1694c49fb08eee13f3071624efef61ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1694c49fb08eee13f3071624efef61ce_JaffaCakes118
Size

2.9MB
MD5

1694c49fb08eee13f3071624efef61ce
SHA1

bd19c168fe9aac718c67f4c9a26043ca97d45cb1
SHA256

7acb3f143ab05fda7939f892b385b02aaedc2b9c8dec0a1ee222adfee6b1b918
SHA512

9ce3156a8482462eb2700b7067837b71e91e6c8f5003c03aa5a19466af44e7cbc7ae63c8c0207a554eecc74e1e9ebedacdb5f271d1ebcd358d30c563f86827bc
SSDEEP

49152:6jbO5TpHx9E45mCimrsagmKDaUhS3+C0N4L0YM3CdVbN/w1KSGCjd1gAnU:UbOrx9n5m0rsBmKDBe0N4noCddBwoYLU

Score

1^/10

Malware Config

Signatures

Files

1694c49fb08eee13f3071624efef61ce_JaffaCakes118
.7z
SelfUninst.exe
.exe windows:5 windows x86 arch:x86

30da960588411639dd0c0328f5e152a1

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07:ea:f3:b6:0e:64:4c:76:94:e8:7a:4e:86:d2:6b:1f:31:c3:10:36:fa:d8:cb:03:4e:46:c1:5a:42:7f:85:2a
Signer

Actual PE Digest

07:ea:f3:b6:0e:64:4c:76:94:e8:7a:4e:86:d2:6b:1f:31:c3:10:36:fa:d8:cb:03:4e:46:c1:5a:42:7f:85:2a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
CloseHandle
CreateFileW
SetFilePointer
WriteFile
ReadFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleExW
LocalFree
FreeLibrary
OpenProcess
GetModuleHandleA
LoadLibraryExW
GetCurrentProcess
GetCurrentProcessId
lstrcpyA
lstrcatA
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
CreateThread
CreateFileA
CreateEventW
SetEvent
DeviceIoControl
GetLocalTime
OutputDebugStringW
WaitForSingleObject
SetErrorMode
lstrlenA
SetEndOfFile
WriteConsoleW
SetStdHandle
LoadLibraryW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
Sleep
EncodePointer
DecodePointer
GetCommandLineW
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
AreFileApisANSI
HeapSize
GetStdHandle
GetCurrentThreadId
GetFileType
QueryPerformanceCounter
GetEnvironmentStringsW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeSecurity

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

Sections

.text
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YHQClient.exe
.exe windows:5 windows x86 arch:x86

a2932d77f3b571af2cf92b1e63f36f5b

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b7:80:f5:74:7e:12:08:29:a7:b1:88:ea:02:67:b6:a3:8f:ef:17:fe:e8:a7:30:87:1d:c3:fa:cb:d1:90:a6:c3
Signer

Actual PE Digest

b7:80:f5:74:7e:12:08:29:a7:b1:88:ea:02:67:b6:a3:8f:ef:17:fe:e8:a7:30:87:1d:c3:fa:cb:d1:90:a6:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
FlushInstructionCache
GlobalUnlock
GlobalLock
lstrcmpW
FindResourceW
LoadResource
LockResource
SetErrorMode
GetModuleHandleW
lstrcmpiW
SizeofResource
LoadLibraryExW
GlobalHandle
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
Process32NextW
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcessId
CreateMutexW
lstrcatA
LoadLibraryA
CreateFileA
GetFileSize
ReadFile
CreateFileW
SetFilePointer
WriteFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
SetEvent
ExpandEnvironmentStringsA
GetVersionExW
DeviceIoControl
InitializeCriticalSection
ReleaseMutex
CreateThread
GlobalFree
GlobalAlloc
GetLastError
GetTickCount
FreeLibrary
LoadLibraryW
CreateEventW
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
HeapSize
AreFileApisANSI
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
HeapReAlloc
RtlUnwind
WriteConsoleW
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetCommandLineW
GetLocalTime
IsDebuggerPresent
ExitThread
EncodePointer
GetStringTypeW
DecodePointer
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
RaiseException
MultiByteToWideChar
Sleep
GetProcAddress
GetCurrentProcess
TerminateProcess
WaitForSingleObject
ResetEvent
MulDiv
lstrlenA
lstrcpyA
InterlockedDecrement
GetTempPathW
InterlockedIncrement

user32

CharNextW
PtInRect
PeekMessageW
SetTimer
GetMessageW
KillTimer
TranslateMessage
DispatchMessageW
PostMessageW
UnregisterClassW
SystemParametersInfoW
ClientToScreen
GetKeyState
IsDialogMessageW
SetWindowTextW
SendMessageW
GetDlgItem
EnableWindow
SetWindowPos
SetWindowLongW
GetWindowLongW
SetLayeredWindowAttributes
GetWindowRect
MoveWindow
GetClientRect
BeginPaint
EndPaint
PostQuitMessage
ShowWindow
MapWindowPoints
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindow
SetCursor
LoadCursorW
LoadImageW
GetCursorPos
CreatePopupMenu
AppendMenuW
TrackPopupMenu
RegisterClassExW
DefWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
CreateDialogIndirectParamW
EndDialog
MapDialogRect
SetWindowContextHelpId
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
IsChild
GetFocus
SetFocus
IsWindow
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateWindowExW
DestroyWindow
CreateAcceleratorTableW
ScreenToClient
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC

gdi32

DeleteDC
GetDeviceCaps
GetObjectW
GetStockObject
BitBlt
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
SetBkColor
ExtTextOutW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW

ole32

CoTaskMemRealloc
CoUninitialize
CoCreateInstance
OleUninitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
OleLockRunning
CreateStreamOnHGlobal
CoInitializeSecurity
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
OleInitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
DispCallFunc
VarUI4FromStr

shlwapi

StrStrIW

comctl32

InitCommonControlsEx

urlmon

CoInternetGetSession

wininet

InternetCheckConnectionW
InternetGetConnectedState

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 697KB - Virtual size: 696KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YHQCore.dll
.dll windows:5 windows x86 arch:x86

3fb2d2dfcd5606926f6bd996e51675c3

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:36:b1:31:ce:cf:1b:ca:12:81:87:6f:19:d2:c0:2d:c4:f4:ca:65:a9:f6:72:eb:ea:4e:c5:91:81:4c:0c:d8
Signer

Actual PE Digest

a6:36:b1:31:ce:cf:1b:ca:12:81:87:6f:19:d2:c0:2d:c4:f4:ca:65:a9:f6:72:eb:ea:4e:c5:91:81:4c:0c:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Core.pdb

Imports

kernel32

GetNativeSystemInfo
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
GetModuleHandleExW
GetVersionExW
GetModuleFileNameW
CreateFileW
GetTempPathW
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
CloseHandle
GetCurrentProcessId
WideCharToMultiByte
MapViewOfFile
UnmapViewOfFile
GetFileSizeEx
CreateFileMappingW
CopyFileW
GetFileAttributesW
DeleteFileW
ReadConsoleW
ReadFile
SetEndOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
HeapFree
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
HeapAlloc
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetLastError
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
GetProcessHeap
ExitProcess
HeapSize
GetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
HeapReAlloc
SetFilePointerEx
LoadLibraryExW
OutputDebugStringW
LoadLibraryW

dbghelp

MiniDumpWriteDump

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

ModifyResourcesPakEx3

Sections

.text
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
YHQPlugin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

7dab7228f567df16f2e4fc2596b18ffc

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:8f:a5:2d:de:05:62:0f:34:8e:50:86:06:8a:3b:ee:9a:ba:d7:fa:a2:21:df:50:52:4e:73:e4:c9:13:be:67
Signer

Actual PE Digest

cc:8f:a5:2d:de:05:62:0f:34:8e:50:86:06:8a:3b:ee:9a:ba:d7:fa:a2:21:df:50:52:4e:73:e4:c9:13:be:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
EncodePointer
DecodePointer
GetThreadLocale
SetThreadLocale
Sleep
GetTickCount
WideCharToMultiByte
GetFileSize
ReadFile
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
CreateFileA
OutputDebugStringA
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
GetVersionExW
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
GetLocalTime
DeviceIoControl
GlobalFree
ReleaseMutex
SetLastError
ExitProcess
GetSystemWow64DirectoryW
lstrlenA
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
GetConsoleMode
FindResourceW
InterlockedIncrement
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryW
CreateEventW
lstrcmpiW
CloseHandle
SizeofResource
LoadResource
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetErrorMode
GetLastError
CreateThread
RaiseException
GetProcAddress
FreeLibrary
InterlockedDecrement
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW

user32

LoadStringW
SendMessageW
CharNextW
GetWindowTextW
FindWindowExW
EnumWindows
GetWindow
PostMessageW
SetTimer
KillTimer
GetClassNameW
SystemParametersInfoW

advapi32

RegCloseKey
QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

ole32

CoInitializeSecurity
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
LoadRegTypeLi
DispCallFunc
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
SysFreeString
VariantClear

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rasapi32

RasEnumConnectionsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gshare
Size: 512B - Virtual size: 5B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
assist.dll
.dll windows:5 windows x86 arch:x86

73d0efcbf985b394fcd0379252ff2756

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:28:11:b9:f6:90:ae:ce:d5:82:e6:66:72:4c:d1:9d:c1:37:a0:f9:6e:08:de:61:7d:d5:ff:ae:98:b7:af:d8
Signer

Actual PE Digest

35:28:11:b9:f6:90:ae:ce:d5:82:e6:66:72:4c:d1:9d:c1:37:a0:f9:6e:08:de:61:7d:d5:ff:ae:98:b7:af:d8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapFree
CreateProcessW
GetExitCodeProcess
GetModuleHandleExW
FormatMessageW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcessId
CreateMutexW
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CopyFileW
SetFileTime
FileTimeToSystemTime
MoveFileW
MoveFileExW
GetLocalTime
SystemTimeToFileTime
SetLocalTime
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
GetVersionExW
GetSystemInfo
ExpandEnvironmentStringsW
ExitProcess
TryEnterCriticalSection
ReleaseMutex
GlobalFree
GetProcessHeap
GetVolumeInformationW
GetComputerNameW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryA
lstrcmpiW
lstrcmpW
MulDiv
DeleteFileA
GetSystemTime
GetTempPathA
GetVersionExA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
HeapCompact
GetFullPathNameA
GetFullPathNameW
GetSystemWow64DirectoryW
SizeofResource
LoadResource
Sleep
DeleteCriticalSection
MoveFileA
lstrlenA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
GetTimeZoneInformation
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WideCharToMultiByte
GetTickCount
CreateFileA
OutputDebugStringA
LoadLibraryW
CreateEventW
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSection
FindResourceW
MultiByteToWideChar
DeviceIoControl
GetModuleHandleW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
SetLastError
GetLastError
GetCurrentThreadId
CreateThread
RaiseException
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
ExitThread
GetFileType
GetStdHandle
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
RtlUnwind
EncodePointer
GetStringTypeW
DecodePointer
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
InterlockedCompareExchange
FreeLibrary
InterlockedDecrement
InterlockedIncrement

