2ef4e0d3d481425374e04a11d66920e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ef4e0d3d481425374e04a11d66920e7_JaffaCakes118
Size

2.7MB
MD5

2ef4e0d3d481425374e04a11d66920e7
SHA1

df746d817b773d7fd4dd70536c3ceaa96691de13
SHA256

24a5a74da2c1993157fbe5851e91a4797ef0a19bc167c6e431307c135299c7ba
SHA512

0587e0b734b6670b51a35f47d766e2130325d311f383398aae4b4167edeea4a84123677b83ff0635a18a29f2bf97c0f18d4c9cc646ef972be96e00d304ad8238
SSDEEP

49152:Q6MZmibzENxmjoVfjsE+t8qD+o+v1WJDmWzKGMj1avZ6dL85x5YlWbp:p3WzEvmjoJI0qDK0J1EsIl83mle

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsProcess.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

2ef4e0d3d481425374e04a11d66920e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:98:06:95:c7:7b:7c:1c:30:d6:86:ad:61:ef:75:bc:51:16:6a:fd
Signer

Actual PE Digest

00:98:06:95:c7:7b:7c:1c:30:d6:86:ad:61:ef:75:bc:51:16:6a:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KuGooRadio.exe
.exe windows:5 windows x86 arch:x86

270f075f47fb8974d97c83617022fd03

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:5a:bf:07:bc:29:94:e3:46:38:14:49:b5:12:d2:87:c6:68:4d:02
Signer

Actual PE Digest

f1:5a:bf:07:bc:29:94:e3:46:38:14:49:b5:12:d2:87:c6:68:4d:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\kugou_app\Radio\trunk\bin\KuGooRadio.pdb

Imports

wininet

HttpSendRequestW
InternetSetStatusCallbackW
HttpAddRequestHeadersW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW
InternetReadFileExA
HttpQueryInfoW
InternetOpenW

netapi32

Netbios

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

InterlockedDecrement
GlobalLock
OutputDebugStringW
GlobalAlloc
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
MulDiv
lstrcmpW
lstrlenW
GlobalUnlock
SetLastError
LockResource
DeleteCriticalSection
GetVersionExW
FreeLibrary
LoadLibraryW
GetProcAddress
WaitForMultipleObjects
GetTempFileNameW
SetFilePointer
FindResourceExW
GetModuleHandleW
GetTickCount
IsBadReadPtr
WriteFile
SizeofResource
ReadFile
MoveFileW
ResetEvent
SetUnhandledExceptionFilter
LoadLibraryExW
SetProcessWorkingSetSize
lstrcmpiW
OpenFileMappingW
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
GetLocalTime
GlobalHandle
GetFileSize
InterlockedExchange
GetFullPathNameW
GetFullPathNameA
CreateFileA
SetEndOfFile
QueryPerformanceCounter
InterlockedCompareExchange
UnlockFile
LockFile
UnlockFileEx
GetSystemTimeAsFileTime
FormatMessageA
Sleep
FormatMessageW
GetFileAttributesA
FlushFileBuffers
LockFileEx
GetDiskFreeSpaceW
LoadLibraryA
GetDiskFreeSpaceA
GetFileAttributesExW
GetTempPathA
LocalFree
GetSystemTime
DeleteFileA
OpenProcess
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
InterlockedIncrement
LoadResource
FindResourceW
CreateThread
CreateEventW
DeviceIoControl
ResumeThread
OpenEventA
WaitForSingleObjectEx
ReleaseSemaphore
GetModuleHandleA
GetDriveTypeW
SetEnvironmentVariableA
CreateProcessA
GetExitCodeProcess
SetEnvironmentVariableW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCurrentDirectoryW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetHandleCount
CompareStringW
GetTimeZoneInformation
GetLocaleInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
RtlUnwind
GetCPInfo
FindFirstFileExA
GetDriveTypeA
ExitThread
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStartupInfoW
HeapSetInformation
GetCommandLineW
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
ExitProcess
WriteConsoleW
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
PeekNamedPipe
SleepEx
GetTimeFormatA
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
InitializeCriticalSection
SetEvent
WaitForSingleObject
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
CloseHandle
CreateFileW
SetErrorMode
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
EnterCriticalSection
RaiseException
FlushInstructionCache
LeaveCriticalSection
GetCurrentProcess
GetModuleFileNameW
GetPrivateProfileStringW
DeleteFileW
FindNextFileW
FindClose
GetLastError
GetTempPathW
GetDateFormatA

