0bbff9e2b2603a6cfc9fe29f206e3dd7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0bbff9e2b2603a6cfc9fe29f206e3dd7_JaffaCakes118
Size

5.9MB
MD5

0bbff9e2b2603a6cfc9fe29f206e3dd7
SHA1

5f3b723c6a889bbfbedfdb01db36252e9dd5ec29
SHA256

a5e8399e77f82c10a0ef98602be6a715c156234b30ffff21a37952ab577788ec
SHA512

bda6b63684c03820e42f3a77d4a9a73cfa7373203947a19359af57d567521f1332b77e16f8cf374b7ef0f69af168b58c85132fb9f264f91bdf1b1c1e62f1df60
SSDEEP

98304:/2ZxTgxwBU0k9wlBPYNFYA/kfcHjSu/OzFKHDEbbzWjYY5yL066pttEohIhe:/2vTBU03l61kEHjJcFKCbzW5a05tEw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll

Files

0bbff9e2b2603a6cfc9fe29f206e3dd7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:cb:60:83:d9:9a:11:30:66:8c:0b:ed:2e:11:fe:a0:fa:f7:13:b7
Signer

Actual PE Digest

a7:cb:60:83:d9:9a:11:30:66:8c:0b:ed:2e:11:fe:a0:fa:f7:13:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupHelper.dll
.dll windows:4 windows x86 arch:x86

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

Actual PE Digest

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\jenkins\workspace\CEN_MainLine_Build\qqpcmgr_proj\Source\Setup\SetupScript\plugin\SetupHelper.pdb

Imports

kernel32

InterlockedIncrement
GlobalGetAtomNameW
GetAtomNameW
GetThreadLocale
SystemTimeToFileTime
GlobalFlags
GetPrivateProfileStringW
GetStringTypeExW
lstrcmpiW
FlushFileBuffers
LockFile
UnlockFile
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileTime
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetDriveTypeW
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
TlsFree
HeapDestroy
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleFileNameA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
SetStdHandle
GetConsoleCP
GetConsoleMode
CreateFileA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetFullPathNameA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
InterlockedCompareExchange
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SuspendThread
ResumeThread
SetThreadPriority
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
CompareStringA
InterlockedExchange
FileTimeToLocalFileTime
FileTimeToSystemTime
GetModuleHandleA
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetVersionExA
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
VirtualQuery
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetStdHandle
CreatePipe
DuplicateHandle
DebugBreak
MoveFileW
GetBinaryTypeW
IsDBCSLeadByte
GetCPInfo
GetLocalTime
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetProcessHeap
HeapAlloc
HeapFree
GetPrivateProfileIntW
InterlockedDecrement
ReadFile
SetFilePointer
GetTempPathW
GetFileSize
SetLastError
LocalAlloc
DeviceIoControl
GetCurrentProcessId
QueryDosDeviceW
Module32FirstW
Module32NextW
TerminateProcess
GetUserDefaultUILanguage
GetLocaleInfoW
CreateEventW
SetEvent
ExpandEnvironmentStringsW
GetCurrentDirectoryW
IsBadReadPtr
IsBadWritePtr
GetSystemDefaultLangID
GetVersion
MultiByteToWideChar
RemoveDirectoryW
MoveFileExW
CreateDirectoryW
GetFileAttributesA
CreateFileW
WriteFile
FormatMessageW
FormatMessageA
lstrlenA
OutputDebugStringA
LocalFree
ReleaseMutex
CreateMutexW
GetModuleFileNameW
GetSystemInfo
LoadLibraryW
FreeLibrary
SetErrorMode
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
GlobalAlloc
lstrcpynW
GlobalFree
GetWindowsDirectoryW
OutputDebugStringW
GetSystemDirectoryW
GetLastError
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CopyFileW
GetFileAttributesW
FindFirstFileW
FindNextFileW
DeleteFileW
FindClose
GetTickCount
GetVersionExW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
lstrlenW
VirtualFreeEx
GetTempPathA
Sleep
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
FindResourceW
LoadResource
LockResource
SizeofResource
IsValidCodePage
WideCharToMultiByte

