20f78b70bb31df49799be483bfcc49a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20f78b70bb31df49799be483bfcc49a3_JaffaCakes118
Size

1.3MB
MD5

20f78b70bb31df49799be483bfcc49a3
SHA1

903287fe65b9f653871b4ca1e71df7a3249069ae
SHA256

9ee594ebb15d426b1e3a45c5ffaa14226b698a6d2bd1ab1b9d8516f06b69eb94
SHA512

494c145118e7a4d8d77e98e5a168ce221211b272c6a0d10c307aa4ee406a903ed2bbbdafa1ca71f9d459956fa29a79b0928da731607a2a0225d6a2046e7b8201
SSDEEP

24576:dG2J+wQSIe4qeNDJ6e0eQsaYpViMRnPwf0mXv:o2J+wR/eAT+Kfrv

Score

1^/10

Malware Config

Signatures

Files

20f78b70bb31df49799be483bfcc49a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:5a:e1:18:cc:c4:c6:06:e5:a0:c7:45:f1:ba:80:fc:05:f8:33:79:71:b6:cd:83:af:60:47:55:eb:21:80:85
Signer

Actual PE Digest

0a:5a:e1:18:cc:c4:c6:06:e5:a0:c7:45:f1:ba:80:fc:05:f8:33:79:71:b6:cd:83:af:60:47:55:eb:21:80:85

Digest Algorithm

sha256

PE Digest Matches

true

f1:c1:f8:8b:3e:73:36:fc:5d:ec:97:fd:d1:ab:83:02:81:23:a5:9f
Signer

Actual PE Digest

f1:c1:f8:8b:3e:73:36:fc:5d:ec:97:fd:d1:ab:83:02:81:23:a5:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

80d2cb801bde4cc99c1fa6d82ac5a59e

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

08:6f:a4:86:59:d0:4a:b2:3e:24:16:77:04:ae:4e:5d:f9:fc:97:e5:b9:c0:8e:9e:d5:dd:fc:ea:c4:c9:18:70
Signer

Actual PE Digest

08:6f:a4:86:59:d0:4a:b2:3e:24:16:77:04:ae:4e:5d:f9:fc:97:e5:b9:c0:8e:9e:d5:dd:fc:ea:c4:c9:18:70

Digest Algorithm

sha256

PE Digest Matches

true

6f:d6:9e:9d:50:99:55:31:49:df:cc:d0:08:dc:c3:db:60:24:ca:47
Signer

Actual PE Digest

6f:d6:9e:9d:50:99:55:31:49:df:cc:d0:08:dc:c3:db:60:24:ca:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\work\TencentVideoWindows\develop10.21x\Setup\PluginSource\InstallHelper\Release\InstallHelper.pdb

Imports

kernel32

TerminateThread
LocalFree
OpenMutexW
GetFileSize
CreateMutexW
MapViewOfFileEx
GetCPInfo
IsDBCSLeadByte
OpenFileMappingW
GetFileAttributesExW
CreateDirectoryW
CreateFileW
GetCurrentThread
ExpandEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
LeaveCriticalSection
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
FatalAppExitA
IsValidCodePage
GetOEMCP
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
UnmapViewOfFile
InitializeCriticalSection
WriteFile
DisconnectNamedPipe
GetCurrentProcess
GetModuleHandleExW
GetLocalTime
MapViewOfFile
CreateFileMappingW
ConnectNamedPipe
CreateNamedPipeW
GetDiskFreeSpaceExW
GetFileAttributesW
GetDriveTypeW
lstrcpyW
GetCurrentThreadId
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrcmpiW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetPrivateProfileIntW
Sleep
GlobalAlloc
lstrcpynW
GlobalFree
GetCurrentProcessId
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
FindResourceExW
GetVersionExA
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadResource
LockResource
SizeofResource
FindResourceW
TerminateProcess
GetLastError
GetVersionExW
GetFileType

