08cbaf2ea0e584b5d3d99dc90d8e184d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

08cbaf2ea0e584b5d3d99dc90d8e184d_JaffaCakes118
Size

28.4MB
MD5

08cbaf2ea0e584b5d3d99dc90d8e184d
SHA1

d8f5695fec13e1841579c1dcad64f5b2106ef5e2
SHA256

de55cce25cf94661746c5b97c7b039872fde589724a9c83ddbb120475c434878
SHA512

070e849ba751793ea9e3f687a294c40c69c810f4e45e2d93439b5ae41bcef466f39c0943ac8d3caaa64176f6c3392618478f4ee35d6d67435e71116b6d710e8d
SSDEEP

786432:/Uwzf5vrezU6BuB0G1JbEzjZUtcr92wbIN2XQwrI+:Mi5TOUf0obEHZUcc29rx

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/FileInfo.dll
unpack001/$PLUGINSDIR/RCWidgetPlugin.dll
unpack001/$PLUGINSDIR/System.dll

Files

08cbaf2ea0e584b5d3d99dc90d8e184d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/06/2014, 00:00

Not After

02/09/2017, 23:59

Subject

CN=2345.com,OU=桌面软件事业部,O=2345.com,L=shanghai,ST=shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f7:56:19:41:52:ba:c7:9f:b6:00:31:92:01:2e:42:93:15:e1:cf:aa
Signer

Actual PE Digest

f7:56:19:41:52:ba:c7:9f:b6:00:31:92:01:2e:42:93:15:e1:cf:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FileInfo.dll
.dll windows:4 windows x86 arch:x86

5ff9f5e6e5160c6ab075b885caf2e551

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

CloseHandle
TerminateProcess
GetCurrentProcessId
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
lstrcpyW
Process32FirstW
SetLastError
CreateProcessW
GetCurrentProcess
GetModuleFileNameW
CreateFileA
WriteConsoleW
Process32NextW
OpenProcess
CreateToolhelp32Snapshot
lstrcpynW
MulDiv
FlushFileBuffers
GetLastError
GetModuleHandleA
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
HeapSize
WriteFile
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP

user32

wsprintfW
ReleaseDC
GetDC

gdi32

GetDeviceCaps

advapi32

SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetLengthSid
FreeSid
AllocateAndInitializeSid
DuplicateTokenEx

Exports

Exports

CheckInstallTime
CreateLowIntegrityProcess
DPIScaleX
DPIScaleY
FindProc
GetSpecialBuild
GetSpreadUserID
KillProc

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/RCWidgetPlugin.dll
.dll windows:4 windows x86 arch:x86

c5021a6b990dc93d269b65980ec7c537

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\2345Input\code\2345input\bin\build_temp\Win32\compile\Release\RCWidgetPlugin\RCWidgetPlugin.pdb

Imports

gdiplus

GdipSetCompositingMode
GdipCreateFromHDC
GdipFree
GdipAlloc
GdipDrawImageRectRect
GdipGetClip
GdipBitmapUnlockBits
GdipTranslateWorldTransform
GdipCreateMatrix
GdipGetWorldTransform
GdipGraphicsClear
GdipGetDC
GdipRestoreGraphics
GdipBitmapLockBits
GdipGetMatrixElements
GdipScaleWorldTransform
GdipDrawImagePointRectI
GdipReleaseDC
GdipDeleteMatrix
GdipGetRegionHRgn
GdipSaveGraphics
GdipTransformPointsI
GdipSetClipRectI
GdipDeleteRegion
GdipCreateRegion
GdipGetClipBoundsI
GdipCloneBitmapAreaI
GdipDrawString
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipDrawImageRectRectI
GdipCreateImageAttributes
GdipCreateStringFormat
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateFontFromDC
GdipSetStringFormatLineAlign
GdipCreateFontFromLogfontW
GdipCreateHBITMAPFromBitmap
GdipMeasureString
GdipDeleteFont
GdipCreateBitmapFromStream
GdipCloneImage
GdipGetImagePalette
GdiplusShutdown
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImagePaletteSize
GdipFillRectangleI
GdipGetImagePixelFormat
GdipCloneBrush
GdipSetPixelOffsetMode
GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight
GdiplusStartup
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipDeleteGraphics

kernel32

InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
CreateThread
ExitThread
GetProcessHeap
GetVersionExA
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MulDiv
lstrlenW
GlobalFree
lstrcpyW
GlobalAlloc
WideCharToMultiByte
lstrcpynW
MultiByteToWideChar
FindClose
lstrcatW
GetVersion
GetLastError
GetFileAttributesW
FindFirstFileW
FindResourceW
UpdateResourceW
GetVersionExW
LockResource
LoadResource
EndUpdateResourceW
SizeofResource
FreeResource
MoveFileExW
BeginUpdateResourceW
SetErrorMode
LocalFree
GetCommandLineW
GetModuleHandleW
GetProcAddress
GlobalUnlock
FlushInstructionCache
GlobalLock
GetCurrentProcess
RaiseException
LeaveCriticalSection
SetLastError
GetCurrentThreadId
EnterCriticalSection
GetACP
FreeLibrary
LoadLibraryW
DeleteCriticalSection
CloseHandle
WriteFile
LoadLibraryA
InitializeCriticalSection
GetFileSizeEx
ReadFile
GetComputerNameW
SetFilePointer
GetModuleFileNameW
CreateFileW
ExpandEnvironmentStringsW
GetFileAttributesExW
lstrcmpiW
ResumeThread
CreateEventW
ResetEvent
SetEvent
InterlockedExchangeAdd
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
HeapAlloc
HeapReAlloc
HeapFree
TerminateProcess
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
InterlockedCompareExchange
IsProcessorFeaturePresent

user32

GetPropW
RegisterClassExW
GetForegroundWindow
SetPropW
CallWindowProcW
GetClassLongW
TrackMouseEvent
SetCapture
RedrawWindow
UnionRect
SetCursor
SetRectEmpty
IsRectEmpty
GetWindowTextW
GetDlgItem
GetWindowTextLengthW
MapWindowPoints
SetRect
SetWindowRgn
SystemParametersInfoW
DialogBoxParamW
GetWindow
OffsetRect
SetForegroundWindow
LoadCursorW
ReleaseDC
GetDesktopWindow
GetParent
BeginPaint
IsWindow
UnregisterClassA
GetWindowRect
EndPaint
CopyRect
GetWindowLongW
SetWindowPos
SetFocus
PostMessageW
ShowWindow
EnableWindow
CreateWindowExW
SetWindowTextW
GetActiveWindow
DefWindowProcW
SetWindowLongW
LoadIconW
GetWindowThreadProcessId
DestroyWindow
UpdateLayeredWindow
RemovePropW
GetClassInfoExW
IsIconic
GetDC
EndDialog
CharNextW
SendMessageW
InflateRect
InvalidateRect
PtInRect
ReleaseCapture
wsprintfW
CharPrevW
GetClientRect
ScreenToClient

gdi32

SetWorldTransform
SetStretchBltMode
SetBrushOrgEx
SelectClipRgn
SetROP2
SetDCPenColor
SetTextColor
SetDCBrushColor
SetBkMode
SetGraphicsMode
CreatePolygonRgn
ExtTextOutW
SetBkColor
SelectObject
CreateCompatibleDC
SetViewportOrgEx
BitBlt
CreateCompatibleBitmap
DeleteDC
EnumFontsW
SetArcDirection
CreateFontIndirectW
GetObjectW
GetStockObject
DeleteObject

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenCurrentUser
RegEnumKeyExW
RegDeleteKeyW

shell32

SHGetFolderPathW
SHBrowseForFolderW
SHFileOperationW
SHGetPathFromIDListW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize

shlwapi

StrToIntA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Exports

Exports

ChangeLoaderRes
CheckSignerInfo
CheckSoftwareIsInstall
DeleteFileUntilReboot
DisableRunSetupWizard
DisableSelectDir
GetCheckValue
GetInstDir
GetInstallResult
GetQQInstDir
GetRandomFileName
Init
IsRunSetupWizard
IsSpecailInstall
OnRepair
OnSetup
OnSetupPost
OnUninstall
PopInt
PopString
PushInt
PushString
SetProgress
SetRTL
ShowInstall
ShowUnInstall

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 448KB - Virtual size: 446KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$SYSDIR/2345Pinyin.ime
.dll windows:5 windows x86 arch:x86

70ee5e15a26b4da8023538410032ba00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:6e:80:13:de:fc:72:97:09:15:94:03:be:9f:b7:df:b5:3d:32:3d
Signer