user32

FillRect
ScrollWindowEx
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
CheckRadioButton
CheckDlgButton
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SendMessageTimeoutW
InvalidateRect
UnregisterClassA
SendMessageW
GetClientRect
FindWindowExW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
TabbedTextOutW
DestroyIcon
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
GetMenu
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
GetDlgCtrlID
GetWindowLongW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
LoadBitmapW
LoadIconW
CharNextW
CharPrevW
GetCursorPos
LoadCursorW
SetCursor
GetDesktopWindow
ReleaseDC
GetDC
PtInRect
DrawTextW
DrawTextExW
GrayStringW
GetWindowDC
PostQuitMessage
CheckMenuItem
ModifyMenuW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
TranslateMessage
GetMessageW
ShowOwnedPopups
GetKeyNameTextW
MapVirtualKeyW
InflateRect
UnregisterClassW
GetSysColorBrush
GetMenuItemInfoW
DestroyMenu
GetDialogBaseUnits
GetKeyState
DeleteMenu
FindWindowW
GetParent
CharUpperW
SetScrollRange
ScreenToClient
ClientToScreen
GetWindowThreadProcessId
GetWindowTextW
EndPaint
BeginPaint
CallWindowProcW
SetWindowLongW
GetWindowRect
SetFocus
KillTimer
ShowWindow
IsWindowVisible
SetTimer
MoveWindow
OffsetRect
IsWindow
SetWindowTextW
IsWindowEnabled
UpdateWindow
CreateWindowExW
GetDlgItem
LoadImageW
RegisterWindowMessageW
MessageBoxW
LoadStringW
SystemParametersInfoW
SetWindowPos
GetSystemMenu
EnableMenuItem
RedrawWindow
GetDlgItemTextW
EndDialog
DefWindowProcW
PostMessageW
GetClassNameW
EnableWindow
GetWindow
FindWindowA
BeginDeferWindowPos

gdi32

GetTextMetricsW
DPtoLP
GetMapMode
CombineRgn
SetRectRgn
PatBlt
GetWindowExtEx
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreateBitmap
CreatePatternBrush
CreateDIBPatternBrushPt
DeleteDC
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
RectVisible
PtVisible
StartDocW
SetROP2
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
DeleteObject
TextOutW
GetTextExtentPoint32W
SetBkMode
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
BitBlt
GetDeviceCaps
CopyMetaFileW
CreateDCW
GetDCOrgEx
GetClipBox
SetTextColor
SetBkColor
SaveDC
RestoreDC
SetPolyFillMode
GetPixel

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegCreateKeyW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegOpenKeyExA
RegQueryValueExA
RegRestoreKeyW
RegEnumKeyExW
LookupAccountNameW
GetFileSecurityW
GetSecurityDescriptorDacl
GetLengthSid
InitializeAcl
GetAclInformation
GetAce
AddAce
AddAccessAllowedAce
GetSecurityDescriptorControl
SetFileSecurityW
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
QueryServiceConfigW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegQueryInfoKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
ChangeServiceConfigW
ChangeServiceConfig2W
DeleteService
ControlService
QueryServiceStatus
CreateServiceW
RegDeleteValueW
RegOpenKeyW
OpenSCManagerW
OpenServiceW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
CloseServiceHandle
StartServiceW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
ShellExecuteW
ExtractIconW
SHGetFileInfoW
SHFileOperationW

shlwapi

PathFileExistsW
SHDeleteKeyW
PathIsDirectoryW
SHSetValueW
PathAppendW
PathAddBackslashW
PathFindExtensionW
PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitializeEx
StgCreateDocfile
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
CoCreateGuid
CreateBindCtx
ReleaseStgMedium
SetConvertStg
StringFromCLSID
CoTreatAsClass
StgOpenStorage
StgIsStorageFile
CoInitialize
CoFreeUnusedLibrariesEx
ReadClassStg
CoTaskMemFree
CoCreateInstance
CoUninitialize
OleDuplicateData
CoDisconnectObject
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
WriteFmtUserTypeStg

oleaut32

VariantInit
VariantChangeType
SafeArrayUnaccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayRedim
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayDestroyData
SafeArrayDestroyDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
VarDateFromStr
SysReAllocStringLen
VarCyFromStr
VarBstrFromCy
VarBstrFromDec
VarDecFromStr
VarBstrFromDate
SysStringLen
SysAllocString
SysFreeString
SafeArrayGetElement
GetErrorInfo
SetErrorInfo
CreateErrorInfo