user32

SetWindowPos
MoveWindow
CreateDialogParamW
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
UnregisterClassW
RedrawWindow
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongW
GetDlgItem
GetDesktopWindow
GetParent
EnumWindows
GetClassNameW
GetWindow
LoadCursorW
PostQuitMessage
EnableWindow
CharNextW
GetWindowRect
MessageBoxW
MapWindowPoints
LoadImageW
IsDialogMessageW
MonitorFromWindow
GetMonitorInfoW
LoadStringW
SetCursor
IsWindowVisible
GetKeyState
SetTimer
KillTimer
SetFocus
GetFocus
SetCapture
ReleaseDC
GetDC
DestroyAcceleratorTable
DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RegisterWindowMessageW
ShowWindow
CreateAcceleratorTableW
GetSystemMetrics
ReleaseCapture
SetWindowLongW

gdi32

GetTextMetricsW
CreateFontW
GetObjectA
GetTextExtentExPointW
GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreatePolygonRgn

advapi32

IsValidSid
GetSidSubAuthorityCount
GetSidIdentifierAuthority
LookupAccountNameW
FreeSid
GetLengthSid
SetTokenInformation
DuplicateTokenEx
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
CloseServiceHandle
QueryServiceStatus
ChangeServiceConfig2W
QueryServiceStatusEx
GetUserNameA
LookupAccountNameA
GetSidSubAuthority

shell32

SHCreateDirectoryExW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoInitializeSecurity
CoGetClassObject

oleaut32

OleCreateFontIndirect
SysFreeString
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VarUI4FromStr
VariantClear
VariantInit
SysAllocString
LoadTypeLi

shlwapi

SHCreateStreamOnFileEx
PathRemoveFileSpecW
PathFindFileNameW

comctl32

_TrackMouseEvent
InitCommonControlsEx

rasapi32

RasEnumConnectionsW

gdiplus

GdipCreateFromHWND
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipFillRectangleI
GdipDrawRectangleI
GdipCreateBitmapFromScan0
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipGetFontHeight
GdipDrawLineI
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDeletePen
GdipCreatePen1
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipTransformPath
GdipAddPathRectangleI
GdipDeletePath
GdipDrawImageI
GdiplusStartup
GdipDrawImagePointRectI
GdipDrawImageRectI
GdipSetSmoothingMode
GdipLoadImageFromFile
GdipDrawString
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipDisposeImage
GdipCloneImage
GdipFree
GdipAlloc
GdipDrawPath
GdipFillPath
GdipSetClipRectI
GdipResetClip
GdipStringFormatGetGenericTypographic
GdipCloneStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetClipHrgn
GdipSetSolidFillColor
GdipDrawLine
GdipDrawRectangle
GdiplusShutdown
GdipFillRectangle
GdipAddPathArcI
GdipClosePathFigure
GdipCreatePath
GdipResetPath
GdipSetStringFormatTrimming