Actual PE Digest

6b:6e:80:13:de:fc:72:97:09:15:94:03:be:9f:b7:df:b5:3d:32:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\xuyc\V2.3_Fixed\bin\Win32\Release\pdb\2345Pinyin.pdb

Imports

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

imm32

ImmUnlockIMC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmGetIMCCSize
ImmSetConversionStatus
ImmDisableIME
ImmCreateIMCC
ImmLockIMCC
ImmGetConversionStatus
ImmReSizeIMCC
ImmCreateSoftKeyboard
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmUnlockIMCC

gdiplus

GdipLoadImageFromStream
GdipFree
GdipDeleteFontFamily
GdipAlloc
GdipDisposeImage
GdipCreateFontFamilyFromName
GdipCloneImage
GdiplusShutdown
GdipDeleteBrush
GdipSetCompositingMode
GdipCreateImageAttributes
GdipCreateBitmapFromHBITMAP
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateFontFromDC
GdipDrawRectangleI
GdipCreateFromHWND
GdipDeleteStringFormat
GdipCreatePen1
GdipGetImageWidth
GdipCreateStringFormat
GdipDrawLineI
GdipFillRectangleI
GdipStringFormatGetGenericTypographic
GdipCreateFromHDC
GdipCreateFontFromLogfontW
GdipDrawString
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageI
GdipCreateSolidFill
GdipDrawEllipseI
GdipCreateTexture
GdipFlush
GdipSetStringFormatAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipMeasureString
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCloneBitmapAreaI
GdipCloneBrush
GdipDeletePen

kernel32

GetLastError
GlobalLock
GlobalAlloc
Sleep
GlobalUnlock
GetCurrentThreadId
CloseHandle
FreeResource
FindResourceW
LoadResource
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
lstrcpyW
WaitForSingleObject
GetTickCount
lstrlenW
FindFirstFileW
GetPrivateProfileStringW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
ReleaseMutex
DeleteFileW
CopyFileW
MoveFileW
SetFileAttributesW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetVersionExW
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
OpenMutexW
GetLocalTime
CreateFileMappingW
OpenFileMappingW
LocalFree
CompareFileTime
WritePrivateProfileStringW
CreateFileW
FreeLibrary
OpenProcess
LoadLibraryW
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
TlsFree
EnterCriticalSection
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetModuleHandleW
RaiseException
SetLastError
lstrcmpiW
GetFileSize
ReadFile
CreateProcessW
GetVersion
ExpandEnvironmentStringsW
MoveFileExW
GetComputerNameW
HeapAlloc
HeapFree
GetProcessHeap
SetFilePointer
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
IsProcessorFeaturePresent
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceW
GetVolumeInformationW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
MulDiv
GetDriveTypeW
lstrcatW
SetEvent
ResetEvent
CreateEventW
SetEndOfFile
ResumeThread
GetFileSizeEx
GetFileAttributesExW
InterlockedExchangeAdd
GetACP
FileTimeToLocalFileTime
GetFullPathNameW
GetTempFileNameW
GetLongPathNameW
GetWindowsDirectoryW
FormatMessageW
GetStartupInfoW
EncodePointer
DecodePointer
GetStringTypeW
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
CompareStringW
LCMapStringW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetOEMCP
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
PeekNamedPipe
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
FlushFileBuffers
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
GetCommandLineA
FindFirstFileExW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
DosDateTimeToFileTime
TlsSetValue
LeaveCriticalSection