ws2_32

WSCDeinstallProvider
WSCEnumProtocols
htonl
htons

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleFileNameExW
EnumProcessModules

imagehlp

UnMapAndLoad
MapAndLoad

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

Exports

Exports

AddToAllowList
ApiInstallFileMonDriver
ApiUninstallFileMonDriver
BackUpSetupPackage
CallOutTrayIcon
CallRegEnvironmentVar
CallRegUrlProtocol
CallRegUrlProtocol2
CallUnRegEnvironmentVar
CallUnRegUrlProtocol
CallUnShortCut
Check360
CheckAV
CheckCRunTime
CheckForQQSoftUninstall
CheckForSetup
CheckForUninstall
CheckInstallPath
CheckQQPCRtpNeedReboot
CleanTempFolder
CloseProcess
CreateBitmapCtrl
CreateShortCutInfo
DelService
DeleteCacheFolder
DeleteFileRecursively
DeleteRebootCopy
DeployFile
DisableFileRedirect
ExecuteShell
ExecuteShellNoWait
ExtendCommand
FinalizeReport
FindExistedRTP
GetFunctionRunTime
GetIntVersionFromString
GetMessageHandler
GetParentProcessName
GetQQReleatedPath
GetQQSoftInstallDir
GetShortCutInfo
GetSystemDriversPath
HookInstallButton
InitPenetration
InitializeReport
IsAcLayers
IsAdmin
IsChildProtectionRun
IsCompare
IsMainWndRun
IsNeedUpdate
IsPinQQPCMgrToStartMenu
IsPinUnsoftToStartMenu
IsQQDoctorExist
IsQQPCTrayExists
IsQQSoftExist
IsVista
IsWin7
IsWinXp
IsWindows64
IsWndEnable
IsWow64
LoadDriver
LoadQMDriver
LoadTSFltmgr
NotifyAction
NotifyProgress
NotifySetupStatus
OutputError
OutputInfo
ParseCmdLine
ParseUninstallCmdLine
PinQQPCMgrToStartMenu
PinUnsoftToStartMenu
PrepareConfig
ReadLastInstallTime
ReadLastUnInstallTime
RecoverCommand
RecoverProxy
RegisterSecurityCenterHelper
ReleaseRtpOptDlg
RemoveArpDriver
RemoveFromAllowList
RemoveQQPCMgrFromStartMenu
RemoveUnSoftFromStartMenu
RepairQQPCRtp
ReportInstallInfo
ReportUninstallInfo
RevertFileRedirect
SaveRtpState
SetExclusive
SetFunctionRunStartTime
SetInstallPath
SetInstallStartTime
SetInstallTime
SetRowSpace
SetSystemAccessControl
SetText
SetUnInstallPath
SetUnistallPara
ShowLoadDriverErrorDlg
ShowRtpOptDlg
UnHookInstallButton
UninitPenetration
UninstallLSP
UninstallQQDoctor
UninstallQQSoft
UpdateFIXService
UpdateProtectState
UpdateRTPService
UpdateRtpState
UpdateSetupInfo
UpdateTrayIcon
WaitBugReportExit
WaitForFixShutdown
WaitForProcessEndByName
WaitForRtpShutdown
WaitForUninstExit
WaitUninstallComplete
WriteLog
WriteTimer
free_instfilespage_bitmap
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 872KB - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 305KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/AndroidAssistHelper.dll
.dll windows:5 windows x86 arch:x86

bda90759ce7103431c618a8c43953c91

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

40:87:db:84:e0:56:7f:6c:05:d1:35:12:07:16:5b:fe:49:46:e1:87
Signer

Actual PE Digest

40:87:db:84:e0:56:7f:6c:05:d1:35:12:07:16:5b:fe:49:46:e1:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\rdm\projects\4331\ConnectServiceSrc\Output\Pdb\AndroidAssistHelper.pdb

