CopyAcceleratorTableA
KillTimer
SetTimer
SetWindowRgn
DrawIcon
IsRectEmpty
IsClipboardFormatAvailable
InflateRect
GetWindowThreadProcessId
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
IsWindowEnabled
IsDialogMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
GetClassInfoA
RegisterClassA
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
GetMenu
OffsetRect
IntersectRect
IsIconic
GetWindowPlacement
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
GetSubMenu
RemoveMenu
SystemParametersInfoA
UpdateWindow
GetSystemMetrics
SetParent
SetForegroundWindow
GetForegroundWindow
GetCursorPos
WindowFromPoint
AdjustWindowRectEx
LoadImageA
UpdateLayeredWindow
EqualRect
wsprintfW
SetRect
CopyRect
ShowWindow
GetWindowRect
EnumChildWindows
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
BeginPaint
EndPaint
IsChild
SetFocus
GetWindow
GetDlgItem
GetDCEx
PostThreadMessageA
MessageBeep
IsWindow
GetClassNameA
GetNextDlgGroupItem
GetDialogBaseUnits
GetTabbedTextExtentA
DestroyIcon
CharUpperA
UnpackDDElParam
GetLastActivePopup
ReuseDDElParam
GetSysColor
CharNextA
SetWindowPos
RedrawWindow
GetClassInfoExA
CreateWindowExA
DestroyWindow
CreateAcceleratorTableA
MoveWindow
SetCapture
ReleaseCapture
InvalidateRgn
ReleaseDC
GetDesktopWindow
DestroyAcceleratorTable
DefWindowProcA
RegisterClassExA
MessageBoxA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
GetParent
ScreenToClient
ClientToScreen
InvalidateRect
SetCursor
LoadCursorA
PtInRect
FillRect
GetDC
GetFocus
SendMessageA
LoadBitmapA
GetClientRect
SetWindowLongA
GetWindowLongA
EnableWindow
CallWindowProcA
IsWindowVisible

gdi32

CreatePen
CreateFontIndirectA
CreateRectRgnIndirect
SetRectRgn
CombineRgn
GetMapMode
PatBlt
Escape
CreateEllipticRgn
LPtoDP
Ellipse
GetRgnBox
GetTextColor
CloseMetaFile
DeleteMetaFile
GetTextExtentPoint32A
GetTextAlign
GetTextMetricsA
EnumFontFamiliesExA
Rectangle
UnrealizeObject
GetBkColor
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePatternBrush
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
StretchBlt
BitBlt
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
SelectObject
GetObjectA
OffsetViewportOrgEx
CreateMetaFileA
CreateCompatibleDC
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetTextAlign
MoveToEx
SetMapMode
SetROP2
SetBkMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
CreateDCA
CopyMetaFileA
CreateDIBSection
CreateCompatibleBitmap
DeleteObject
DeleteDC
GetDeviceCaps
GetStockObject
CreateSolidBrush
SetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyExA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegSetValueA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey
RegQueryInfoKeyA
RegDeleteKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RegSetValueExA
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

DragQueryFileA
ExtractIconA
DragFinish

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsA
PathFindFileNameA
PathRemoveFileSpecW
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

OleSaveToStream
CreateDataAdviseHolder
StringFromGUID2
OleDestroyMenuDescriptor
CoGetClassObject
OleInitialize
CoTaskMemFree
GetRunningObjectTable
CreateStreamOnHGlobal
OleLockRunning
ReadClassStm
CoTaskMemAlloc
OleUninitialize
OleRun
OleCreateMenuDescriptor
CreateOleAdviseHolder
CoInitialize
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CoCreateInstance
CreateItemMoniker
OleCreate
OleSetContainedObject
OleDraw
CoTaskMemRealloc
ReadFmtUserTypeStg
StringFromCLSID
ReleaseStgMedium
OleDuplicateData
OleGetClipboard
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoDisconnectObject
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoRegisterClassObject
CoRevokeClassObject
CreateDataCache
CoUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
OleLoadFromStream
CoInitializeEx

oleaut32

OleCreatePropertyFrame
RegisterTypeLi
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
GetErrorInfo
VarUI4FromStr
VariantCopy
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocString
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringByteLen
OleLoadPicture
OleCreatePictureIndirect
SysAllocStringByteLen