Exports

Exports

LoadUninst

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 385KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/_metadata/computed_hashes.json
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/_metadata/verified_contents.json
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/background.html
.html
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/background.js
.js
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/contentScript.js
.js
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/css/ext-main.css
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/extra/iframe.js
.js
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/images/set.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/images/top.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/jquery.js
.js
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/128.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/16.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/19.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/24.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/32.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/32g.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/38.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/48.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/64.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/72.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/logos/96.png
.png
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/manifest.json
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/popup.css
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/popup.html
.html
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/popup.js
.js
browser/nmhost/agomaojefohfglhoikbdjbcbiaijboka/3.0.1.13_0/yhq.js
.js
browser/nmhost/prefs.json
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/background.html
.html
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/background.js
.js
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/contentScript.js
.js
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/css/ext-main.css
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/extra/iframe.js
.js
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/images/set.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/images/top.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/jquery.js
.js
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/128.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/16.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/19.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/24.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/32.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/32g.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/38.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/48.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/64.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/72.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/96.png
.png
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/manifest.json
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.css
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.html
.html
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.js
.js
browser/phost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/yhq.js
.js
browser/phost/prefs.json
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/background.html
.html
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/background.js
.js
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/contentScript.js
.js
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/css/ext-main.css
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/extra/iframe.js
.js
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/images/set.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/images/top.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/jquery.js
.js
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/128.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/16.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/19.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/24.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/32.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/32g.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/38.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/48.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/64.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/72.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/logos/96.png
.png
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/manifest.json
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/popup.css
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/popup.html
.html
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/popup.js
.js
browser/phost1/agomaojefohfglhoikbdjbcbiaijboka/3.1.1.15_0/yhq.js
.js
browser/phost1/prefs.json
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/background.html
.html
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/background.js
.js
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/contentScript.js
.js
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/css/ext-main.css
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/extra/iframe.js
.js
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/images/set.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/images/top.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/jquery.js
.js
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/128.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/16.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/19.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/24.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/32.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/32g.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/38.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/48.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/64.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/72.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/logos/96.png
.png
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/manifest.json
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/popup.css
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/popup.html
.html
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/popup.js
.js
browser/phost3/jkimpaggjlanfaoeajilkbmpplcpkcad/3.4.1.13_0/yhq.js
.js
browser/phost3/prefs.json
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/background.html
.html
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/background.js
.js
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/contentScript.js
.js
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/css/ext-main.css
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/extra/iframe.js
.js
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/images/set.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/images/top.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/jquery.js
.js
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/128.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/16.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/19.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/24.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/32.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/32g.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/38.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/48.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/64.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/72.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/logos/96.png
.png
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/manifest.json
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.css
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.html
.html
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/popup.js
.js
browser/qnmhost/agomaojefohfglhoikbdjbcbiaijboka/3.2.1.13_0/yhq.js
.js
browser/qnmhost/prefs.json
browser/yhq.crx
.zip
background.html
.html
background.js
.js
contentScript.js
.js
css/ext-main.css
extra/iframe.js
.js
images/set.png
.png
images/top.png
.png
jquery.js
.js
logos/128.png
.png
logos/16.png
.png
logos/19.png
.png
logos/24.png
.png
logos/32.png
.png
logos/32g.png
.png
logos/38.png
.png
logos/48.png
.png
logos/64.png
.png
logos/72.png
.png
logos/96.png
.png
manifest.json
plugins/main.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8c040b4458ce41908139f871e7bccf42

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:8a:67:21:6b:94:37:61:f9:7d:06:d3:54:84:ec:c2:e4:af:36:3a:08:e4:fc:15:f6:3e:92:e9:16:b4:3e:fc
Signer

Actual PE Digest

99:8a:67:21:6b:94:37:61:f9:7d:06:d3:54:84:ec:c2:e4:af:36:3a:08:e4:fc:15:f6:3e:92:e9:16:b4:3e:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

project.pdb

Imports

kernel32

CloseHandle
CreateEventW
LoadLibraryW
OutputDebugStringA
InitializeCriticalSection
CreateFileA
GetTickCount
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
Sleep
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
GetLocalTime
GetVersionExW
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
DeviceIoControl
VirtualFree
VirtualProtect
LoadLibraryExA
ReleaseMutex
GlobalFree
SetLastError
ExitProcess
GetSystemWow64DirectoryW
lstrlenA
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
WaitForSingleObject
InterlockedIncrement
SetEvent
SetErrorMode
CreateThread
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
InterlockedDecrement
FindFirstFileW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW

user32

KillTimer
LoadStringW
GetWindowTextW
SetTimer
EnumWindows
GetClassNameW
SystemParametersInfoW
CharNextW
PostMessageW

advapi32

QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoTaskMemRealloc
StringFromGUID2
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantClear
UnRegisterTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
VariantInit
LoadTypeLi
SysFreeString
RegisterTypeLi

shlwapi

PathFindFileNameW
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rasapi32

RasEnumConnectionsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gshare
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
popup.css
popup.html
.html
popup.js
.js
yhq.js
.js
browser/youhuiquan/background.html
.html
browser/youhuiquan/background.js
.js
browser/youhuiquan/contentScript.js
.js
browser/youhuiquan/css/ext-main.css
browser/youhuiquan/default-big.png
.png
browser/youhuiquan/default.ico
browser/youhuiquan/extra/iframe.js
.js
browser/youhuiquan/images/set.png
.png
browser/youhuiquan/images/top.png
.png
browser/youhuiquan/jquery.js
.js
browser/youhuiquan/logos/128.png
.png
browser/youhuiquan/logos/16.png
.png
browser/youhuiquan/logos/19.png
.png
browser/youhuiquan/logos/24.png
.png
browser/youhuiquan/logos/32.png
.png
browser/youhuiquan/logos/32g.png
.png
browser/youhuiquan/logos/38.png
.png
browser/youhuiquan/logos/48.png
.png
browser/youhuiquan/logos/64.png
.png
browser/youhuiquan/logos/72.png
.png
browser/youhuiquan/logos/96.png
.png
browser/youhuiquan/manifest.xml
.xml
browser/youhuiquan/popup.css
browser/youhuiquan/popup.html
.html
browser/youhuiquan/popup.js
.js
browser/youhuiquan/yhq.js
.js
browser/[email protected]
browser/[email protected]
.zip
META-INF/manifest.mf
META-INF/mozilla.rsa
META-INF/mozilla.sf
background.html
.html
background.js
.js
contentScript.js
.js
css/ext-main.css
extra/iframe.js
.js
images/set.png
.png
images/top.png
.png
jquery.js
.js
logos/128.png
.png
logos/16.png
.png
logos/19.png
.png
logos/24.png
.png
logos/32.png
.png
logos/32g.png
.png
logos/38.png
.png
logos/48.png
.png
logos/64.png
.png
logos/72.png
.png
logos/96.png
.png
manifest.json
popup.css
popup.html
.html
popup.js
.js
yhq.js
.js
nahost/YHQChrmAdpt.exe
.exe windows:5 windows x86 arch:x86

cd814824567d02deb9f2a194bbaf1768

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2c:fc:9a:a8:50:19:e4:d4:68:f8:39:4e:0e:07:75:a0:ce:17:9d:71:4f:b6:b6:d0:52:bc:90:d2:d6:9a:21:01
Signer

