2456af9136d741ea7ebfb41371c9cae7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2456af9136d741ea7ebfb41371c9cae7_JaffaCakes118
Size

37.4MB
MD5

2456af9136d741ea7ebfb41371c9cae7
SHA1

7bd1be6dee5cf07f75bda32c0d3269e4038d5dab
SHA256

cd32f25be844661dbe59ad537a62b36a005c517c44f3eb91366ff6f81db26d73
SHA512

08817c908370abb476642378ff02c830b4bd5cc391c578b49ec4769b29c8fa4ab6d527c3083ca82312fca5513588f62f9e5382cf3380917f74d5104ebdd276c9
SSDEEP

786432:0vruM+fFueYFuEUMVD7eKFub1r2da8n/KseE907C7:0vruM8D0uE9VD6Zrg5/S4l

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

2456af9136d741ea7ebfb41371c9cae7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c3:84:31:f4:fa:38:26:20:0e:13:b0:b2:d0:d9:59:c3:9a:7d:61:dd
Signer

Actual PE Digest

c3:84:31:f4:fa:38:26:20:0e:13:b0:b2:d0:d9:59:c3:9a:7d:61:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HWSignature.dll
.dll windows:5 windows x86 arch:x86

de18af259ae709a6bea8669b60fd1118

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0
Signer

Actual PE Digest

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
FlushFileBuffers
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupFlash.swf
$PLUGINSDIR/SetupLib.dll
.dll windows:5 windows x86 arch:x86

6ec140d5bf186a4279413dcccb298018

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:e2:8e:05:b0:7f:9b:dd:b4:23:05:a9:c3:a2:bb:56:3e:c5:d7:cb
Signer

Actual PE Digest

8b:e2:8e:05:b0:7f:9b:dd:b4:23:05:a9:c3:a2:bb:56:3e:c5:d7:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SetupLib.pdb

Imports

shlwapi

StrStrIW
StrRetToBufW
StrToIntW
SHDeleteKeyW
PathFileExistsW
SHGetValueW

wininet

HttpEndRequestW
InternetQueryOptionW
HttpOpenRequestA
HttpAddRequestHeadersW
InternetWriteFile
InternetReadFile
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetErrorDlg
HttpQueryInfoA
InternetOpenW
InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetConnectA
HttpSendRequestExW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

VirtualProtect
VirtualFree
LoadLibraryA
VirtualAlloc
HeapFree
HeapReAlloc
GetProcessHeap
HeapAlloc
GetVersionExW
SuspendThread
GetThreadContext
SetThreadContext
VirtualQuery
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
SetEndOfFile
GetCurrentDirectoryA
GetFullPathNameA
SetStdHandle
GetModuleHandleA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetTempPathW
DeleteFileW
Sleep
lstrcpyW
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
CreateFileMappingW
Process32FirstW
GlobalFree
EnterCriticalSection
SetLastError
GetLastError
RaiseException
FlushInstructionCache
GetFileAttributesExW
MultiByteToWideChar
CreateFileW
ReadFile
TerminateProcess
GetExitCodeProcess
LeaveCriticalSection
WideCharToMultiByte
GetSystemDirectoryW
GlobalAlloc
OpenProcess
GetTickCount
WaitForSingleObject
GetCurrentProcess
MoveFileExW
CreateProcessW
FreeLibrary
UnmapViewOfFile
MapViewOfFile
DebugBreak
OutputDebugStringW
lstrlenA
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
LocalFree
LocalAlloc
LoadLibraryW
FindNextFileW
FindClose
GetProcAddress
lstrlenW
GetStartupInfoA
SetHandleCount
GetConsoleMode
GetConsoleCP
LCMapStringA
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
HeapCreate
ExitProcess
GetDriveTypeW
RtlUnwind
GetTimeZoneInformation
FindFirstFileA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCommandLineA
ResumeThread
GetFullPathNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
HeapSize
HeapDestroy
IsProcessorFeaturePresent
GetWindowsDirectoryW
CreateFileA
GetACP
SetNamedPipeHandleState
WaitNamedPipeW
CreateIoCompletionPort
TransactNamedPipe
GetQueuedCompletionStatus
WaitForSingleObjectEx
GlobalHandle
GlobalUnlock
GlobalLock
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
QueryPerformanceFrequency
FlushFileBuffers
InterlockedExchange
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
CreateMutexW
CreateThread
DuplicateHandle
ExitThread
FormatMessageW
GetCommandLineW
QueryDosDeviceW
GetModuleHandleW
RemoveDirectoryW
GetLogicalDriveStringsW
SetFileAttributesW
FindFirstFileW
GetLocalTime
lstrcatW
FreeEnvironmentStringsA
GetProcessId
FileTimeToSystemTime
GetFileAttributesW
CopyFileW
GetFileType
WaitForMultipleObjects
PeekNamedPipe
InitializeCriticalSection
CreateDirectoryW
OpenEventW
CreateEventW
SetEvent
SetThreadPriority
GetDiskFreeSpaceExW
ReleaseMutex
OpenFileMappingW
GetExitCodeThread
OpenMutexW
TerminateThread
GetCurrentThread
FormatMessageA
ExpandEnvironmentStringsA
WriteFile
GetTempFileNameW
GetFileSize
SetFilePointer
SleepEx
GetSystemDirectoryA
DeleteCriticalSection
GetStdHandle