user32

wsprintfW
GetCapture
ReleaseCapture
GetCursorPos
MapWindowPoints
GetClientRect
MonitorFromWindow
GetMonitorInfoW
IsWindow
MoveWindow
SetFocus
DestroyWindow
CallWindowProcW
DefWindowProcW
InvalidateRect
TrackMouseEvent
CreateWindowExW
PostMessageW
SetWindowPos
GetDesktopWindow
GetWindowRect
SendMessageW
GetWindow
GetParent
GetWindowLongW
ClientToScreen
PostThreadMessageW
GetAncestor
IsZoomed
SetWindowsHookExW
GetFocus
CallNextHookEx
EnumThreadWindows
UnhookWindowsHookEx
GetSystemMetrics
LoadCursorW
RegisterClassExW
UpdateLayeredWindow
UnregisterClassA
MessageBoxW
SetTimer
EndPaint
BeginPaint
GetWindowTextW
GetClassNameW
GetDlgItemTextW
ScreenToClient
FillRect
SetScrollPos
GetWindowDC
PtInRect
GetDlgItem
ReleaseDC
GetDC
SetWindowTextW
IsIconic
UpdateWindow
IsWindowEnabled
KillTimer
SetCursor
IsWindowVisible
EnableWindow
DrawTextW
SetWindowLongW
ShowWindow

gdi32

GetDeviceCaps
CombineRgn
SetStretchBltMode
GetStretchBltMode
Rectangle
SetDCPenColor
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
GetTextMetricsW
CreateFontW
CreatePatternBrush
SetTextColor
SetBkMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
TextOutW

advapi32

GetSidIdentifierAuthority
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegOpenKeyW
RegCreateKeyExW
GetSecurityInfo
BuildExplicitAccessWithNameW
GetTokenInformation
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
OpenProcessToken
IsTextUnicode
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

oleaut32

SysFreeString

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipDrawImageRectI
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile

msimg32

AlphaBlend

psapi

GetModuleBaseNameW

wintrust

WinVerifyTrust

crypt32

CertGetNameStringW
CertCreateCertificateContext
CryptMsgGetParam
CryptQueryObject
CertCloseStore
CryptMsgClose
CertFreeCertificateContext

Exports

Exports

CheckClickFastInstall
CreateCustomPage
CreateFinishPage
CreateInstallPage
CreateWelcomePage
DestroyWnd
ExecWaitAndTimeout
GetCheck
GetFileVersion
GetFinishPageClick
GetOSVersionStringInfo
GetParentProcessName
InitSkin
InitSystemBootStartValue
IsFinishPageBindSoftware
Log
MoveWindowRect
MyReleaseCapture
NeedBindSoftAfterInstall
NeedRunAfterInstall
NeedRunOnStartup
SetCheck
SetFocusWnd
SetInstallDir
SkipFinishPage
UIUpdateInstallProgress
UIUpdateInstallStatus
UnInitSkin

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ProcDll.dll
.dll windows:4 windows x86 arch:x86

eafd69dcf4113dfd376ee9950d275970

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:ba:a3:4b:15:eb:5b:3e:4c:d9:23:e4:1f:44:53:9f:0f:62:9c:f9:0f:1e:cf:af:03:28:14:a1:22:42:6b:dd
Signer

Actual PE Digest

b7:ba:a3:4b:15:eb:5b:3e:4c:d9:23:e4:1f:44:53:9f:0f:62:9c:f9:0f:1e:cf:af:03:28:14:a1:22:42:6b:dd

Digest Algorithm

sha256

PE Digest Matches

true

79:1b:d9:c4:6a:d2:83:4e:6d:3e:74:1c:6b:d8:75:70:34:ad:11:db
Signer

Actual PE Digest

79:1b:d9:c4:6a:d2:83:4e:6d:3e:74:1c:6b:d8:75:70:34:ad:11:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\work\TencentVideoWindows\develop999\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb

Imports

kernel32

lstrlenW
GetPrivateProfileStringW
GetModuleHandleW
GetSystemDirectoryW
GlobalFree
lstrcpyW
GlobalAlloc
GetCurrentThreadId
lstrcatW
QueryDosDeviceW
GetLogicalDriveStringsW
GetTickCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
SetFileAttributesW
CopyFileW
LocalFree
TerminateProcess
DuplicateHandle
TerminateThread
VirtualFree
VirtualAlloc
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetLongPathNameW
GetPrivateProfileIntW
OutputDebugStringW
GlobalSize
GlobalUnlock
GlobalLock
GetTempPathW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
SetFilePointer
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetEndOfFile
GetDiskFreeSpaceW
UnlockFile
DeleteFileA
LockFileEx
AreFileApisANSI
WritePrivateProfileStringW
GetSystemInfo
GetTempPathA
GetFullPathNameW
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
FormatMessageA
GetExitCodeProcess
CreateMutexW
OutputDebugStringA
UnlockFileEx
FormatMessageW
CreateFileMappingA
WaitForSingleObjectEx
GetFileAttributesExW
LockFile
FlushViewOfFile
GetThreadLocale
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
MoveFileW
Sleep
MoveFileExW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetFileSize
ReadFile
GetFullPathNameA
ExpandEnvironmentStringsW
FreeLibrary
WriteFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
DeviceIoControl
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
LoadLibraryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
GetVersionExW
CreateFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcpynW
OpenProcess
lstrcmpiW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetVersionExA
GetCommandLineA
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
HeapCompact

user32

EndPaint
GetClientRect
BeginPaint
CallWindowProcW
SendMessageW
RedrawWindow
SetWindowPos
SetWindowLongW
PostMessageW
IsWindow
DestroyWindow
DispatchMessageW
TranslateMessage
WaitForInputIdle
GetDesktopWindow
EnumChildWindows
GetWindowLongW
FindWindowW
GetWindowThreadProcessId
UnregisterClassA
wsprintfW
GetDC
EnumDisplayDevicesW
AllowSetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
LoadImageW
DialogBoxParamW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDlgItem
UpdateWindow
LoadStringW
ScreenToClient
MoveWindow
SetTimer
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
EndDialog
KillTimer
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
SendMessageTimeoutW
ClientToScreen
OffsetRect
FindWindowExW
EnumWindows
GetWindowTextW
CharNextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
GetMessageW
IsDialogMessageW

gdi32

GetStockObject
CreateSolidBrush
SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
GetDeviceCaps

advapi32

AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
DeleteService
OpenSCManagerW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
SHCreateDirectoryExW
SHChangeNotify
SHGetPathFromIDListW
ShellExecuteW

ole32

CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
CLSIDFromString
StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoLoadLibrary
CoFreeLibrary

oleaut32

SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo
VarUI4FromStr

shlwapi

PathFindFileNameW
PathFileExistsW
PathStripPathW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
ord176
PathAppendW
wnsprintfW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

psapi

GetModuleFileNameExW
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

wininet

InternetGetCookieExW
InternetGetCookieW
InternetSetCookieW
InternetSetCookieExW

urlmon

URLDownloadToFileW

Exports

Exports

AddToFirewall
AsynDownload
AsynGetAndWriteHardwareInfo
AsynIPControlDownload
ChangeCacheACL
CheckAndRenameFiles
CheckDeleteUserDataFlag
CheckDownload
CheckExclude360
CheckExcludeProcess
CheckIPControlDownload
CheckInstallPath
CheckInstallType
CheckIsWindows10OrGreater
CheckIsWindows7OrGreater
CheckModuleUsing
CheckRunUIFlag
ClearP2PCache
ClearSSOConfig
CreateBitmapCtrl
CreateDiskShortCut
CreatePath
DeleteConnectTypeFile
DeleteDiskShortCut
DeleteInstalledToBrowserCookie
DeleteOldDirectory
DeleteTencentVideoLibraryShortcut
DeleteUserDesktopIcon
Destroy
ExcuteAsExplorer
ExcuteAsParent
ExitQQLiveServiceProcess
FindProcessByName
GetChannelFormIECookie
GetCheckBoxStatus
GetClipboard
GetCommentsInfo
GetFileVersion
GetGrandParentName
GetOSVersion
GetOriginalFilenameInfo
GetParentProcName
GetProtocalVersion
GetQNASCustomFlag
GetQNFCustomFlag
GetQSCMCustomFlag
GetShortCutOfApplicationInDirectory
GetUrlEncode
GetUserGUID
GetUserGUID2
HasUserAborted
InitFirewallInterface
InvokeShellVerb
IsProcRunning
JoinExCommandLine
KillProcByID
KillProcByName
KillProcByNameAndWait
KillProcByNameAndWait2
KillProcByPath
KillProcByPathAndWait
LockIEMainPage
ModifyDirPage
OpenFirewall
OpenFirewallWithoutInit
OpenUrlByDefaultBrowser
ParseCmdLine
PinOrUnpinStartMenuIcon
PinOrUnpinStartScreenIcon
PinOrUnpinTaskBarIcon
PopupTipBesideShortcut
RegMultiSzEdit
RegisterQQLiveProtocal
RemoveFirewall
RemoveFirewallWithoutInit
RemoveFromFirewall
SetCompletionRate
SetCtrlFontTitle
SetIEMainPage
SetInstallPath
SetInstallProgress
Show
ShowMsgBox
SvcUninstall
UnRegisterQQLiveProtocal
UnRegisterQQLiveService
UninitFirewallInterface
UnloadMatrixDriver
Update
UpdateAppData
WordFindHelper
WriteBootAutoRun
WriteConnectTypeFile
WriteConnectTypeFileEx
WriteHardInfoInRegForCheck
WriteInstalledToBrowserCookie
WriteQEACFlag
WriteQNASCustomFlag
WriteQNFCustomFlag
WriteQNMNFlag
WriteQNPSFlag
WriteQSCMCustomFlag
WriteUnistFlag
WriteVerInfo
free_instfilespage_bitmap
getWindow
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Statistics.exe
.exe windows:4 windows x86 arch:x86