Actual PE Digest

2c:fc:9a:a8:50:19:e4:d4:68:f8:39:4e:0e:07:75:a0:ce:17:9d:71:4f:b6:b6:d0:52:bc:90:d2:d6:9a:21:01

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
FreeLibrary
ResumeThread
GetModuleHandleA
LoadLibraryExW
GetCurrentProcess
GetCurrentProcessId
CreateMutexW
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
GetVersionExW
CreateFileA
DeviceIoControl
GetLocalTime
TerminateThread
ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
GlobalFree
SetLastError
InterlockedDecrement
CreateEventW
SetEvent
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
GetSystemWow64DirectoryW
lstrlenA
TlsGetValue
SetEndOfFile
WaitForSingleObject
CreateProcessW
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
SetErrorMode
Sleep
OutputDebugStringA
GetModuleFileNameW
CreateThread
GetProcAddress
LoadLibraryW
OutputDebugStringW
ReadConsoleW
FlushFileBuffers
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
GetOEMCP
GetACP
GetSystemTimeAsFileTime
HeapReAlloc
GetLastError
IsValidCodePage
HeapSize
AreFileApisANSI
GetCurrentThreadId
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
InitializeCriticalSectionAndSpinCount
CompareStringW

user32

LoadStringW
EnumWindows
GetWindowTextW
PostMessageW
SystemParametersInfoW
KillTimer
SetTimer
GetClassNameW
DispatchMessageW
GetMessageW

advapi32

QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
ConvertSidToStringSidW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
RegDeleteValueW
RegDeleteKeyW

ole32

CoInitializeSecurity
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFindFileNameW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rasapi32

RasEnumConnectionsW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nahost/YHQFFAdapt.dll
.dll windows:5 windows x86 arch:x86

922b6bc0ab911e5f9fc3ac48d709117b

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:e0:5f:d7:fe:16:43:36:fc:45:50:5a:16:c1:97:07:7b:bd:24:f8:55:4e:cd:90:66:e8:88:b0:b7:c1:70:c3
Signer

Actual PE Digest

7b:e0:5f:d7:fe:16:43:36:fc:45:50:5a:16:c1:97:07:7b:bd:24:f8:55:4e:cd:90:66:e8:88:b0:b7:c1:70:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
MoveFileW
MoveFileExW
DeviceIoControl
GetCurrentProcess
GetVersionExW
CreateToolhelp32Snapshot
CreateFileA
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
WaitForSingleObject
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
FreeLibrary
GetModuleHandleA
WriteFile
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
GetLocalTime
ExitProcess
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
WideCharToMultiByte
MultiByteToWideChar
InterlockedDecrement
GlobalFree
SetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
CreateEventW
SetEvent
GetSystemWow64DirectoryW
lstrlenA
SetEndOfFile
SetStdHandle
LoadLibraryW
OutputDebugStringW
FlushFileBuffers
SetFilePointerEx
CreateFileW
SetFilePointer
SetErrorMode
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
CreateThread
OutputDebugStringA
GetProcAddress
GetModuleFileNameW
Sleep
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
GetConsoleCP
ReadConsoleW
GetConsoleMode
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
HeapSize
AreFileApisANSI
GetOEMCP
GetACP
IsValidCodePage
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
RtlUnwind
RaiseException
WriteConsoleW
GetFileType
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapReAlloc
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetLastError

user32

GetClassNameW
LoadStringW
SystemParametersInfoW
SetTimer
GetWindowTextW
EnumWindows
KillTimer
PostMessageW

advapi32

RegDeleteValueW
QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
RegDeleteKeyW
ConvertSidToStringSidW

ole32

CoCreateInstance
CoInitializeSecurity
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

shlwapi

PathFindFileNameW
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

rasapi32

RasEnumConnectionsW

Exports

Exports

SendNativeCmd
SendNativeMsg
StartUp
TermDown

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nahost/com.youhuiquan.yhq.json
nahost/com.youhuiquan.yhq.qq.json
npyhq.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8c040b4458ce41908139f871e7bccf42

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:29:82:b4:9c:5b:58:73:2b:fd:0a:0a:e4:4d:cc:ee:03:13:1c:24:28:0a:2e:79:cb:c9:54:4d:35:99:e5:13
Signer