Imports

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreateSequential

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetProcAddress
GetModuleHandleW
GetLastError
WriteFile
SetFilePointer
FlushFileBuffers
GetFileSize
DeleteFileW
MoveFileW
OpenFileMappingW
UnmapViewOfFile
TlsGetValue
GetCurrentThreadId
WideCharToMultiByte
TlsSetValue
GetCurrentProcessId
TlsAlloc
TlsFree
FindFirstFileW
FindNextFileW
FindClose
MapViewOfFile
OpenMutexW
InitializeCriticalSectionAndSpinCount
CreateMutexW
GetModuleHandleExW
WaitForSingleObject
CreateEventW
SetEvent
GetVolumeInformationW
MultiByteToWideChar
lstrlenA
lstrlenW
ReadFile
ResumeThread
GetTempPathW
GetLongPathNameW
CreateDirectoryW
GetFileAttributesW
GetTickCount
ResetEvent
ReleaseMutex
LocalAlloc
LocalFree
DeviceIoControl
RaiseException
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
FreeLibrary
CloseHandle
CreatePipe
DuplicateHandle
GetCurrentProcess
CreateProcessW
GetSystemDirectoryW
GetWindowsDirectoryW
LoadLibraryW
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
HeapDestroy
HeapSize
CreateFileA
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLocalTime
FormatMessageA
ExpandEnvironmentStringsA
SleepEx
SystemTimeToFileTime
GetExitCodeThread
WaitForMultipleObjects
InterlockedCompareExchange
SetEnvironmentVariableA
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
RtlUnwind
QueryPerformanceCounter
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
FileTimeToSystemTime
GetDriveTypeW
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileExA
GetFullPathNameA
GetFileInformationByHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
InterlockedExchange
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoW
SetHandleCount
CompareStringW
GetTimeZoneInformation
LCMapStringW
GetLocaleInfoW
SetLastError
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
Sleep
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
PeekNamedPipe
GetCurrentDirectoryW
GetStdHandle
UnhandledExceptionFilter
TerminateProcess
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetFileType
GetCommandLineA
ExitThread
CreateThread

user32

PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
IsWindow
SetTimer
SendMessageW
PostMessageW
GetWindowLongW
DestroyWindow
GetMessageW
SetWindowLongW
CreateWindowExW
CallWindowProcW

advapi32

InitializeSecurityDescriptor
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
RegSetValueExW
RegCreateKeyExW
FreeSid
SetSecurityDescriptorDacl
SetEntriesInAclW
AllocateAndInitializeSid
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptGetHashParam
CryptAcquireContextW
CryptHashData

ole32

CoFreeLibrary
CoLoadLibrary
CoTaskMemFree

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

ws2_32

ntohs
getsockopt
send
closesocket
WSASetLastError
__WSAFDIsSet
freeaddrinfo
socket
bind
htons
WSACleanup
setsockopt
getsockname
WSAGetLastError
select
getaddrinfo
WSAStartup
connect
ioctlsocket
getpeername
htonl
recv
ntohl

netapi32

Netbios

Exports

Exports

CreateAndroidAssist
CreateAndroidAssistAsync
GetRunningAndroidServerVersion
InstallAndroidAssist
InstallAndroidAssistAsync
RepairAndroidAssist
StopAndroidAssistCreate
StopAndroidAssistInstall

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/ConnectService.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:e3:66:61:09:d1:1b:a0:5b:ff:63:01:2b:f0:46:d7:95:59:bf:b7
Signer

Actual PE Digest

5c:e3:66:61:09:d1:1b:a0:5b:ff:63:01:2b:f0:46:d7:95:59:bf:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/PluginInfo.xml
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.dat
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.exe
.exe windows:4 windows x86 arch:x86

12780c707a8f77f4a257476d64b64b80

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:51:dd:29:60:f5:26:9f:8c:29:3c:f5:7f:80:87:c2:99:d6:0d:34
Signer

Actual PE Digest

cb:51:dd:29:60:f5:26:9f:8c:29:3c:f5:7f:80:87:c2:99:d6:0d:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\jenkins_Trunk\workspace\11.0Patch_SourceJob\qqpcmgr_proj\Basic\Output\BinFinal\WechatBackup.pdb