user32

PeekMessageW
TranslateMessage
GetDesktopWindow
DestroyIcon
IsRectEmpty
SetMenuItemInfoW
DestroyMenu
InsertMenuW
CreatePopupMenu
AppendMenuW
IntersectRect
InflateRect
GetUpdateRect
SetPropW
SetRectEmpty
DeleteMenu
IsMenu
RemovePropW
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
DrawIconEx
FillRect
GetCapture
WaitMessage
WindowFromPoint
GetPropW
CallWindowProcW
GetClassLongW
DrawTextW
GetClientRect
EqualRect
GetMonitorInfoW
MonitorFromRect
MoveWindow
GetKeyboardState
EndPaint
DestroyWindow
SetCursor
UpdateLayeredWindow
KillTimer
SetForegroundWindow
LoadCursorW
GetActiveWindow
ModifyMenuW
BeginPaint
GetDC
GetGUIThreadInfo
SetCursorPos
LoadMenuW
SystemParametersInfoW
ReleaseDC
EnableMenuItem
SetWindowPos
GetCaretPos
ShowWindow
WindowFromDC
FindWindowExW
MessageBoxW
GetSystemMetrics
UpdateWindow
CheckMenuItem
LoadImageW
CreateWindowExW
ReleaseCapture
ScreenToClient
GetWindowRect
GetMenuItemID
SetCapture
GetSubMenu
CallNextHookEx
GetMenuStringW
GetMenuItemInfoW
PtInRect
LoadIconW
SetRect
GetCursorPos
GetMenuItemCount
SetWindowsHookExW
UnhookWindowsHookEx
CloseClipboard
SendInput
GetFocus
AttachThreadInput
GetForegroundWindow
GetWindowLongW
EmptyClipboard
SetWindowLongW
IsWindow
OpenClipboard
SetClipboardData
GetWindowThreadProcessId
ClientToScreen
DispatchMessageW
MonitorFromPoint
IsIconic
GetParent
InvalidateRect
GetClassNameW
SetTimer
PostMessageW
GetKeyState
GetClassInfoExW
RegisterClassExW
IsWindowVisible
SendMessageW
EnableWindow
DefWindowProcW
CopyRect
FindWindowW
UnregisterClassW

gdi32

CreateSolidBrush
ExtCreatePen
MoveToEx
LineTo
SelectClipRgn
CreatePen
CreateRectRgn
DeleteDC
GetObjectW
GetTextExtentPointW
CreateDIBSection
BitBlt
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
SetTextColor
EnumFontFamiliesExW

advapi32

RegOpenKeyW
GetUserNameW
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegOpenCurrentUser
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetFileInfoW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
RevokeDragDrop
RegisterDragDrop

oleaut32

VariantClear
SysAllocString

psapi

GetProcessImageFileNameW

wininet

InternetWriteFile
HttpEndRequestW
InternetOpenUrlW
HttpAddRequestHeadersW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW

Exports

Exports

GetDemoWindowSize
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
PaintDemoWindow
UIWindowProcedure
UpdateWordLibrary

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcshare
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2345Pinyin.ime
.dll windows:5 windows x86 arch:x86

70ee5e15a26b4da8023538410032ba00

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/05/2013, 00:00

Not After

22/05/2016, 23:59

Subject

CN=2345.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=总办,O=2345.com,L=上海,ST=上海,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:6e:80:13:de:fc:72:97:09:15:94:03:be:9f:b7:df:b5:3d:32:3d
Signer

Actual PE Digest

6b:6e:80:13:de:fc:72:97:09:15:94:03:be:9f:b7:df:b5:3d:32:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\xuyc\V2.3_Fixed\bin\Win32\Release\pdb\2345Pinyin.pdb

Imports

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent
ord17

imm32

ImmUnlockIMC
ImmLockIMC
ImmDestroyIMCC
ImmGenerateMessage
ImmGetIMCCSize
ImmSetConversionStatus
ImmDisableIME
ImmCreateIMCC
ImmLockIMCC
ImmGetConversionStatus
ImmReSizeIMCC
ImmCreateSoftKeyboard
ImmDestroySoftKeyboard
ImmShowSoftKeyboard
ImmUnlockIMCC

gdiplus

GdipLoadImageFromStream
GdipFree
GdipDeleteFontFamily
GdipAlloc
GdipDisposeImage
GdipCreateFontFamilyFromName
GdipCloneImage
GdiplusShutdown
GdipDeleteBrush
GdipSetCompositingMode
GdipCreateImageAttributes
GdipCreateBitmapFromHBITMAP
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipSetSmoothingMode
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup
GdipCreateFontFromDC
GdipDrawRectangleI
GdipCreateFromHWND
GdipDeleteStringFormat
GdipCreatePen1
GdipGetImageWidth
GdipCreateStringFormat
GdipDrawLineI
GdipFillRectangleI
GdipStringFormatGetGenericTypographic
GdipCreateFromHDC
GdipCreateFontFromLogfontW
GdipDrawString
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawImageI
GdipCreateSolidFill
GdipDrawEllipseI
GdipCreateTexture
GdipFlush
GdipSetStringFormatAlign
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDeleteFont
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipMeasureString
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCloneBitmapAreaI
GdipCloneBrush
GdipDeletePen