Actual PE Digest

c8:29:82:b4:9c:5b:58:73:2b:fd:0a:0a:e4:4d:cc:ee:03:13:1c:24:28:0a:2e:79:cb:c9:54:4d:35:99:e5:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

project.pdb

Imports

kernel32

CloseHandle
CreateEventW
LoadLibraryW
OutputDebugStringA
InitializeCriticalSection
CreateFileA
GetTickCount
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
Sleep
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
GetLocalTime
GetVersionExW
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
DeviceIoControl
VirtualFree
VirtualProtect
LoadLibraryExA
ReleaseMutex
GlobalFree
SetLastError
ExitProcess
GetSystemWow64DirectoryW
lstrlenA
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
WaitForSingleObject
InterlockedIncrement
SetEvent
SetErrorMode
CreateThread
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
InterlockedDecrement
FindFirstFileW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW

user32

KillTimer
LoadStringW
GetWindowTextW
SetTimer
EnumWindows
GetClassNameW
SystemParametersInfoW
CharNextW
PostMessageW

advapi32

QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoTaskMemRealloc
StringFromGUID2
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantClear
UnRegisterTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
VariantInit
LoadTypeLi
SysFreeString
RegisterTypeLi

shlwapi

PathFindFileNameW
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rasapi32

RasEnumConnectionsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gshare
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/Uninst.json
skin/Update.json
skin/bgEdit.png
.png
skin/bgUninstFirst.png
.png
skin/bgUninstSecond.png
.png
skin/bgUninstThird.png
.png
skin/btnInstClose.png
.png
skin/btnMBCancel.png
.png
skin/btnMBClose.png
.png
skin/btnMBOK.png
.png
skin/btnMBUpdate.png
.png
skin/btnReinstNow.png
.png
skin/btnUninstCancel.png
.png
skin/btnUninstDone.png
.png
skin/btnUninstNow.png
.png
skin/chkbox.png
.png
skin/instClose.png
.png
skin/logo.png
.png
skin/logo16.png
.png
skin/nupdateBK.png
.png
skin/offline/48.png
.png
skin/offline/closed.png
.png
skin/offline/index_neterror.html
.html
skin/progressbar.png
.png
skin/radiobtn.png
.png
skin/updateBK.png
.png
skin/wtl.exe.manifest
.xml
uninst.exe
.exe windows:5 windows x86 arch:x86

75dd32bc143bbd51ee6a1ef91b01cb06

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:4f:4a:55:44:b8:b0:dd:10:08:c4:04:11:56:83:57:25:b1:3d:80:00:43:8a:e8:e6:f3:3d:fe:f4:2d:86:86
Signer

Actual PE Digest

ff:4f:4a:55:44:b8:b0:dd:10:08:c4:04:11:56:83:57:25:b1:3d:80:00:43:8a:e8:e6:f3:3d:fe:f4:2d:86:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetLastError
CreateMutexW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
CloseHandle
WriteConsoleW
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
HeapFree
GetStdHandle
WriteFile
IsProcessorFeaturePresent
HeapAlloc
InterlockedDecrement
ExitProcess
MultiByteToWideChar
HeapSize
Sleep
IsDebuggerPresent
SetLastError
InterlockedIncrement
GetCurrentThreadId
GetProcessHeap
GetFileType
DeleteCriticalSection
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
OutputDebugStringW
LoadLibraryExW
WideCharToMultiByte
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
CreateFileW

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
update.exe
.exe windows:5 windows x86 arch:x86

3d07ac3a601ba53934ba3a9e92d2cdc8

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cd:9a:07:07:49:37:0f:92:ac:2d:fb:6c:c1:6e:1b:dd:d1:d4:45:ce:cf:48:38:cb:f9:f7:67:42:af:7f:99:da
Signer

Actual PE Digest

cd:9a:07:07:49:37:0f:92:ac:2d:fb:6c:c1:6e:1b:dd:d1:d4:45:ce:cf:48:38:cb:f9:f7:67:42:af:7f:99:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleExW
FormatMessageW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcessId
CreateMutexW
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
CopyFileW
SetFileTime
FileTimeToSystemTime
MoveFileW
MoveFileExW
GetVersionExW
GetSystemInfo
GetLocalTime
SystemTimeToFileTime
SetLocalTime
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
CreateFileA
InitializeCriticalSection
TryEnterCriticalSection
ReleaseMutex
GlobalFree
DeviceIoControl
GetVolumeInformationW
GetComputerNameW
GetCommandLineW
ExitProcess
CreateEventW
SetEvent
InterlockedCompareExchange
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
DecodePointer
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
HeapFree
HeapAlloc
GetProcessHeap
TerminateProcess
Process32NextW
CloseHandle
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
DeleteFileA
GetSystemTime
GetTempPathA
GetVersionExA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
GetDiskFreeSpaceW
LockFileEx
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageA
UnlockFileEx
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
HeapCompact
GetFullPathNameA
GetFullPathNameW
ExpandEnvironmentStringsW
GetSystemWow64DirectoryW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
OutputDebugStringA
MoveFileA
SetEnvironmentVariableA
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
LoadLibraryW
OutputDebugStringW
ReadConsoleW
GetStringTypeW
GetTimeZoneInformation
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
LoadLibraryA
lstrcmpiW
lstrcmpW
MulDiv
SizeofResource
LoadResource
Sleep
DeleteCriticalSection
QueryPerformanceCounter
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
AreFileApisANSI
WriteConsoleW
GetFileType
GetStdHandle
HeapReAlloc
GetSystemTimeAsFileTime
IsDebuggerPresent
EncodePointer
RtlUnwind
ExitThread
LeaveCriticalSection
EnterCriticalSection
SetErrorMode
SetLastError
GetLastError
GetCurrentThreadId
CreateThread
RaiseException
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
VirtualFree
InitializeCriticalSectionAndSpinCount