176b3e26f589de2e46b3fdf6f08432ca

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

dd:15:72:98:f8:70:3e:94:02:81:dc:47:d8:13:89:db:1a:c2:87:51:6f:78:99:65:fd:22:13:15:20:1f:14:8b
Signer

Actual PE Digest

dd:15:72:98:f8:70:3e:94:02:81:dc:47:d8:13:89:db:1a:c2:87:51:6f:78:99:65:fd:22:13:15:20:1f:14:8b

Digest Algorithm

sha256

PE Digest Matches

true

e2:11:9c:69:d0:fe:e1:30:fc:7d:b1:14:96:06:ac:20:b1:05:eb:56
Signer

Actual PE Digest

e2:11:9c:69:d0:fe:e1:30:fc:7d:b1:14:96:06:ac:20:b1:05:eb:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\TencentVideoWindows\develop10.21x\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
GetCurrentProcess
GetModuleHandleExW
TerminateThread
WaitForSingleObject
CreateNamedPipeW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
GetProcAddress
SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetVersionExW
GetSystemDirectoryW
InterlockedDecrement
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
ConnectNamedPipe
LoadLibraryA
QueryPerformanceCounter
FlushConsoleInputBuffer
DisconnectNamedPipe
OutputDebugStringW
CopyFileW
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32FirstW
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
lstrlenA
lstrlenW
WideCharToMultiByte
GetFileAttributesExW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetFilePointer
FlushFileBuffers
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
ReadFile
GetConsoleCP
GlobalMemoryStatus
GetModuleFileNameA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxA
LoadStringW
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
GetDC
UnregisterClassA
EnumDisplayDevicesW
PostThreadMessageW
SendMessageTimeoutW

gdi32

DeleteObject
GetObjectA
GetDIBits
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
CreateCompatibleBitmap

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo
SysStringLen
SysFreeString
CreateErrorInfo

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrToIntW

ws2_32

inet_ntoa
socket
inet_addr
htons
closesocket
sendto
select
__WSAFDIsSet
recvfrom
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
ntohs

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetOpenW
InternetReadFile
InternetSetCookieW
InternetSetOptionW
DeleteUrlCacheEntryW
HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
InternetWriteFile
InternetSetCookieExW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleBaseNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 908KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab
Signer

Actual PE Digest

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab

Digest Algorithm

sha256

PE Digest Matches

true

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0
Signer

Actual PE Digest

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioC.ini
$TEMP/Statistics.exe
.exe windows:4 windows x86 arch:x86

176b3e26f589de2e46b3fdf6f08432ca

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

dd:15:72:98:f8:70:3e:94:02:81:dc:47:d8:13:89:db:1a:c2:87:51:6f:78:99:65:fd:22:13:15:20:1f:14:8b
Signer

Actual PE Digest

dd:15:72:98:f8:70:3e:94:02:81:dc:47:d8:13:89:db:1a:c2:87:51:6f:78:99:65:fd:22:13:15:20:1f:14:8b

Digest Algorithm

sha256

PE Digest Matches

true

e2:11:9c:69:d0:fe:e1:30:fc:7d:b1:14:96:06:ac:20:b1:05:eb:56
Signer

Actual PE Digest

e2:11:9c:69:d0:fe:e1:30:fc:7d:b1:14:96:06:ac:20:b1:05:eb:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\work\TencentVideoWindows\develop10.21x\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
GetCurrentProcess
GetModuleHandleExW
TerminateThread
WaitForSingleObject
CreateNamedPipeW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
GetProcAddress
SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetVersionExW
GetSystemDirectoryW
InterlockedDecrement
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
ConnectNamedPipe
LoadLibraryA
QueryPerformanceCounter
FlushConsoleInputBuffer
DisconnectNamedPipe
OutputDebugStringW
CopyFileW
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
MultiByteToWideChar
Process32FirstW
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
lstrlenA
lstrlenW
WideCharToMultiByte
GetFileAttributesExW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetFilePointer
FlushFileBuffers
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
ReadFile
GetConsoleCP
GlobalMemoryStatus
GetModuleFileNameA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxA
LoadStringW
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
GetDC
UnregisterClassA
EnumDisplayDevicesW
PostThreadMessageW
SendMessageTimeoutW

gdi32

DeleteObject
GetObjectA
GetDIBits
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
CreateCompatibleBitmap

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
SetNamedSecurityInfoW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo
SysStringLen
SysFreeString
CreateErrorInfo

shlwapi

PathFileExistsW
PathAppendW
PathRemoveFileSpecW
StrToIntW

ws2_32

inet_ntoa
socket
inet_addr
htons
closesocket
sendto
select
__WSAFDIsSet
recvfrom
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
ntohs

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetOpenW
InternetReadFile
InternetSetCookieW
InternetSetOptionW
DeleteUrlCacheEntryW
HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
InternetWriteFile
InternetSetCookieExW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleBaseNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 908KB - Virtual size: 904KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

0a:5a:e1:18:cc:c4:c6:06:e5:a0:c7:45:f1:ba:80:fc:05:f8:33:79:71:b6:cd:83:af:60:47:55:eb:21:80:85Signer

f1:c1:f8:8b:3e:73:36:fc:5d:ec:97:fd:d1:ab:83:02:81:23:a5:9fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 232KB

.rsrc Size: 287KB - Virtual size: 286KB

80d2cb801bde4cc99c1fa6d82ac5a59e

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

08:6f:a4:86:59:d0:4a:b2:3e:24:16:77:04:ae:4e:5d:f9:fc:97:e5:b9:c0:8e:9e:d5:dd:fc:ea:c4:c9:18:70Signer

6f:d6:9e:9d:50:99:55:31:49:df:cc:d0:08:dc:c3:db:60:24:ca:47Signer

Headers

File Characteristics

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

0a:5a:e1:18:cc:c4:c6:06:e5:a0:c7:45:f1:ba:80:fc:05:f8:33:79:71:b6:cd:83:af:60:47:55:eb:21:80:85
Signer

f1:c1:f8:8b:3e:73:36:fc:5d:ec:97:fd:d1:ab:83:02:81:23:a5:9f
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 232KB

.rsrc
Size: 287KB - Virtual size: 286KB

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

08:6f:a4:86:59:d0:4a:b2:3e:24:16:77:04:ae:4e:5d:f9:fc:97:e5:b9:c0:8e:9e:d5:dd:fc:ea:c4:c9:18:70
Signer

6f:d6:9e:9d:50:99:55:31:49:df:cc:d0:08:dc:c3:db:60:24:ca:47
Signer

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 884B

.reloc
Size: 16KB - Virtual size: 12KB

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

b7:ba:a3:4b:15:eb:5b:3e:4c:d9:23:e4:1f:44:53:9f:0f:62:9c:f9:0f:1e:cf:af:03:28:14:a1:22:42:6b:dd
Signer

79:1b:d9:c4:6a:d2:83:4e:6d:3e:74:1c:6b:d8:75:70:34:ad:11:db
Signer