kernel32

GetLastError
GlobalLock
GlobalAlloc
Sleep
GlobalUnlock
GetCurrentThreadId
CloseHandle
FreeResource
FindResourceW
LoadResource
InitializeCriticalSectionAndSpinCount
SizeofResource
LockResource
lstrcpyW
WaitForSingleObject
GetTickCount
lstrlenW
FindFirstFileW
GetPrivateProfileStringW
GetFileAttributesW
FindClose
RemoveDirectoryW
FindNextFileW
ReleaseMutex
DeleteFileW
CopyFileW
MoveFileW
SetFileAttributesW
CreateMutexW
MapViewOfFile
UnmapViewOfFile
WideCharToMultiByte
GetVersionExW
GetModuleFileNameW
MultiByteToWideChar
GetTempPathW
OpenMutexW
GetLocalTime
CreateFileMappingW
OpenFileMappingW
LocalFree
CompareFileTime
WritePrivateProfileStringW
CreateFileW
FreeLibrary
OpenProcess
LoadLibraryW
GetProcAddress
GetCurrentProcessId
InitializeCriticalSection
TlsFree
EnterCriticalSection
DeleteCriticalSection
LoadLibraryExW
InterlockedIncrement
InterlockedDecrement
GetCurrentProcess
GetModuleHandleW
RaiseException
SetLastError
lstrcmpiW
GetFileSize
ReadFile
CreateProcessW
GetVersion
ExpandEnvironmentStringsW
MoveFileExW
GetComputerNameW
HeapAlloc
HeapFree
GetProcessHeap
SetFilePointer
SystemTimeToFileTime
WriteFile
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
IsProcessorFeaturePresent
CreateDirectoryW
SetFileTime
GetCurrentDirectoryW
GetDiskFreeSpaceW
GetVolumeInformationW
IsBadWritePtr
IsBadReadPtr
IsBadStringPtrW
MulDiv
GetDriveTypeW
lstrcatW
SetEvent
ResetEvent
CreateEventW
SetEndOfFile
ResumeThread
GetFileSizeEx
GetFileAttributesExW
InterlockedExchangeAdd
GetACP
FileTimeToLocalFileTime
GetFullPathNameW
GetTempFileNameW
GetLongPathNameW
GetWindowsDirectoryW
FormatMessageW
GetStartupInfoW
EncodePointer
DecodePointer
GetStringTypeW
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
CompareStringW
LCMapStringW
ExitProcess
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetOEMCP
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
PeekNamedPipe
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetTimeZoneInformation
HeapReAlloc
SetFilePointerEx
FlushFileBuffers
OutputDebugStringW
WriteConsoleW
SetEnvironmentVariableA
GetCommandLineA
FindFirstFileExW
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
DosDateTimeToFileTime
TlsSetValue
LeaveCriticalSection

user32

PeekMessageW
TranslateMessage
GetDesktopWindow
DestroyIcon
IsRectEmpty
SetMenuItemInfoW
DestroyMenu
InsertMenuW
CreatePopupMenu
AppendMenuW
IntersectRect
InflateRect
GetUpdateRect
SetPropW
SetRectEmpty
DeleteMenu
IsMenu
RemovePropW
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
DrawIconEx
FillRect
GetCapture
WaitMessage
WindowFromPoint
GetPropW
CallWindowProcW
GetClassLongW
DrawTextW
GetClientRect
EqualRect
GetMonitorInfoW
MonitorFromRect
MoveWindow
GetKeyboardState
EndPaint
DestroyWindow
SetCursor
UpdateLayeredWindow
KillTimer
SetForegroundWindow
LoadCursorW
GetActiveWindow
ModifyMenuW
BeginPaint
GetDC
GetGUIThreadInfo
SetCursorPos
LoadMenuW
SystemParametersInfoW
ReleaseDC
EnableMenuItem
SetWindowPos
GetCaretPos
ShowWindow
WindowFromDC
FindWindowExW
MessageBoxW
GetSystemMetrics
UpdateWindow
CheckMenuItem
LoadImageW
CreateWindowExW
ReleaseCapture
ScreenToClient
GetWindowRect
GetMenuItemID
SetCapture
GetSubMenu
CallNextHookEx
GetMenuStringW
GetMenuItemInfoW
PtInRect
LoadIconW
SetRect
GetCursorPos
GetMenuItemCount
SetWindowsHookExW
UnhookWindowsHookEx
CloseClipboard
SendInput
GetFocus
AttachThreadInput
GetForegroundWindow
GetWindowLongW
EmptyClipboard
SetWindowLongW
IsWindow
OpenClipboard
SetClipboardData
GetWindowThreadProcessId
ClientToScreen
DispatchMessageW
MonitorFromPoint
IsIconic
GetParent
InvalidateRect
GetClassNameW
SetTimer
PostMessageW
GetKeyState
GetClassInfoExW
RegisterClassExW
IsWindowVisible
SendMessageW
EnableWindow
DefWindowProcW
CopyRect
FindWindowW
UnregisterClassW