user32

GetMessageW
GetKeyState
TranslateMessage
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
LoadStringW
IsWindow
IsChild
KillTimer
ShowWindow
RegisterWindowMessageW
SetWindowPos
CreateDialogParamW
GetDlgItem
CharNextW
SetFocus
GetFocus
SetCapture
ReleaseCapture
SetTimer
CreateAcceleratorTableW
DestroyAcceleratorTable
GetDC
ReleaseDC
BeginPaint
EndPaint
InvalidateRect
InvalidateRgn
RedrawWindow
SetWindowTextW
GetWindowTextW
MoveWindow
IsWindowVisible
UnregisterClassW
SetCursor
MsgWaitForMultipleObjects
DestroyWindow
GetWindowTextLengthW
GetClientRect
ClientToScreen
ScreenToClient
GetSysColor
FillRect
GetWindowLongW
SetWindowLongW
GetDesktopWindow
GetParent
EnumWindows
GetClassNameW
GetWindow
LoadCursorW
PostQuitMessage
EnableWindow
GetSystemMetrics
GetWindowRect
MessageBoxW
MapWindowPoints
LoadImageW
IsDialogMessageW
MonitorFromWindow
GetMonitorInfoW

advapi32

RegQueryInfoKeyW
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
FreeSid
GetLengthSid
SetTokenInformation
DuplicateTokenEx
QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
LookupAccountNameW
ConvertSidToStringSidW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
CloseServiceHandle

ole32

CoInitializeSecurity
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoInitialize
CoUninitialize
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CreateStreamOnHGlobal

shell32

ShellExecuteExW
SHCreateDirectoryExW
ShellExecuteW

oleaut32

LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
VariantClear
VariantInit
OleCreateFontIndirect
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen

comctl32

_TrackMouseEvent
InitCommonControlsEx

gdi32

CreatePolygonRgn
GetTextMetricsW
CreateFontW
GetObjectA
GetTextExtentExPointW
GetObjectW
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
SelectObject
GetStockObject

rasapi32

RasEnumConnectionsW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromFile
GdipGetImageWidth
GdipGetImageHeight
GdipLoadImageFromFile
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipDrawLine
GdipDrawRectangle
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipDrawImageI
GdipFillRectangle
GdipFree
GdipSetClipHrgn
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatFlags
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipResetClip
GdipSetClipRectI
GdipFillPath
GdipDrawPath
GdipCreateFromHWND
GdipDeleteCachedBitmap
GdipCreateCachedBitmap
GdipFillRectangleI
GdipDrawRectangleI
GdipCreateBitmapFromScan0
GdiplusShutdown
GdipSetSmoothingMode
GdiplusStartup
GdipSetSolidFillColor
GdipDeleteStringFormat
GdipSetStringFormatAlign
GdipAlloc
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipGetFontHeight
GdipDeleteFont
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipDrawLineI
GdipSetWorldTransform
GdipSetInterpolationMode
GdipSetTextRenderingHint
GdipCreateBitmapFromGraphics
GdipGetImageGraphicsContext
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipCreateMatrix
GdipTransformPath
GdipAddPathRectangleI
GdipDeletePath
GdipCreatePath
GdipDrawImageRectI

shlwapi

SHCreateStreamOnFileEx
PathFindFileNameW
PathRemoveFileSpecW

Exports

Exports

LoadUpdate

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 382KB - Virtual size: 382KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yhq.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8c040b4458ce41908139f871e7bccf42

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:8a:67:21:6b:94:37:61:f9:7d:06:d3:54:84:ec:c2:e4:af:36:3a:08:e4:fc:15:f6:3e:92:e9:16:b4:3e:fc
Signer

Actual PE Digest

99:8a:67:21:6b:94:37:61:f9:7d:06:d3:54:84:ec:c2:e4:af:36:3a:08:e4:fc:15:f6:3e:92:e9:16:b4:3e:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

project.pdb

Imports

kernel32

CloseHandle
CreateEventW
LoadLibraryW
OutputDebugStringA
InitializeCriticalSection
CreateFileA
GetTickCount
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
CreateProcessW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
GetModuleHandleExW
LocalFree
VirtualAlloc
GetModuleHandleA
GetCurrentProcess
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
Sleep
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
GetLocalTime
GetVersionExW
GetSystemDirectoryW
GetTempPathW
GetEnvironmentVariableW
ExpandEnvironmentStringsA
DeviceIoControl
VirtualFree
VirtualProtect
LoadLibraryExA
ReleaseMutex
GlobalFree
SetLastError
ExitProcess
GetSystemWow64DirectoryW
lstrlenA
SetEndOfFile
SetStdHandle
OutputDebugStringW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
WaitForSingleObject
InterlockedIncrement
SetEvent
SetErrorMode
CreateThread
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
SizeofResource
LoadResource
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
FreeLibrary
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
InterlockedDecrement
FindFirstFileW
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
WriteConsoleW
GetFileType
GetStdHandle
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
HeapReAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwind
GetStringTypeW

user32

KillTimer
LoadStringW
GetWindowTextW
SetTimer
EnumWindows
GetClassNameW
SystemParametersInfoW
CharNextW
PostMessageW

advapi32

QueryServiceStatusEx
ChangeServiceConfig2W
QueryServiceStatus
CloseServiceHandle
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
GetUserNameA
ConvertSidToStringSidW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey

shell32

ShellExecuteExW

ole32

CoTaskMemRealloc
StringFromGUID2
CoInitializeSecurity
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