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

htons
inet_addr
WSACleanup
closesocket
socket
WSAStartup
inet_ntoa
gethostbyname
sendto

wininet

InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
HttpOpenRequestA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 179KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/trafficlight.dll
.dll windows:5 windows x86 arch:x86

aba3242d19ae0b9a4624b18ac275cd5b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

54:6a:0f:8a:d5:ac:86:11:44:76:ea:a5:a6:33:f6:33:66:c7:ca:fe
Signer

Actual PE Digest

54:6a:0f:8a:d5:ac:86:11:44:76:ea:a5:a6:33:f6:33:66:c7:ca:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetIpAddrTable
GetBestInterface
GetAdaptersInfo

kernel32

MoveFileA
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCurrentProcess
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
ExitThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
VirtualAlloc
HeapReAlloc
ExitProcess
HeapSize
GetStdHandle
GetACP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GlobalFlags
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
OutputDebugStringA
Sleep
FindResourceA
SizeofResource
LockResource
LoadResource
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
InterlockedIncrement
CloseHandle
WaitForSingleObject
ResetEvent
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
GetLastError
TerminateThread
WaitForMultipleObjects
SetEvent
GetTickCount
GetCurrentThreadId
GetWindowsDirectoryA
DeleteFileA
GetVersionExA
CreateFileA
GetSystemDirectoryA
GetFileSize
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
GetProcAddress
LoadLibraryA
FreeLibrary
WritePrivateProfileStringA
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GlobalGetAtomNameA
GetModuleHandleW
OpenFileMappingA
LocalFree
GetModuleHandleA
GetCommandLineA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetErrorMode
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
ReleaseMutex
CreateMutexA
GetLocalTime
GetTempPathA
CreateProcessA
MultiByteToWideChar
GetModuleFileNameA
CreateThread
GetFileTime
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CreateDirectoryA
WriteFile
lstrcmpiA
GetFileAttributesA
lstrcpyA
lstrlenA
GetEnvironmentStringsW

user32

DestroyMenu
ShowWindow
SetWindowTextA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
GetForegroundWindow
DrawTextExA
DrawTextA
TabbedTextOutA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
RegisterClassA

gdi32

GetClipBox
DeleteObject
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetMapMode
DeleteDC
CreateBitmap
GetStockObject
ScaleWindowExtEx
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetWindowExtEx
GetDeviceCaps

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegEnumKeyA
RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityInfo
RegDeleteKeyA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imagehlp

CheckSumMappedFile
ImageNtHeader

ws2_32

WSAStartup
htons
WSASocketA
WSAGetLastError
bind
WSASend
sendto
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAAccept
WSACleanup
WSARecv
socket
listen
inet_addr
ntohl
inet_ntoa
WSACreateEvent
WSACloseEvent
closesocket

Exports

Exports

GetChannelCtrl
GetDownloadCtrl

Sections

.text
Size: 342KB - Virtual size: 341KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/03/2010, 00:00

Not After

21/05/2013, 23:59

Subject

CN=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Shi Yue Network Technology Co.\, Ltd.\ ,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5b:42:a8:30:b4:43:3a:15:6b:3a:d7:8a:61:0b:6e:47:f6:a1:64:74
Signer

Actual PE Digest

5b:42:a8:30:b4:43:3a:15:6b:3a:d7:8a:61:0b:6e:47:f6:a1:64:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UUPlayer_2011_update.ini

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:edCertificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78Certificate

Extended Key Usages

Key Usages

d4:6c:bd:ba:3c:8b:bb:52:9c:de:f8:3f:12:a9:00:24:66:47:87:77Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 26KB - Virtual size: 25KB

ed83f419402bc3b83a08e3aaf8b5b5b7

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 348B

.reloc Size: 1024B - Virtual size: 780B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

3e:1c:9d:61:ce:8e:ba:98:af:58:fd:34:70:d7:f9:78
Certificate

d4:6c:bd:ba:3c:8b:bb:52:9c:de:f8:3f:12:a9:00:24:66:47:87:77
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 26KB - Virtual size: 25KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 780B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 32KB - Virtual size: 32KB

.text
Size: 202KB - Virtual size: 201KB

.rdata
Size: 49KB - Virtual size: 49KB

.data
Size: 10KB - Virtual size: 25KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 33KB - Virtual size: 32KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 40KB - Virtual size: 40KB

Shared
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 72KB - Virtual size: 70KB

.reloc
Size: 32KB - Virtual size: 28KB