Imports

ximage

?Save@CxImage@@QAE_NPB_WK@Z
?Mix@CxImage@@QAEXAAV1@W4ImageOpType@1@JJ_N@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
??0CxImage@@QAE@K@Z
?Destroy@CxImage@@QAE_NXZ
?GetWidth@CxImage@@QBEKXZ
?GetHeight@CxImage@@QBEKXZ
?Resample2@CxImage@@QAE_NJJW4InterpolationMethod@1@W4OverflowMethod@1@QAV1@_N@Z
?Load@CxImage@@QAE_NPB_WK@Z

ws2_32

inet_addr
ntohs
htonl
send
recv
ntohl
inet_ntoa
accept
htons
WSAGetLastError
WSAIoctl
WSAStartup
gethostbyname
gethostname
listen
__WSAFDIsSet
select
connect
bind
socket
closesocket
WSACleanup

common

?SplitQNC@FS@@YAHPB_WAAVCTXStringW@@1@Z
?IsDirectoryExist@FS@@YAHPB_W@Z
?TrimLeft@CTXStringW@@QAEAAV1@PB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??BCTXBSTR@@QBEPA_WXZ
??0CTXBSTR@@QAE@PB_W@Z
??1CTXBSTR@@QAE@XZ
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??0CTXStringW@@QAE@XZ
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
??BCTXStringW@@QBEPB_WXZ
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??1CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
??ICTXBSTR@@QAEPAPA_WXZ
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?NotifyIdle@TXTimer@@YAXXZ
?SetBugReportUin@TXBugReport@@YAXKPB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?GetFileName@FS@Util@@YA?AVCTXStringW@@ABV3@@Z
?GetParentDir@File@Util@@YA?AVCTXStringW@@ABV3@@Z
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
??0CTXStringW@@QAE@PA_W@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?OnUninitCom@Misc@Util@@YAXXZ
?DelIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?ClearDeadQueue@Misc@Util@@YAXXZ
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??M@YA_NABVCTXStringW@@0@Z
?TXAssert@@YAXPB_W0H@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?GetLength@CTXStringW@@QBEHXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetPlatformTpc@CoreCenter@Util@@YAHPAPAUITXDataRead@@@Z
?GetPlatformCore@CoreCenter@Util@@YAHPAPAUITXPlatformCore@@@Z
??0CTXBSTR@@QAE@XZ
??8CTXBSTR@@QBE_NPB_W@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
?Find@CTXStringW@@QBEHPB_WH@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z

kernel32

SwitchToThread
GetCurrentProcessId
lstrlenA
WaitForSingleObject
Sleep
FindNextFileW
GetCurrentThreadId
GetFileAttributesExW
InterlockedExchangeAdd
SetFilePointer
UnhandledExceptionFilter
GetSystemDirectoryW
VirtualQuery
lstrcmpiW
OpenProcess
GetDateFormatW
GetTimeFormatW
ExpandEnvironmentStringsW
GetFileAttributesW
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
SystemTimeToFileTime
GetFileInformationByHandle
GetModuleHandleExW
ProcessIdToSessionId
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GetLocaleInfoW
GetNumberFormatW
GetCurrencyFormatW
GetLocaleInfoA
OpenFileMappingW
OpenEventW
GetSystemInfo
GetSystemDefaultLangID
LoadLibraryA
ReleaseMutex
GetComputerNameW
MoveFileW
SetLastError
WriteFile
GetFileSizeEx
ReadFile
SetFilePointerEx
FindFirstFileW
GetFullPathNameW
FindClose
GetModuleFileNameW
GetVersionExW
FreeLibrary
FindResourceExW
GetCurrentProcess
LoadResource
LockResource
SizeofResource
GetDiskFreeSpaceExW
FindResourceW
GetSystemTimeAsFileTime
GetTickCount
MultiByteToWideChar
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTempPathW
MoveFileExW
InterlockedExchange
CopyFileW
InterlockedCompareExchange
CreateEventW
SetEvent
WaitForMultipleObjects
GetLocalTime
GetLastError
InitializeCriticalSection
GetModuleHandleW
GetCommandLineW
LeaveCriticalSection
lstrlenW
EnterCriticalSection
InterlockedDecrement
GetProcAddress
InterlockedIncrement
WideCharToMultiByte
RaiseException
CloseHandle
LoadLibraryW
SleepEx
CreateMutexW
DeleteCriticalSection
DeleteFileW
CreateFileW
RemoveDirectoryW
lstrcpynW
GetFileSize
IsBadReadPtr
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetACP
GetThreadLocale
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
IsBadStringPtrW