VariantClear
UnRegisterTypeLi
VarUI4FromStr
SysStringLen
SysAllocString
VariantInit
LoadTypeLi
SysFreeString
RegisterTypeLi

shlwapi

PathFindFileNameW
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

rasapi32

RasEnumConnectionsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

gshare
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
yhqpro.dll
.dll windows:5 windows x86 arch:x86

4b10d8a06e01465f0af9dc499df322a9

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

15/05/2018, 11:12

Not After

15/05/2019, 11:12

Subject

CN=淮安凯盈网络科技有限公司,O=淮安凯盈网络科技有限公司,L=淮安市,ST=江苏省,C=CN,1.2.840.113549.1.9.1=#0c127869616f7869616f68756f4071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:79:ab:96:55:a2:2c:02:bf:d4:9d:1a:6b:e1:72:a2:9a:5c:03:bb:f8:40:4d:7b:df:2a:9b:d3:69:19:07:36
Signer

Actual PE Digest

71:79:ab:96:55:a2:2c:02:bf:d4:9d:1a:6b:e1:72:a2:9a:5c:03:bb:f8:40:4d:7b:df:2a:9b:d3:69:19:07:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

host.pdb

Imports

kernel32

OutputDebugStringA
Sleep
FreeConsole
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TerminateProcess
GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleExW
LocalFree
FreeLibrary
VirtualAlloc
GetModuleHandleA
LoadLibraryExW
GetCurrentProcess
GetCurrentProcessId
Module32FirstW
Module32NextW
lstrcpyA
lstrcatA
LoadLibraryA
CreateFileW
SetFilePointer
WriteFile
GetFileSize
ReadFile
GetModuleFileNameW
GetDriveTypeW
FindFirstFileW
FindClose
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
DeleteFileW
MoveFileW
MoveFileExW
GetVersionExW
CreateFileA
GetTempPathW
ExpandEnvironmentStringsA
VirtualFree
VirtualProtect
LoadLibraryExA
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
ReleaseMutex
LeaveCriticalSection
DeviceIoControl
CreateEventW
SetEvent
GetLocalTime
lstrlenA
CreateThread
CloseHandle
GetProcAddress
LoadLibraryW
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
SetEndOfFile
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
OutputDebugStringW
GetStringTypeW
ReadConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
GetLastError
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
WriteConsoleW
RaiseException
RtlUnwind
HeapReAlloc
SetLastError
InterlockedIncrement
InterlockedDecrement
ExitProcess
AreFileApisANSI
HeapSize
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo

user32

SetTimer
GetMessageW
DispatchMessageW
KillTimer

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW

shell32

ShellExecuteExW

ole32

CoTaskMemFree
CoInitializeSecurity
CoCreateInstance

rasapi32

RasEnumConnectionsW

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantInit

Exports

Exports

ServiceMain

Sections

.text
Size: 650KB - Virtual size: 649KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
优汇券最终用户许可协议.txt
优汇券用户体验改善计划.txt

Sharing

General

Malware Config

Signatures

Files

30da960588411639dd0c0328f5e152a1

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

07:ea:f3:b6:0e:64:4c:76:94:e8:7a:4e:86:d2:6b:1f:31:c3:10:36:fa:d8:cb:03:4e:46:c1:5a:42:7f:85:2aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ole32

oleaut32

Sections

.text Size: 324KB - Virtual size: 324KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 11KB - Virtual size: 10KB

a2932d77f3b571af2cf92b1e63f36f5b

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

b7:80:f5:74:7e:12:08:29:a7:b1:88:ea:02:67:b6:a3:8f:ef:17:fe:e8:a7:30:87:1d:c3:fa:cb:d1:90:a6:c3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

07:ea:f3:b6:0e:64:4c:76:94:e8:7a:4e:86:d2:6b:1f:31:c3:10:36:fa:d8:cb:03:4e:46:c1:5a:42:7f:85:2a
Signer

.text
Size: 324KB - Virtual size: 324KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 11KB - Virtual size: 10KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

b7:80:f5:74:7e:12:08:29:a7:b1:88:ea:02:67:b6:a3:8f:ef:17:fe:e8:a7:30:87:1d:c3:fa:cb:d1:90:a6:c3
Signer

.text
Size: 697KB - Virtual size: 696KB

.rdata
Size: 127KB - Virtual size: 126KB

.data
Size: 15KB - Virtual size: 27KB

.rsrc
Size: 12KB - Virtual size: 11KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

a6:36:b1:31:ce:cf:1b:ca:12:81:87:6f:19:d2:c0:2d:c4:f4:ca:65:a9:f6:72:eb:ea:4e:c5:91:81:4c:0c:d8
Signer

.text
Size: 147KB - Virtual size: 147KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

53:29:63:33:c5:12:a0:85:6d:1f:fc:a4:78:01:f5:5e
Certificate