user32

GetUpdateRect
GetWindow
GetMonitorInfoW
DestroyIcon
SetWindowTextW
GetForegroundWindow
EndDeferWindowPos
ValidateRect
EnumThreadWindows
SetForegroundWindow
DeferWindowPos
IsWindowVisible
BeginDeferWindowPos
UpdateWindow
FindWindowW
CreateDialogParamW
SetRect
EnumChildWindows
CopyRect
GetWindowThreadProcessId
SystemParametersInfoW
GetKeyState
SetCursor
CreateDialogIndirectParamW
MapVirtualKeyW
LoadCursorW
MapWindowPoints
UnregisterClassA
HideCaret
ShowCaret
CreateCaret
SetCaretPos
IsWindowEnabled
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
DispatchMessageW
GetDoubleClickTime
SendMessageW
GetSystemMetrics
SetWindowPos
EndDialog
SetWindowLongW
GetDlgItem
MonitorFromWindow
GetWindowLongW
GetClientRect
GetParent
LoadImageW
GetWindowRect
DefWindowProcW
CallWindowProcW
ShowWindow
DestroyWindow
UnhookWindowsHookEx
SetWindowsHookExW
IsWindow
GetActiveWindow
IsDialogMessageW
CallNextHookEx
MoveWindow
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
ReleaseCapture
CreateWindowExW
GetSysColor
GetDesktopWindow
RedrawWindow
ReleaseDC
GetClassNameW
GetWindowTextW
InvalidateRect
RegisterClassExW
SetWindowContextHelpId
GetDC
GetClassInfoExW
BeginPaint
SetFocus
CreateAcceleratorTableW
GetKeyNameTextW
InvalidateRgn
GetFocus
KillTimer
PostMessageW
SetCapture
IsChild
FillRect
RegisterWindowMessageW
CharNextW
MapDialogRect
ScreenToClient
SetTimer
DestroyAcceleratorTable
GetWindowTextLengthW
ClientToScreen
EndPaint
MessageBoxW
GetCursorPos
DialogBoxParamW
EnableWindow
PostQuitMessage
MonitorFromPoint
SetWindowRgn
UpdateLayeredWindow

gdi32

SelectClipRgn
CombineRgn
OffsetRgn
SaveDC
CreateRectRgn
RestoreDC
BitBlt
SetTextColor
DeleteDC
GetDeviceCaps
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW
GetObjectW
GetStockObject
CreateSolidBrush
CreateDIBSection
IntersectClipRect
SetViewportOrgEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW

shell32

SHFileOperationW
ShellExecuteW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetPathFromIDListW
Shell_NotifyIconW

ole32

CoCreateInstance
OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
RegisterDragDrop
RevokeDragDrop
CoInitialize
CoTaskMemRealloc
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
CoGetClassObject
CoCreateGuid
OleUninitialize
OleInitialize

oleaut32

GetErrorInfo
VarUI4FromStr
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString

shlwapi

PathFileExistsW
PathIsDirectoryW
StrStrIW

comctl32

CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx
DestroyPropertySheetPage
_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

riched20

ord4
ord6

gdiplus

GdipGetDC
GdipDrawImageI
GdiplusStartup
GdiplusShutdown
GdipSetPenDashArray
GdipDrawRectangleI
GdipBitmapLockBits
GdipStringFormatGetGenericTypographic
GdipSetImageAttributesColorKeys
GdipBitmapUnlockBits
GdipGetImagePixelFormat
GdipSetTextRenderingHint
GdipCreatePen1
GdipDrawLineI
GdipSetSolidFillColor
GdipDeletePen
GdipDrawImageRect
GdipDrawImagePointsI
GdipImageRotateFlip
GdipReleaseDC
GdipSetStringFormatTrimming
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipCreateHBITMAPFromBitmap
GdipBitmapGetPixel
GdipSetStringFormatAlign
GdipDrawString
GdipRotateWorldTransform
GdipCreateSolidFill
GdipCreateBitmapFromStream
GdipCloneBitmapAreaI
GdipCreateFromHWND
GdipDeleteStringFormat
GdipCreateStringFormat
GdipRestoreGraphics
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipTranslateWorldTransform
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipSaveGraphics
GdipDeleteFontFamily
GdipSetClipRectI
GdipDeleteFont
GdipSetStringFormatLineAlign
GdipMeasureString
GdipCreateBitmapFromHICON
GdipDrawImageRectRectI
GdipGetImageWidth
GdipCreateBitmapFromFile
GdipGetImageHeight
GdipCreatePath
GdipSetClipPath
GdipCloneImage
GdipFillRectangleI
GdipCreateLineBrushI
GdipResetClip
GdipDeletePath
GdipDisposeImage
GdipAlloc
GdipDrawImageRectI
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipCreateBitmapFromScan0
GdipDrawImagePointRectI
GdipAddPathRectangleI
GdipCloneBrush
GdipFree
GdipDeleteBrush

dbghelp

MiniDumpWriteDump

ws2_32

select
__WSAFDIsSet
WSASetLastError
getaddrinfo
freeaddrinfo
socket
getpeername
ioctlsocket
gethostname
connect
WSAStartup
recvfrom
ntohl
inet_addr
htonl
WSASocketW
WSAGetLastError
accept
htons
inet_ntoa
ntohs
getsockname
shutdown
setsockopt
sendto
WSACleanup
recv
bind
getservbyname
closesocket
gethostbyname
send
getsockopt
listen

winmm

timeKillEvent
timeSetEvent

wldap32

ord35
ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord79
ord200
ord33
ord301
ord27
ord41
ord46

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/default.zip
.zip
Add.png
.png
AddFile.png
.png
AddGroup.png
.png
Arrow.png
.png
ButtomPic.png
.png
ColorButton0.png
.png
ColorButton1.png
.png
ColorButton2.png
.png
ColorButton3.png
.png
ColorButton4.png
.png
ColorButton5.png
.png
ColorButton6.png
.png
ColorButton7.png
.png
ColorSildeThumb.png
.png
CommonBtn.png
.png
CommonCheckBox.png
.png
CommonComboBk.png
.png
CommonComboBtn.png
.png
CommonLabelBk.png
.png
CommonWndbk.png
.png
CommonpopBk.png
.png
CommonpopTips.png
.png
CurPlayImg.png
.png
Del.png
.png
DisplayWnd.png
.png
Distinguish.png
.png
Edit.png
.png
FrameCover.png
.png
GroupTreeBtn.png
.png
HueSilde.png
.png
LuminanceSilde.png
.png
MainProgressBtn.png
.png
MainProgressFrame.png
.png
MainWnd.png
.png
MarkCover.png
.png
MenuArrow.png
.png
MenuBackground.png
.png
Minimize.png
.png
Next.png
.png
Play.png
.png
Playing.png
.png
PopDlgButtom.png
.png
PopDlgTop.png
.png
Pre.png
.png
PreView.png
.png
Record.png
.png
Recording.png
.png
SaturationSilde.png
.png
ScrollBarBack.png
.png
ScrollBarBtn.png
.png
ScrollBarThumb.png
.png
Share.png
.png
Skin.png
.png
SkinResDef.xml
SkinWndTabButton.png
.png
Skinbg.png
.png
SpectrumCover.png
.png
SpeedImg.png
.png
SpeedImg.png.png
.png
Splitterback.png
.png
StopTestBtn.png
.png
TVPoint.png
.png
TabBtn.png
.png
TestRadioLabel.png
.png
ToFile.png
.png
ToMyFavorite.png
.png
ToRadio.png
.png
TopMark.png
.png
TreeCheckBox.png
.png
TreeHotImg.png
.png
TreeSelImg.png.png
.png
ValueSildeFrame.png
.png
ValueSildeThumb.png
.png
WinShader.png
.png
btnClose.png
.png
defaultcolor.png
.png
exit.png
.png
find.png
.png
ico.png
.png
imagelist.png
.png
led.png
.png
list.png
.png
list_bg1.png
.png
list_bg2.png
.png
logoBtn.png
.png
logotxt.png
.png
mute.png
.png
pauseing.png
.png
recognize.png
.png
spectrumDlg.png
.png
stoping.png
.png
testspeed.png
.png
tips.png
.png
transmittance.png
.png
δ-2.png
.png
codecs.dll
.dll windows:5 windows x86 arch:x86

7c068e821ca86e836e18ccbd2b281332

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:82:b2:b0:d5:c5:f7:58:cf:f4:4f:16:fc:de:6d:27:32:af:97:b5
Signer

Actual PE Digest

89:82:b2:b0:d5:c5:f7:58:cf:f4:4f:16:fc:de:6d:27:32:af:97:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\project\Kugou\http_living_stream\Release\codecs.pdb

Imports

kernel32

ReleaseMutex
CloseHandle
DeleteFileW
GetCurrentProcessId
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
InterlockedCompareExchange
InterlockedExchange
IsDebuggerPresent
Sleep
RaiseException
GetVersionExW
CreateEventW
GetCurrentThreadId
SetLastError
GetLastError
CreateFileW
GetModuleFileNameW
WriteFile
GetTickCount
WaitForSingleObject
CreateProcessW
SetFilePointer
CreateMutexW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateThread
GetFileSize
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
InterlockedExchangeAdd
FindResourceExW
FindResourceW
FreeLibrary
LoadResource
GetModuleHandleW
LoadLibraryW
SizeofResource
GetProcAddress
LockResource
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
MoveFileExW
GetFileAttributesExW
SetFilePointerEx
ReadFile
InitializeCriticalSection
GetCommandLineA
HeapFree
GetConsoleCP
GetConsoleMode
GetSystemTimeAsFileTime
HeapAlloc
HeapReAlloc
ExitProcess
GetTimeZoneInformation
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
HeapSize
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileA
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
lstrcmpW
SetEvent
ResetEvent
VirtualQuery

user32

PeekMessageW
DispatchMessageW
DefWindowProcW
CreateWindowExW
MsgWaitForMultipleObjectsEx
CallMsgFilterW
RegisterClassExW
TranslateMessage
WaitMessage
KillTimer
PostMessageW
UnregisterClassW
PostQuitMessage
SetTimer
DestroyWindow
MessageBoxW
GetQueueStatus

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemFree

shlwapi

PathRemoveFileSpecA
PathAddBackslashA

winmm

timeGetTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
QueryMediaInfo
kugou_SetPlayerConfigDelegate

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 554KB - Virtual size: 554KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kgplayer.dll
.dll windows:5 windows x86 arch:x86

90809094e4a087d6d23de64d2dfd2c6e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/12/2014, 00:00

Not After

28/12/2017, 23:59

Subject

CN=GuangZhou KuGou Computer Technology Co.\,Ltd.,OU=PC Development Dept.,O=GuangZhou KuGou Computer Technology Co.\,Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f1:c2:42:2b:95:7f:20:95:3b:bc:be:ba:f7:82:de:bf:5f:79:0d:c1
Signer

Actual PE Digest

f1:c2:42:2b:95:7f:20:95:3b:bc:be:ba:f7:82:de:bf:5f:79:0d:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\project\Kugou\http_living_stream\Release\kgplayer.pdb

Imports

user32

BeginPaint
GetUpdateRect
GetDC
InvalidateRect
ReleaseDC
CallWindowProcW
SendMessageW
DestroyWindow
SetTimer
PostQuitMessage
UnregisterClassW
KillTimer
WaitMessage
GetQueueStatus
GetClientRect
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
CreateWindowExW
DefWindowProcW
DispatchMessageW
MessageBoxW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterWindowMessageW
GetDesktopWindow
CharLowerBuffA
FillRect
GetWindowRect
EndPaint
IsWindow
MonitorFromWindow
PeekMessageW
TranslateMessage
PostMessageW
SetWindowLongW

winmm

mixerOpen
mixerClose
mixerGetLineInfoW
mixerGetNumDevs
mixerSetControlDetails
timeEndPeriod
timeGetTime
timeBeginPeriod
timeKillEvent
timeSetEvent
waveOutSetVolume
timeGetDevCaps
mixerGetLineControlsW

kernel32

GetModuleFileNameW
CreateFileW
GetLastError
SetLastError
GetModuleHandleA
OutputDebugStringA
ReleaseMutex
DeleteFileW
GetCurrentProcessId
GetCurrentProcess
GetVersionExW
LocalFree
GetQueuedCompletionStatus
GetModuleHandleW
PostQueuedCompletionStatus
CreateIoCompletionPort
QueryPerformanceCounter
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEvent
ResetEvent
CreateEventW
WaitForMultipleObjects
WideCharToMultiByte
MultiByteToWideChar
TerminateThread
WriteFile
FormatMessageA
CreateProcessW
SetFilePointer
CreateMutexW
SetUnhandledExceptionFilter
CreateThread
GetCurrentThreadId
IsDebuggerPresent
RaiseException
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
TlsAlloc
TlsSetValue
SetFileAttributesW
GetFileAttributesExW
TlsGetValue
ResumeThread
SuspendThread
GetThreadTimes
CreateEventA
CreateSemaphoreA
GetTempFileNameW
OpenFile
VirtualProtect
VirtualQuery
LoadLibraryA
GetFileInformationByHandle
GetCurrentDirectoryW
GetFileAttributesW
CloseHandle
OpenThread
SetThreadPriority
Sleep
GetCurrentThread
InterlockedExchangeAdd
GetProcAddress
InterlockedExchange
LoadLibraryW
GetTickCount
InterlockedCompareExchange
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetDriveTypeA
FindClose
SetFilePointerEx
SetEnvironmentVariableA
GetProcessHeap
SetEndOfFile
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
FlushFileBuffers
ReadFile
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
IsProcessorFeaturePresent
GetStdHandle
CompareStringW
GetDateFormatA
GetTimeFormatA
LCMapStringW
GetCPInfo
ExitThread
RtlUnwind
FindFirstFileExA
TerminateProcess
GetFullPathNameA
PeekNamedPipe
IsDBCSLeadByteEx
GetFileSizeEx
GetThreadPriority
VirtualAlloc
CreateSemaphoreW
VirtualFree
ReleaseSemaphore
lstrcmpW
AreFileApisANSI
GetTempPathW
UnhandledExceptionFilter
HeapSize
HeapQueryInformation
OpenMutexW
InitializeCriticalSection
GetDriveTypeW
DeviceIoControl
SetThreadPriorityBoost
GetSystemInfo
LocalAlloc
GetStringTypeW
GetLocaleInfoW
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ExitProcess
GetConsoleCP
GetConsoleMode

advapi32

RegQueryValueExW
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

oleaut32

VariantClear
VariantInit

ole32

StringFromGUID2
CLSIDFromString
CoFreeUnusedLibraries
PropVariantClear
CoInitializeEx
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
CoUninitialize

dbghelp

ImageDirectoryEntryToData

shell32

SHGetFolderPathW

gdi32

CreateRectRgnIndirect
CombineRgn
FillRgn
GetStockObject
DeleteDC
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmapIndirect
GetObjectW
SetStretchBltMode
SetBitmapBits

dsound

ord2
ord7
ord1
ord6

ws2_32

closesocket
recv
htons
WSAGetLastError
bind
select
getaddrinfo
connect
ioctlsocket
getsockname
ntohl
accept
listen
send
freeaddrinfo
socket

psapi

GetModuleFileNameExW
EnumProcessModules

Exports

Exports

CreatePlayer2
GetCDTrackInfo
GetInstantMediaInfo

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 616KB - Virtual size: 615KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 93KB - Virtual size: 669KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eh_fram
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:cf:6f:8a:41:9c:ad:3b:3b:de:ca:09:2b:cb:a3:fa
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/02/2012, 00:00

Not After

01/02/2015, 23:59

Subject

CN=Guangzhou KuGou Computer Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Guangzhou KuGou Computer Technology Co.\, Ltd.,L=Guangzhou,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:f5:51:15:28:51:3c:20:3d:43:f4:43:1f:c6:19:e1:17:c0:51:d8
Signer

Actual PE Digest

a7:f5:51:15:28:51:3c:20:3d:43:f4:43:1f:c6:19:e1:17:c0:51:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fdCertificate

Extended Key Usages

Key Usages

00:98:06:95:c7:7b:7c:1c:30:d6:86:ad:61:ef:75:bc:51:16:6a:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 247KB

.ndata Size: - Virtual size: 584KB

.rsrc Size: 17KB - Virtual size: 16KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 572B

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

00:98:06:95:c7:7b:7c:1c:30:d6:86:ad:61:ef:75:bc:51:16:6a:fd
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 247KB

.ndata
Size: - Virtual size: 584KB

.rsrc
Size: 17KB - Virtual size: 16KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 646B

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 146B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

f1:5a:bf:07:bc:29:94:e3:46:38:14:49:b5:12:d2:87:c6:68:4d:02
Signer

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 350KB - Virtual size: 349KB

.data
Size: 27KB - Virtual size: 47KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 93KB - Virtual size: 92KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:9e:d9:31:be:e8:ee:dd:8b:fc:72:c7:0c:43:f1:fd
Certificate

89:82:b2:b0:d5:c5:f7:58:cf:f4:4f:16:fc:de:6d:27:32:af:97:b5
Signer