user32

TranslateMessage
LoadStringW
CopyRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
GetWindowLongW
InvalidateRect
BeginPaint
LoadImageW
wvsprintfW
FillRect
CharNextW
GetWindowRect
SetTimer
EndPaint
GetKeyboardLayoutList
UnregisterClassA
WindowFromPoint
UnionRect
MonitorFromPoint
SubtractRect
FindWindowW
IntersectRect
GetFocus
OffsetRect
GetCursor
PtInRect
UpdateLayeredWindow
DrawTextW
ClientToScreen
SetCursor
ScreenToClient
SetCapture
GetKeyState
TrackMouseEvent
SetPropW
GetCursorPos
ReleaseCapture
SetRectEmpty
IsIconic
GetDesktopWindow
GetSystemMetrics
GetWindowThreadProcessId
NotifyWinEvent
GetPropW
IsWindowEnabled
GetDC
ReleaseDC
SetActiveWindow
wsprintfA
DestroyIcon
GetSystemMenu
DeleteMenu
GetMenuItemInfoW
wsprintfW
SendMessageTimeoutW
GetMenuItemCount
GetWindowTextLengthW
PostMessageW
KillTimer
GetParent
GetForegroundWindow
GetWindowTextW
GetDlgItem
SetWindowPos
ShowWindow
EnableWindow
SetWindowTextW
UnloadKeyboardLayout
LoadCursorW
GetClientRect
GetClassInfoExW
LoadKeyboardLayoutW
RegisterClassExW
GetMessageW
FindWindowExW
CreateWindowExW
MessageBoxW
SendMessageW
MessageBoxIndirectW
LoadIconW
SetParent
MoveWindow
SystemParametersInfoW
SetFocus
SetForegroundWindow
DestroyWindow
DispatchMessageW
GetMonitorInfoW
IsWindowVisible
MonitorFromWindow
SetRect
IsWindow

gdi32

DeleteDC
GetDeviceCaps
BitBlt
SetViewportOrgEx
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetFontData
GetTextExtentExPointW
SetTextCharacterExtra
SetBkMode
CreateDIBSection
SetTextColor
GetStockObject
CreateFontIndirectW
GetObjectW

advapi32

GetNamedSecurityInfoW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
LookupAccountSidW
GetTokenInformation
RegSetValueExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
OpenProcessToken
RegCreateKeyW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegUnLoadKeyW
RegLoadKeyW
ConvertSidToStringSidW
AdjustTokenPrivileges
RegEnumKeyExW
RegFlushKey
RegEnumValueW
LookupPrivilegeValueW
LookupAccountNameW
RegQueryInfoKeyW
RegOpenKeyW
RegQueryValueExW
RegEnumKeyW

shell32

ShellExecuteExW
SHFileOperationW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderPathW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid
OleCreate
OleSetContainedObject
OleDraw
CoTaskMemFree

oleaut32

VariantInit
SysStringLen
SysAllocString
SysFreeString
VariantClear
GetErrorInfo
SysStringByteLen
SysAllocStringByteLen

ws2_32

sendto
recvfrom
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
ioctlsocket
select
__WSAFDIsSet
socket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
listen
accept
gethostname

wldap32

ord50
ord60
ord143
ord211
ord22
ord26
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46
ord30

imm32

ImmDisableIME
ImmNotifyIME
ImmSetOpenStatus
ImmGetContext
ImmInstallIMEW
ImmGetIMEFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

msimg32

AlphaBlend

oleacc

AccessibleObjectFromWindow
LresultFromObject

Exports

Exports

AddAccess
AddAccessExec
AddAccessOnReg
AddAccess_RX
AddIE7ElevationPolicy
AddSogouImeMgrSchTasks
AttachProgressBar
BackupExe
BackupOtherFile
CancelDelayDelDir
CheckAccess
CmpFile
CreateSmartInfoUid
DefaultBrowserIsIE
DelBackupExe
DelayDelFile
DelayDelReg
DelayDeleteSogouImeFile
DeleteShortcut
DeleteShortcutWithPath
DeleteUsbdt
DownloadQuiet
ExecWait
FilterSid
GetBDInfo
GetCheckBoxState
GetFeedBackContact
GetFeedBackReason
GetHWID
GetHwndImage
GetHwndMain
GetInstallPath
GetOSVersionTime
GetPPName
GetQQStatistics
GetSmartInfoOption
GetVerifyText
GuiInitAndAttach
HideChildWindows
ImageInstallingStart
InitResource
InstSuccessUserNetSchedule
InstallIME
InstalledIMEIsPre30b1
IsFullScreenActivated
IsInWin8
IsInXP
IsReadScreenEnable
IsRecommendTimeout
IsShowOpenMedal
IsSmartInfoEnable
IsSogouExplorerInstalled
IsSogouMobileInstalled
KillProcess
MonitorUninstallCompleted
MonitorVerifyEdit
MonitorVerifyUninstallSelect
MoveImeDir
OnAbort
OnPageLeave
OnPagePre
OnPageShow
OpenPage
Ping
PluginToComp
QQMgrSetIESP
ReadIniStr
ReadSmartInfoOption
RemoveCommonDir
RemoveDir
RemoveFireWall
RemoveIE7ElevationPolicy
RemoveSogouImeMgrSchTasks
RunLotus
SECheckOSInstalled
SaveInstallTime
SetCheckBoxState
SetGuideQQUrl
SetLowLabel
SetMutex
SetQQShowType
SetReadSecond
SetReboot
SetRecommendTime
SetShowQQ
SetSmartInfoOption
SetUrlInvite
SetWithType
ShowQQOrNot
SwitchIme
UnGuiInitAndAttach
UninstallInstPath
UninstallReg
UninstallUsrReg
UpdateFireWall
UpdateFireWall_OctopusDownloader
WaitAccountThread

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 644KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupUi.cupf
$PLUGINSDIR/SogouPY.ime
.dll windows:5 windows x86 arch:x86

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b
Signer

Actual PE Digest

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SogouPy.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
InterlockedIncrement
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
InterlockedCompareExchange
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetLastError
GlobalAddAtomW
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
TlsGetValue
GetCommandLineW
WideCharToMultiByte
CloseHandle
OpenEventW
GetProcAddress
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStartupInfoA
SetHandleCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetQueuedCompletionStatus
TransactNamedPipe
InterlockedExchange
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
GetConsoleMode
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
FreeEnvironmentStringsA

user32

PeekMessageW
PostThreadMessageW
GetKeyboardState
GetForegroundWindow
MessageBoxW
SendMessageW
SetWindowLongW
PostMessageW
GetMessageW
SetTimer
IsWindow
wsprintfW
wsprintfA
WindowFromPoint
IsCharAlphaNumericW
SetRectEmpty
SetWindowPos
MsgWaitForMultipleObjectsEx
wvsprintfW
CopyRect
GetMonitorInfoW
ReleaseCapture
EqualRect
CreateWindowExW
ReleaseDC
OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetClassLongW
GetClassLongW
SetWindowRgn
mouse_event
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
EndDialog
LoadIconW
FindWindowW
GetParent
GetFocus
SetForegroundWindow
DestroyWindow
GetMenuItemCount
GetCursorPos
GetMenuItemInfoW
LoadImageW
GetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetMessageExtraInfo
SendInput
keybd_event
GetSystemMetrics
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW

gdi32

SetMapMode
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
StretchDIBits
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
GetStockObject
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetBkColor
CreateFontW

advapi32

LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptGetKeyParam
RegCreateKeyExA
RegNotifyChangeKeyValue

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket

shlwapi

wnsprintfA
SHGetValueW
SHDeleteKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SogouPY64.ime
.dll windows:5 windows x64 arch:x64

792ef1c1b1d1afbe31eaee5afc9eb35b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a0:b3:33:a1:40:53:4b:00:10:ba:5d:3b:cb:a9:e8:81:4d:a6:e0
Signer

Actual PE Digest

5f:a0:b3:33:a1:40:53:4b:00:10:ba:5d:3b:cb:a9:e8:81:4d:a6:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SogouPy64.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

GlobalGetAtomNameW
LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
GlobalAddAtomW
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
GetProcAddress
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
GetLastError
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
OpenEventW
CloseHandle
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
GetCurrentProcessId
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
GetQueuedCompletionStatus
TransactNamedPipe
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
OutputDebugStringW
FlushFileBuffers
RtlCaptureContext
VirtualQuery
SetUnhandledExceptionFilter
RtlVirtualUnwind
TerminateProcess
lstrlenW
RtlLookupFunctionEntry
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
WideCharToMultiByte
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
FlsSetValue
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
RtlUnwindEx
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
RtlPcToFileHeader
GetCPInfo
GetOEMCP
IsValidCodePage
HeapSetInformation
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
GetFullPathNameW
GetCurrentDirectoryA
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetStdHandle
SetEndOfFile
GetFullPathNameA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
TlsGetValue
GetCommandLineW

user32

OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
ReleaseDC
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetWindowRgn
GetSysColorBrush
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
IsCharAlphaNumericW
WindowFromPoint
wsprintfA
wsprintfW
GetClassLongPtrW
SetClassLongPtrW
mouse_event
PostMessageW
SetWindowLongPtrW
SendMessageW
MessageBoxW
GetForegroundWindow
GetKeyboardState
CreateWindowExW
EqualRect
ReleaseCapture
GetMonitorInfoW
CopyRect
wvsprintfW
MsgWaitForMultipleObjectsEx
SetWindowPos
SetRectEmpty
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
GetWindowLongW
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW
SendMessageTimeoutW
TranslateMessage
DispatchMessageW
GetSystemMetrics
keybd_event
SendInput
GetMessageExtraInfo
GetKeyState
CallNextHookEx
GetAsyncKeyState
GetWindowTextW
GetClassNameW
GetDesktopWindow
SetWindowsHookExW
UnhookWindowsHookEx
GetWindowLongPtrW
LoadImageW
GetMenuItemInfoW
GetCursorPos
GetMenuItemCount
GetMenuInfo
DestroyMenu
DestroyWindow
SetForegroundWindow
GetFocus
GetParent
FindWindowW
LoadIconW
EndDialog
IsWindow
SetTimer
GetMessageW
PeekMessageW
PostThreadMessageW

gdi32

SetBkColor
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
SetPixel
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetStockObject
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
CreateFontW
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetMapMode
StretchDIBits

advapi32

CryptDestroyKey
CryptDecrypt
CryptGetKeyParam
OpenProcessToken
GetTokenInformation
LookupAccountSidW
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptReleaseContext
RegNotifyChangeKeyValue
RegCreateKeyExA

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

shlwapi

StrStrIW
wnsprintfA
SHDeleteKeyA
SHGetValueW

oleacc

AccessibleObjectFromWindow
LresultFromObject

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 162KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SogouIn
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/install0.png
.png
$PLUGINSDIR/install1.png
.png
$PLUGINSDIR/install2.png
.png
$PLUGINSDIR/install3.png
.png
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SogouPY.ime
.dll windows:5 windows x86 arch:x86

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b
Signer

Actual PE Digest

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SogouPy.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
InterlockedIncrement
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
InterlockedCompareExchange
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetLastError
GlobalAddAtomW
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
TlsGetValue
GetCommandLineW
WideCharToMultiByte
CloseHandle
OpenEventW
GetProcAddress
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStartupInfoA
SetHandleCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetQueuedCompletionStatus
TransactNamedPipe
InterlockedExchange
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
GetConsoleMode
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
FreeEnvironmentStringsA

user32

PeekMessageW
PostThreadMessageW
GetKeyboardState
GetForegroundWindow
MessageBoxW
SendMessageW
SetWindowLongW
PostMessageW
GetMessageW
SetTimer
IsWindow
wsprintfW
wsprintfA
WindowFromPoint
IsCharAlphaNumericW
SetRectEmpty
SetWindowPos
MsgWaitForMultipleObjectsEx
wvsprintfW
CopyRect
GetMonitorInfoW
ReleaseCapture
EqualRect
CreateWindowExW
ReleaseDC
OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetClassLongW
GetClassLongW
SetWindowRgn
mouse_event
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
EndDialog
LoadIconW
FindWindowW
GetParent
GetFocus
SetForegroundWindow
DestroyWindow
GetMenuItemCount
GetCursorPos
GetMenuItemInfoW
LoadImageW
GetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetMessageExtraInfo
SendInput
keybd_event
GetSystemMetrics
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW

gdi32

SetMapMode
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
StretchDIBits
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
GetStockObject
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetBkColor
CreateFontW

advapi32

LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptGetKeyParam
RegCreateKeyExA
RegNotifyChangeKeyValue

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket

shlwapi

wnsprintfA
SHGetValueW
SHDeleteKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SogouPY.ime~
.dll windows:5 windows x86 arch:x86

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b
Signer

Actual PE Digest

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SogouPy.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
InterlockedIncrement
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
InterlockedCompareExchange
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetLastError
GlobalAddAtomW
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
TlsGetValue
GetCommandLineW
WideCharToMultiByte
CloseHandle
OpenEventW
GetProcAddress
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStartupInfoA
SetHandleCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetQueuedCompletionStatus
TransactNamedPipe
InterlockedExchange
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
GetConsoleMode
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
FreeEnvironmentStringsA

user32

PeekMessageW
PostThreadMessageW
GetKeyboardState
GetForegroundWindow
MessageBoxW
SendMessageW
SetWindowLongW
PostMessageW
GetMessageW
SetTimer
IsWindow
wsprintfW
wsprintfA
WindowFromPoint
IsCharAlphaNumericW
SetRectEmpty
SetWindowPos
MsgWaitForMultipleObjectsEx
wvsprintfW
CopyRect
GetMonitorInfoW
ReleaseCapture
EqualRect
CreateWindowExW
ReleaseDC
OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetClassLongW
GetClassLongW
SetWindowRgn
mouse_event
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
EndDialog
LoadIconW
FindWindowW
GetParent
GetFocus
SetForegroundWindow
DestroyWindow
GetMenuItemCount
GetCursorPos
GetMenuItemInfoW
LoadImageW
GetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetMessageExtraInfo
SendInput
keybd_event
GetSystemMetrics
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW

gdi32

SetMapMode
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
StretchDIBits
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
GetStockObject
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetBkColor
CreateFontW

advapi32

LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptGetKeyParam
RegCreateKeyExA
RegNotifyChangeKeyValue

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket

shlwapi

wnsprintfA
SHGetValueW
SHDeleteKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_13_/HWSignature.dll
.dll windows:5 windows x86 arch:x86

de18af259ae709a6bea8669b60fd1118

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0
Signer

Actual PE Digest

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
FlushFileBuffers
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8.0.0.8023/HWSignature.dll
.dll windows:5 windows x86 arch:x86

de18af259ae709a6bea8669b60fd1118

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0
Signer

Actual PE Digest

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
FlushFileBuffers
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8.0.0.8023/SetupUi.cupf
8.0.0.8023/SogouPY7.ime
.dll windows:5 windows x86 arch:x86

0fd6c2568420f823cf69e793ed85f7c5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b
Signer

Actual PE Digest

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\SogouPy.pdb

Imports

msimg32

GradientFill
TransparentBlt
AlphaBlend

kernel32

LCMapStringW
DuplicateHandle
OpenProcess
GetCurrentProcess
InterlockedIncrement
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteFileW
LoadLibraryW
CreateSemaphoreW
ReleaseSemaphore
CreateEventW
OpenThread
SetEvent
CreateThread
ReleaseMutex
OpenFileMappingW
CreateFileMappingW
OpenMutexW
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
ResumeThread
InterlockedCompareExchange
GlobalGetAtomNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetNamedPipeHandleState
EnterCriticalSection
GetLastError
GlobalAddAtomW
GetCurrentThread
SetThreadPriority
GetTempPathW
GetSystemDirectoryW
GetFileAttributesExW
CreateFileW
ReadFile
LeaveCriticalSection
Sleep
InitializeCriticalSection
WriteFile
WaitNamedPipeW
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetACP
InterlockedDecrement
GetCurrentProcessId
OutputDebugStringW
GetModuleFileNameA
GlobalFree
GlobalUnlock
GetModuleFileNameW
GlobalAlloc
TlsSetValue
GlobalLock
TlsGetValue
GetCommandLineW
WideCharToMultiByte
CloseHandle
OpenEventW
GetProcAddress
SetEnvironmentVariableA
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
GetStartupInfoA
SetHandleCount
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetCurrentDirectoryA
GetFullPathNameW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
GetQueuedCompletionStatus
TransactNamedPipe
InterlockedExchange
CreateIoCompletionPort
ExitThread
GetVersionExW
IsBadReadPtr
CreateMutexW
FindFirstFileW
FindClose
FileTimeToSystemTime
GetLocalTime
HeapAlloc
GetProcessHeap
VirtualAlloc
LoadLibraryA
VirtualProtect
VirtualFree
GetFileTime
CreateDirectoryW
FindNextFileW
RemoveDirectoryW
GetFileSize
lstrlenA
FreeLibrary
HeapFree
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
lstrcpyA
GetSystemDirectoryA
lstrcatA
CopyFileA
HeapReAlloc
SetLastError
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetTempFileNameW
CreateProcessW
MoveFileExW
CopyFileW
GetExitCodeProcess
GetFileAttributesW
GetProcessId
SetFileAttributesW
SetFilePointer
FormatMessageW
GetLogicalDriveStringsW
QueryDosDeviceW
TlsAlloc
TlsFree
GetConsoleMode
FlushFileBuffers
VirtualQuery
SetUnhandledExceptionFilter
TerminateProcess
lstrlenW
lstrcatW
IsDebuggerPresent
lstrcpyW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalHandle
WaitForSingleObjectEx
SetWaitableTimer
CreateWaitableTimerW
OpenWaitableTimerW
SleepEx
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
FormatMessageA
LoadLibraryExW
ExpandEnvironmentStringsW
GetEnvironmentVariableW
CompareStringW
MulDiv
GetWindowsDirectoryA
GlobalReAlloc
CreateFileMappingA
OpenFileMappingA
GetModuleHandleA
SwitchToThread
RaiseException
UnhandledExceptionFilter
ExitProcess
GetCommandLineA
GetTimeZoneInformation
FileTimeToLocalFileTime
GetDriveTypeW
RtlUnwind
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapCreate
HeapDestroy
HeapSize
GetConsoleCP
FreeEnvironmentStringsA

user32

PeekMessageW
PostThreadMessageW
GetKeyboardState
GetForegroundWindow
MessageBoxW
SendMessageW
SetWindowLongW
PostMessageW
GetMessageW
SetTimer
IsWindow
wsprintfW
wsprintfA
WindowFromPoint
IsCharAlphaNumericW
SetRectEmpty
SetWindowPos
MsgWaitForMultipleObjectsEx
wvsprintfW
CopyRect
GetMonitorInfoW
ReleaseCapture
EqualRect
CreateWindowExW
ReleaseDC
OffsetRect
GetDC
GetClientRect
LoadCursorW
SetCapture
MonitorFromPoint
UpdateLayeredWindow
SetCursor
DefWindowProcW
CallWindowProcW
EnableWindow
RegisterClassExW
SetPropW
BeginPaint
IsWindowEnabled
TrackMouseEvent
UnregisterClassW
NotifyWinEvent
ScreenToClient
EndPaint
DrawTextW
IntersectRect
SubtractRect
RedrawWindow
GetCursor
SetMenuItemInfoW
FillRect
GetMenuItemRect
MenuItemFromPoint
GetMenuItemID
GetKeyboardLayoutList
LoadStringW
DestroyIcon
CreateDialogParamW
DialogBoxParamW
SetClipboardData
SetCaretPos
OpenClipboard
EmptyClipboard
CloseClipboard
GetWindowPlacement
InflateRect
SetCursorPos
SetClassLongW
GetClassLongW
SetWindowRgn
mouse_event
GetClassInfoExW
SetScrollInfo
PostQuitMessage
LoadBitmapW
IsRectEmpty
EndDialog
LoadIconW
FindWindowW
GetParent
GetFocus
SetForegroundWindow
DestroyWindow
GetMenuItemCount
GetCursorPos
GetMenuItemInfoW
LoadImageW
GetWindowLongW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
GetClassNameW
GetWindowTextW
GetAsyncKeyState
CallNextHookEx
GetKeyState
GetMessageExtraInfo
SendInput
keybd_event
GetSystemMetrics
DispatchMessageW
TranslateMessage
SendMessageTimeoutW
GetWindowTextLengthW
SetRect
MoveWindow
EnumWindows
KillTimer
UnregisterHotKey
RegisterHotKey
InvalidateRect
IsWindowVisible
GetWindowRect
IsIconic
SystemParametersInfoW
ShowWindow
ClientToScreen
PtInRect
GetAncestor
GetCaretPos
FindWindowExW
GetPropW
GetWindowThreadProcessId
GetWindow
RegisterWindowMessageW

gdi32

SetMapMode
ExtCreateRegion
GetTextExtentPoint32W
GetCharABCWidthsFloatW
CombineRgn
OffsetRgn
Rectangle
GetPixel
GetObjectW
CreateCompatibleDC
SelectObject
DeleteObject
CreateDIBSection
DeleteDC
GetClipRgn
MoveToEx
LineTo
SelectClipRgn
CreateCompatibleBitmap
GetFontUnicodeRanges
GetTextExtentExPointW
CreateRectRgn
CreatePen
GetTextMetricsW
GetTextExtentPointW
CreateSolidBrush
GetDeviceCaps
StretchDIBits
GetFontData
CreateFontIndirectW
BitBlt
SetTextColor
GetStockObject
StretchBlt
SetBkMode
SetTextCharacterExtra
CreateDCW
SetBkColor
CreateFontW

advapi32

LookupAccountSidW
OpenProcessToken
GetTokenInformation
RegOpenKeyW
RegCreateKeyExW
AddAccessAllowedAceEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
InitializeAcl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetLengthSid
SetSecurityDescriptorSacl
RegQueryValueW
CryptDecrypt
CryptReleaseContext
CryptDestroyKey
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegDeleteValueA
RegEnumValueA
CryptGetKeyParam
RegCreateKeyExA
RegNotifyChangeKeyValue

imm32

ImmGetHotKey
ImmGenerateMessage
ImmGetIMCCSize
ImmCreateIMCC
ImmReSizeIMCC
ImmNotifyIME
ImmDisableIME
ImmLockIMCC
ImmUnlockIMC
ImmAssociateContextEx
ImmLockIMC
ImmUnlockIMCC

ws2_32

WSAStartup
WSACleanup
closesocket
WSAGetLastError
recv
send
getsockname
ntohs
bind
htons
getsockopt
getpeername
setsockopt
connect
socket
inet_addr
gethostbyname
inet_ntoa
htonl
getservbyname
gethostbyaddr
getservbyport
WSASetLastError
gethostname
sendto
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket

shlwapi

wnsprintfA
SHGetValueW
SHDeleteKeyA

oleacc

LresultFromObject
AccessibleObjectFromWindow

Exports

Exports

ImeConfigure
ImeConversionList
ImeDestroy
ImeEnumRegisterWord
ImeEscape
ImeGetRegisterWordStyle
ImeInquire
ImeProcessKey
ImeRegisterWord
ImeSelect
ImeSetActiveContext
ImeSetCompositionString
ImeToAsciiEx
ImeUnregisterWord
NotifyIME

Sections

.text
Size: 3.5MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SogouExe/HWSignatureEx.dll
.dll windows:5 windows x86 arch:x86

de18af259ae709a6bea8669b60fd1118

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

30/09/2015, 00:00

Not After

28/09/2018, 23:59

Subject

CN=Sogou.com,OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0
Signer

Actual PE Digest

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\project\sogouime\branch\PinyinDev_R_8_0_OldKernel\Bin\SogouPdb\SogouInput\HWSignature.pdb

Imports

ws2_32

WSAStartup

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
FlushFileBuffers
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
WideCharToMultiByte
GetModuleFileNameW
MultiByteToWideChar
HeapSize
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID
GetDllVersionA

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

c3:84:31:f4:fa:38:26:20:0e:13:b0:b2:d0:d9:59:c3:9a:7d:61:ddSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 1.9MB

.rsrc Size: 134KB - Virtual size: 134KB

de18af259ae709a6bea8669b60fd1118

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ceCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0Signer

Headers

File Characteristics

PDB Paths

Imports

ws2_32

version

kernel32

user32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

c3:84:31:f4:fa:38:26:20:0e:13:b0:b2:d0:d9:59:c3:9a:7d:61:dd
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 1.9MB

.rsrc
Size: 134KB - Virtual size: 134KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6d:cc:00:6a:b6:e8:b9:ae:20:88:11:a3:a1:e8:50:5e:92:27:10:f0
Signer

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

8b:e2:8e:05:b0:7f:9b:dd:b4:23:05:a9:c3:a2:bb:56:3e:c5:d7:cb
Signer

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 644KB - Virtual size: 644KB

.data
Size: 72KB - Virtual size: 151KB

.rsrc
Size: 1024B - Virtual size: 712B

.reloc
Size: 111KB - Virtual size: 110KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7d:c7:02:07:5f:cc:db:9e:63:38:5f:f5:13:14:c4:ce
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

8c:22:94:0f:2d:b5:e0:05:7e:a9:df:e7:ca:c3:13:65:76:9c:99:3b
Signer