gdi32

CreateSolidBrush
ExtCreatePen
MoveToEx
LineTo
SelectClipRgn
CreatePen
CreateRectRgn
DeleteDC
GetObjectW
GetTextExtentPointW
CreateDIBSection
BitBlt
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
SetTextColor
EnumFontFamiliesExW

advapi32

RegOpenKeyW
GetUserNameW
GetTokenInformation
OpenProcessToken
GetSecurityDescriptorSacl
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegOpenKeyExW
RegOpenCurrentUser
RegQueryValueExW

shell32

SHGetFolderPathW
SHGetFileInfoW
SHCreateDirectoryExW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
RevokeDragDrop
RegisterDragDrop

oleaut32

VariantClear
SysAllocString

psapi

GetProcessImageFileNameW

wininet

InternetWriteFile
HttpEndRequestW
InternetOpenUrlW
HttpAddRequestHeadersW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
HttpSendRequestExW
InternetCrackUrlW

Exports

Exports

GetDemoWindowSize
ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME
PaintDemoWindow
UIWindowProcedure
UpdateWordLibrary

Sections

.text
Size: 705KB - Virtual size: 704KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rcshare
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2345PinyinConfig.exe
2345PinyinExtract.dll
2345PinyinInstall.exe
2345PinyinSkinUtil.exe
2345PinyinSvc.exe
2345PinyinSymbol.exe
2345PinyinUI.dll
2345PinyinUpdate.exe
2345PinyinWizard.exe

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f7:56:19:41:52:ba:c7:9f:b6:00:31:92:01:2e:42:93:15:e1:cf:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 129KB

.ndata Size: - Virtual size: 244KB

.rsrc Size: 25KB - Virtual size: 24KB

5ff9f5e6e5160c6ab075b885caf2e551

Headers

File Characteristics

Imports

version

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 6KB - Virtual size: 6KB

c5021a6b990dc93d269b65980ec7c537

Headers

File Characteristics

PDB Paths

Imports

gdiplus

kernel32

user32

gdi32

advapi32

shell32

ole32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 12KB - Virtual size: 19KB

.rsrc Size: 448KB - Virtual size: 446KB

.reloc Size: 20KB - Virtual size: 17KB

039bcbc605477e8e87ec550c2e60e748

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

55:84:61:31:5b:4a:38:8f:b3:bc:78:26:9c:49:97:2d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f7:56:19:41:52:ba:c7:9f:b6:00:31:92:01:2e:42:93:15:e1:cf:aa
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 129KB

.ndata
Size: - Virtual size: 244KB

.rsrc
Size: 25KB - Virtual size: 24KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 12KB - Virtual size: 19KB

.rsrc
Size: 448KB - Virtual size: 446KB

.reloc
Size: 20KB - Virtual size: 17KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

6b:6e:80:13:de:fc:72:97:09:15:94:03:be:9f:b7:df:b5:3d:32:3d
Signer

.text
Size: 705KB - Virtual size: 704KB

.rdata
Size: 172KB - Virtual size: 171KB

.data
Size: 3.6MB - Virtual size: 3.8MB

.rcshare
Size: 161KB - Virtual size: 160KB

.rsrc
Size: 288KB - Virtual size: 288KB

.reloc
Size: 127KB - Virtual size: 127KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

1b:09:3b:78:60:96:da:37:bb:a4:51:94:46:c8:96:78
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

63:b4:d4:81:05:76:53:2e:1b:10:b9:9d:39:89:4c:78
Certificate