user32

DefWindowProcW
CreateWindowExW
SetForegroundWindow
PostMessageW
GetWindowLongW
RegisterClassExW
SetWindowLongW
DestroyWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
GetCursorPos
ShowWindow
FindWindowW
SendMessageTimeoutW
UnregisterClassA
TranslateMessage
GetMessageW
WaitMessage
FindWindowA
PtInRect
GetDesktopWindow
IsWindow
SendMessageW
LoadImageW
CallWindowProcW
PostThreadMessageW

advapi32

RegCloseKey
RegQueryInfoKeyW
RegSetKeySecurity
RegGetKeySecurity
RegSetValueExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
RegDeleteKeyW
RegDeleteValueW
RegFlushKey
RegEnumKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

OleInitialize
OleUninitialize
CoCreateInstance

oleaut32

LoadTypeLi
SysStringLen
LoadRegTypeLi
VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathCombineW
PathMakePrettyW
StrFormatByteSizeW
StrFormatKBSizeW
StrFromTimeIntervalW
PathStripPathW

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXID@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
_FInf
_FNan
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?uncaught_exception@std@@YA_NXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?length@?$char_traits@D@std@@SAIPBD@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
_Inf
_Nan
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIABV12@@Z
?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

msvcr80

_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_vsnprintf
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_except_handler3
exit
_XcptFilter
??3@YAXPAX@Z
memcpy
wcslen
??2@YAPAXI@Z
free
memcpy_s
calloc
_wtoi
_vscwprintf
strlen
memset
_recalloc
_vscprintf
vsprintf_s
??_V@YAXPAX@Z
vswprintf_s
_snwprintf_s
_wcsnicmp
wcscmp
_localtime64_s
_wcsicmp
_time64
_invalid_parameter_noinfo
memmove_s
_wtoi64
malloc
??0exception@std@@QAE@XZ
swscanf_s
_wtol
??0exception@std@@QAE@ABQBD@Z
wcschr
??0exception@std@@QAE@ABV01@@Z
wcsstr
wcsrchr
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
_wcslwr_s
wcscpy_s
_mktime64
memcmp
_localtime64
memmove
_purecall
strncpy_s
rand_s
_itow_s
pow
realloc
swprintf_s
_beginthreadex
__RTDynamicCast
srand
rand
wcsncpy_s
tolower
putwchar
wcstol
strchr
strtol
putchar
_vsnwprintf_s
_vsnprintf_s
_memicmp
wcsncat_s
fclose
fflush
fwrite
_snprintf_s
strrchr
_wsplitpath_s
_time32
__CxxFrameHandler3
_snprintf
fprintf
__iob_func
_CxxThrowException
strcmp
_strtoi64
_strtoui64
ldiv
strtoul
sprintf
_errno
strtod
strcpy
abs
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW
GetProcessMemoryInfo

androidassisthelper

RepairAndroidAssist
CreateAndroidAssist

atl80

ord30

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

InitCommonControlsEx

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 592KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 372KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheWechatBackup/Plugins/WechatBackup/WechatBackup.rdb

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

a7:cb:60:83:d9:9a:11:30:66:8c:0b:ed:2e:11:fe:a0:fa:f7:13:b7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 285KB - Virtual size: 284KB

d9997cc22607493388b309294c30bacc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4Certificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

ws2_32

version

psapi

imagehlp

netapi32

Exports

Exports

Sections

.text Size: 872KB - Virtual size: 869KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 20KB - Virtual size: 41KB

.rsrc Size: 308KB - Virtual size: 305KB

.reloc Size: 52KB - Virtual size: 48KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

a7:cb:60:83:d9:9a:11:30:66:8c:0b:ed:2e:11:fe:a0:fa:f7:13:b7
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 285KB - Virtual size: 284KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

50:6e:c9:72:fd:30:92:a5:47:ed:bb:c3:97:8e:73:15:42:a9:be:22
Signer

.text
Size: 872KB - Virtual size: 869KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 20KB - Virtual size: 41KB

.rsrc
Size: 308KB - Virtual size: 305KB

.reloc
Size: 52KB - Virtual size: 48KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 899B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 574B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

40:87:db:84:e0:56:7f:6c:05:d1:35:12:07:16:5b:fe:49:46:e1:87
Signer

.text
Size: 324KB - Virtual size: 324KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 11KB - Virtual size: 25KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 19KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate