3048c0d716c2bd0e4b2772f2005b9156_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3048c0d716c2bd0e4b2772f2005b9156_JaffaCakes118
Size

4.5MB
MD5

3048c0d716c2bd0e4b2772f2005b9156
SHA1

5e1af8fef2223b9908408390a96bc445b777b355
SHA256

f54b4044b0e3baf160ab4bcc57f28701e2186fe8b48a235948d13f142936aec6
SHA512

134a7ed4384372847ba6facae65937a22305f93529c9c5a9f168d88b645fe52ceb6c05d9f84597c2c08a5e3a51d3e08c4d1d72c80781350e0f68d961e8c6bf3d
SSDEEP

98304:aVCx8gnkVwCPEynEIP/Lnt+by/kR7u0uTiooxhhrNSMCNxtg1eQsiWE:wi/LCsa/LnwbHUi/hANxMeQsiWE

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 6 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/AptNail.dll	acprotect
static1/unpack001/Fireman.dll	acprotect
static1/unpack001/FunKoala.dll	acprotect
static1/unpack001/FunSeed.dll	acprotect
static1/unpack001/FunWorks.dll	acprotect
static1/unpack001/Inst.dll	acprotect

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/AptNail.dll	upx
static1/unpack001/Fireman.dll	upx
static1/unpack001/FunKoala.dll	upx
static1/unpack001/FunKoala64.dll	upx
static1/unpack001/FunSeed.dll	upx
static1/unpack001/FunSeed64.dll	upx
static1/unpack001/FunWorks.dll	upx
static1/unpack001/FunWorks64.dll	upx
static1/unpack001/Inst.dll	upx
static1/unpack001/uninst.exe	upx

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx
unpack004/out.upx
unpack005/out.upx
unpack006/out.upx
unpack007/out.upx
unpack008/out.upx
unpack009/out.upx

Files

3048c0d716c2bd0e4b2772f2005b9156_JaffaCakes118
.zip
AcceData.dll
.exe windows:5 windows x86 arch:x86

239bd0d3000bc4bbad65bcdd4c68ff77

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:a4:b5:d4:9f:e8:57:47:48:e8:b4:02:fe:f0:56:ca:fc:ad:15:d6
Signer

Actual PE Digest

5f:a4:b5:d4:9f:e8:57:47:48:e8:b4:02:fe:f0:56:ca:fc:ad:15:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\bin\Release\风行视频加速器.link.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlW
InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle

urlmon

UrlMkGetSessionOption

kernel32

CloseHandle
GetCurrentProcessId
GetNativeSystemInfo
GetCurrentProcess
GetModuleHandleW
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar
SetLastError
GetProcAddress
GetFileAttributesExW
WriteFile
CreateFileW
FlushFileBuffers
GetCurrentThreadId
InterlockedDecrement
SetFilePointer
ReadFile
LoadLibraryW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
CreateEventW
CreateEventA
SetEvent
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FormatMessageA
LocalFree
WriteConsoleW
SetStdHandle
TerminateProcess
Sleep
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
FindResourceExW
GetFileType
FindResourceW
LoadResource
LockResource
SizeofResource
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
QueryPerformanceCounter
GetTickCount
GetACP
GetConsoleMode
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LCMapStringW
RtlUnwind
GetCPInfo
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetConsoleCP
IsProcessorFeaturePresent
GetOEMCP
InterlockedIncrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
IsValidCodePage

ole32

CoCreateGuid

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptNail.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:cf:16:22:1c:15:56:9f:e0:a4:42:5a:07:69:36:5c:c9:93:cc:15
Signer

Actual PE Digest

f7:cf:16:22:1c:15:56:9f:e0:a4:42:5a:07:69:36:5c:c9:93:cc:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
startupW

Sections

UPX0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptRegIns.dll
.dll windows:5 windows x86 arch:x86

a3de791311726f3b8349fccb0b00a37f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03/02/2015, 00:00

Not After

03/03/2026, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

56:ef:4a:1b:94:fd:0c:76:13:f7:22:15:7d:94:05:79:d6:c6:c1:24
Signer

Actual PE Digest

56:ef:4a:1b:94:fd:0c:76:13:f7:22:15:7d:94:05:79:d6:c6:c1:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\bin\release\AptRegIns.pdb

Imports

kernel32

GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
lstrlenA
InterlockedDecrement
ReadFile
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
GetFileSize
SetFilePointer
LoadLibraryW
CopyFileW
GetFileAttributesW
GetStartupInfoW
GetTickCount
LocalFree
GetExitCodeProcess
HeapAlloc
HeapFree
GetProcessHeap
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
IsValidLocale
OpenMutexW
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
QueryPerformanceCounter
FlushFileBuffers
CreateFileW
WriteFile
CreateMutexW
GetModuleFileNameA
CloseHandle
GetFileAttributesExW
GetProcAddress
SetLastError
GetLastError
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
TerminateProcess
GetVersionExW
FindResourceExW
Sleep
WideCharToMultiByte
GetPrivateProfileStringW
GetModuleHandleW
CreateProcessW
GetNativeSystemInfo
DisableThreadLibraryCalls
ExitProcess
WaitForSingleObject
GetCurrentProcess
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
SetHandleCount
GetLocaleInfoW
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
GetCommandLineA
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedIncrement
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
GetCommandLineW
LockResource
SizeofResource
LoadResource
FindResourceW
EnumSystemLocalesA

user32

CloseDesktop
wsprintfW
CreateDesktopW
SendMessageW
IsWindow

advapi32

GetSidSubAuthority
GetUserNameW
GetSidSubAuthorityCount
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
IsValidSid
LookupAccountNameW
RegQueryValueExW
GetSidIdentifierAuthority

shell32

SHGetSpecialFolderPathW
ord165

ole32

CoCreateGuid

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wsock32

htons
gethostname
htonl
gethostbyname

wininet

InternetOpenA
InternetGetConnectedState
HttpQueryInfoW
InternetSetOptionA
InternetCloseHandle
InternetOpenUrlW

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
GetIfTable

urlmon

UrlMkGetSessionOption

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
startupW

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptRelay.exe
.exe windows:5 windows x86 arch:x86

21af0eba9ad054d42a74e91a385f2c56

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b9:bb:ed:69:2d:c4:76:18:68:0a:8a:f5:4d:d7:33:e3:79:92:30:39
Signer

Actual PE Digest

b9:bb:ed:69:2d:c4:76:18:68:0a:8a:f5:4d:d7:33:e3:79:92:30:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Users\minkj\Fun Player\Rel2.8.6\src\toolkits\bin\Release\AptRelay.pdb

Imports

kernel32

GetCurrentProcess
WideCharToMultiByte
GetModuleFileNameW
GetPrivateProfileIntW
GetStartupInfoW
ReadFile
GetLastError
TerminateProcess
GetCurrentProcessId
WriteFile
SetFilePointer
CreateFileW
GetFileSize
CopyFileW
FreeLibrary
LoadLibraryW
FlushFileBuffers
GetCurrentThreadId
GetNativeSystemInfo
GetFileAttributesW
CompareStringW
SetStdHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
GetVersionExW
MultiByteToWideChar
GetModuleHandleW
GetProcAddress
GetCommandLineW
CloseHandle
LockResource
WritePrivateProfileStringW
lstrlenW
SizeofResource
Sleep
GetPrivateProfileStringW
CreateProcessW
LoadResource
FindResourceW
IsProcessorFeaturePresent
SetEnvironmentVariableA
GetTickCount
QueryPerformanceCounter
HeapCreate
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
ExitProcess
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
FindResourceExW
RtlUnwind
GetTimeZoneInformation
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
InterlockedExchange
InitializeCriticalSection
EncodePointer
DecodePointer
HeapSetInformation
GetSystemTimeAsFileTime

advapi32

RegSetValueExW
RegFlushKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid

shlwapi

PathFindFileNameW
PathFileExistsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetOpenUrlW
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetOptionA
HttpQueryInfoW

urlmon

UrlMkGetSessionOption

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptSpare.dll
.dll windows:5 windows x86 arch:x86

91c0d71fb32caf68eb0470d7e7623075

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:41:00:25:6b:66:a2:97:68:c4:7d:c5:47:9c:cd:73:2e:b3:64:97
Signer

Actual PE Digest

f7:41:00:25:6b:66:a2:97:68:c4:7d:c5:47:9c:cd:73:2e:b3:64:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\Release\AptSpare.pdb

Imports

kernel32

InterlockedDecrement
GetFileSize
SetFilePointer
ReadFile
CopyFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameA
GetFileAttributesW
GetStartupInfoW
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
SetStdHandle
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetLocaleInfoW
IsProcessorFeaturePresent
LocalFree
GetFileAttributesExW
SetLastError
GetModuleFileNameW
TerminateProcess
GetVersionExW
Sleep
GetPrivateProfileStringW
GetModuleHandleW
GetCurrentProcess
GetNativeSystemInfo
GetCurrentProcessId
CloseHandle
ReleaseMutex
GetCurrentThreadId
OpenMutexW
lstrlenW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
WideCharToMultiByte
WriteFile
CreateMutexW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
GetStdHandle
SetHandleCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
ExitProcess
CompareStringW
LCMapStringW
RtlUnwind
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
GetCommandLineA
DecodePointer
lstrcpyW
CreateEventW
FreeLibrary
WaitForSingleObject
SetEvent
DeleteFileW
GetProcAddress
LoadLibraryW
FindResourceExW
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedCompareExchange
InterlockedIncrement
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
GetConsoleCP

user32

wsprintfW
IsWindow
SendMessageW

advapi32

GetSidSubAuthority
GetUserNameW
GetSidSubAuthorityCount
RegQueryValueExW
LookupAccountNameW
IsValidSid
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
GetSidIdentifierAuthority

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

crypt32

CryptVerifyMessageSignature

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wsock32

htons
htonl
gethostname
gethostbyname

wininet

InternetOpenUrlW
HttpQueryInfoW
InternetSetOptionA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
GetIfTable

urlmon

UrlMkGetSessionOption

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
load

Sections

.text
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptSpare.exe
.exe windows:5 windows x86 arch:x86

1f47c3ad0190776db5f5f3aea291c584

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:e2:96:ef:8e:9d:fd:ad:14:40:f6:75:d7:3a:d1:7f:6a:f9:a5:41
Signer

Actual PE Digest

c3:e2:96:ef:8e:9d:fd:ad:14:40:f6:75:d7:3a:d1:7f:6a:f9:a5:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\Release\AptSpare.pdb

Imports

kernel32

DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateMutexW
WaitForSingleObject
WriteFile
CreateFileW
FlushFileBuffers
OpenMutexW
GetCurrentThreadId
ReleaseMutex
GetCurrentProcessId
Sleep
SetLastError
LocalFree
InterlockedDecrement
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WritePrivateProfileStringW
HeapReAlloc
GetProcessHeap
WriteConsoleW
GetTempPathW
lstrcpyW
GetNativeSystemInfo
LockResource
GetLastError
MultiByteToWideChar
SizeofResource
WideCharToMultiByte
GetCurrentProcess
LoadResource
FindResourceW
FindResourceExW
lstrcatW
ResumeThread
WriteProcessMemory
CloseHandle
lstrcmpiW
VirtualAllocEx
GetProcAddress
GetModuleFileNameW
TerminateProcess
SetStdHandle
HeapAlloc
GetConsoleMode
GetConsoleCP
GetStringTypeW
InterlockedExchange
HeapFree
LCMapStringW
IsProcessorFeaturePresent
HeapSize
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
ReadProcessMemory
LoadLibraryW
GetModuleHandleW
CreateProcessW
FreeLibrary
SetThreadContext
GetThreadContext
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
RaiseException
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear

shlwapi

PathRemoveFileSpecW
PathFileExistsW

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptSpare64.dll
.dll windows:5 windows x64 arch:x64

87843f7a8529eb00b762685dfb939074

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:dd:d7:54:6d:ea:87:98:1c:30:a1:b3:a0:70:f5:57:63:1a:b4:d4
Signer

Actual PE Digest

f8:dd:d7:54:6d:ea:87:98:1c:30:a1:b3:a0:70:f5:57:63:1a:b4:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\x64\Release\AptSpare64.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
ReadFile
GetFileSize
CopyFileW
GetModuleFileNameA
GetFileAttributesW
GetStartupInfoW
GetTickCount
HeapAlloc
HeapFree
GetProcessHeap
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
CreateFileA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetLocaleInfoW
IsValidCodePage
LocalFree
TerminateProcess
Sleep
GetPrivateProfileStringW
GetModuleFileNameW
GetFileAttributesExW
SetLastError
GetCurrentProcess
GetNativeSystemInfo
GetVersionExW
GetModuleHandleW
GetCurrentThreadId
GetCurrentProcessId
WriteFile
FlushFileBuffers
ReleaseMutex
WideCharToMultiByte
CreateFileW
lstrlenW
CreateMutexW
OpenMutexW
CloseHandle
MultiByteToWideChar
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileType
GetStdHandle
SetHandleCount
FlsAlloc
FlsFree
FlsGetValue
ExitProcess
CompareStringW
GetCPInfo
LCMapStringW
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetTimeZoneInformation
GetTimeFormatW
GetDateFormatW
RtlLookupFunctionEntry
RtlUnwindEx
lstrcpyW
CreateEventW
FreeLibrary
WaitForSingleObject
SetEvent
DeleteFileW
GetProcAddress
LoadLibraryW
FindResourceExW
GetSystemTimeAsFileTime
RtlPcToFileHeader
GetCommandLineA
FlsSetValue
DecodePointer
EncodePointer
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError

user32

wsprintfW
IsWindow
SendMessageW

advapi32

RegCloseKey
RegQueryValueExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameW
GetUserNameW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateGuid

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindFileNameW

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

crypt32

CryptVerifyMessageSignature

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wsock32

htons
htonl
gethostname
gethostbyname

wininet

HttpQueryInfoW
InternetSetOptionA
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetOpenUrlW

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute
GetIfTable

urlmon

UrlMkGetSessionOption

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
load

Sections

.text
Size: 339KB - Virtual size: 339KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AptSpare64.exe
.exe windows:5 windows x64 arch:x64

95dee9edcb9edf6fb5de6188bdf47b6c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cd:9a:d2:8c:82:71:b5:fb:be:39:32:ca:28:8f:26:af:95:cd:51:0a
Signer

Actual PE Digest

cd:9a:d2:8c:82:71:b5:fb:be:39:32:ca:28:8f:26:af:95:cd:51:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\FunPuppet\x64\Release\AptSpare64.pdb

Imports

kernel32

DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
OpenMutexW
CreateMutexW
CreateFileW
ReleaseMutex
FlushFileBuffers
WriteFile
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
GetNativeSystemInfo
SetLastError
Sleep
LocalFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
HeapReAlloc
WritePrivateProfileStringW
HeapFree
GetProcessHeap
WriteConsoleW
GetTempPathW
SetUnhandledExceptionFilter
CloseHandle
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetCurrentProcess
ReadProcessMemory
GetThreadContext
CreateProcessW
lstrcatW
lstrcpyW
GetCommandLineW
TerminateProcess
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
LCMapStringW
RtlLookupFunctionEntry
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
ExitProcess
HeapSize
FlsAlloc
ResumeThread
SetThreadContext
WriteProcessMemory
VirtualAllocEx
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FlsFree
FlsSetValue
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
RtlCaptureContext
HeapAlloc
RtlVirtualUnwind
IsDebuggerPresent
EncodePointer
DecodePointer
GetStartupInfoW
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
RtlUnwindEx
UnhandledExceptionFilter

shell32

SHGetSpecialFolderPathW

oleaut32

VariantClear

shlwapi

PathRemoveFileSpecW
PathFileExistsW

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

crypt32

CryptVerifyMessageSignature

Sections

.text
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Fireman.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:87:de:fa:71:1a:f7:45:de:f7:a0:06:6e:57:1a:65:4e:44:76:17
Signer

Actual PE Digest

84:87:de:fa:71:1a:f7:45:de:f7:a0:06:6e:57:1a:65:4e:44:76:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
startupW

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 189KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 377KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunDodge.dll
.dll windows:5 windows x86 arch:x86

8cc4e2b28f1fbe3e4c55b82a07883c73

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

13:14:c4:82:96:9c:12:2c:4b:7c:8d:39:7f:ea:a3:bc:17:33:06:03
Signer

Actual PE Digest

13:14:c4:82:96:9c:12:2c:4b:7c:8d:39:7f:ea:a3:bc:17:33:06:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
lstrlenW
GetLastError
SetLastError
GetFileAttributesExW
WinExec
CloseHandle
GetFileSize
SetFilePointer
WriteFile
ReadFile
CreateFileW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FlushFileBuffers
GetCurrentThreadId
InterlockedDecrement
GetFileAttributesW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetModuleFileNameA
LocalFree
WriteConsoleW
SetStdHandle
GetModuleHandleW
GetConsoleMode
GetConsoleCP
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetCurrentProcess
GetProcAddress
GetModuleFileNameW
CopyFileW
LoadLibraryW
FreeLibrary
Sleep
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileSectionW
FindResourceExW
FindResourceW
LoadResource
LockResource
GetCurrentProcessId
SizeofResource
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
ExitProcess
HeapCreate
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetStringTypeW
InterlockedExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
InitializeCriticalSectionAndSpinCount
GetCommandLineW
RaiseException

user32

GetWindowThreadProcessId
GetWindowTextW
GetClassNameW
IsWindowVisible
GetWindowRect
EnumChildWindows
GetForegroundWindow
EnumWindows
FindWindowW
GetCursorPos
WindowFromPoint
wsprintfW

advapi32

RegQueryValueExW
IsValidSid
LookupAccountNameW
GetSidSubAuthorityCount
GetUserNameW
GetSidSubAuthority
GetSidIdentifierAuthority
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
ord165

ole32

CoCreateGuid
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear

shlwapi

SHSetValueW
SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetOpenUrlW
InternetSetOptionA
InternetCloseHandle
InternetOpenA
InternetGetConnectedState

urlmon

UrlMkGetSessionOption

Exports

Exports

WriteDangerLog
getAvoidType
getDangerDomains
getDangerTags
getDangerType
iDangerAppIn
isDangerProcAtFront
isDomainAvoid
isInDanger
isInVirtualMachine
isProcessAvoid
isRegeditAvoid
isTagAvoid

Sections

.text
Size: 238KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunKoala.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f8:9e:1f:c3:4a:07:e9:9b:90:40:1c:8d:d3:8c:2a:b3:5f:ed:23:8f
Signer

Actual PE Digest

f8:9e:1f:c3:4a:07:e9:9b:90:40:1c:8d:d3:8c:2a:b3:5f:ed:23:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

startupW

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 169KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunKoala64.dll
.dll windows:5 windows x64 arch:x64

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:61:2f:15:9b:83:93:f8:db:f6:00:fe:50:7a:8e:2e:c3:92:d8:99
Signer

Actual PE Digest

e8:61:2f:15:9b:83:93:f8:db:f6:00:fe:50:7a:8e:2e:c3:92:d8:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

startupW

Sections

UPX0
Size: - Virtual size: 372KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 206KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunSeed.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:b7:75:04:3f:80:48:72:58:e6:8c:19:d4:76:68:49:5f:90:7c:d5
Signer

Actual PE Digest

ff:b7:75:04:3f:80:48:72:58:e6:8c:19:d4:76:68:49:5f:90:7c:d5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

??4CFunSeed@@QAEAAV0@ABV0@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

UPX0
Size: - Virtual size: 300KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 150KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunSeed64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:10:dc:0c:3f:cb:7d:85:97:08:54:9a:02:91:0b:98:62:c8:95:d3
Signer

Actual PE Digest

dd:10:dc:0c:3f:cb:7d:85:97:08:54:9a:02:91:0b:98:62:c8:95:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

??4CFunSeed@@QEAAAEAV0@AEBV0@@Z
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

UPX0
Size: - Virtual size: 356KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 179KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 315KB - Virtual size: 314KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunWorks.dll
.dll windows:5 windows x86 arch:x86

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:fb:3f:8c:d9:66:2d:5d:38:bf:e7:aa:04:b3:90:0d:bc:33:ea:3d
Signer

Actual PE Digest

ef:fb:3f:8c:d9:66:2d:5d:38:bf:e7:aa:04:b3:90:0d:bc:33:ea:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
load
loadex
screenClose
screenOpen
unload

Sections

UPX0
Size: - Virtual size: 696KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 478KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 929KB - Virtual size: 928KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunWorks64.dll
.dll windows:5 windows x64 arch:x64

Code Sign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cf:0c:05:57:0c:14:ee:3b:7f:5a:da:2d:bb:46:e1:9c:bf:48:b9:07
Signer

Actual PE Digest

cf:0c:05:57:0c:14:ee:3b:7f:5a:da:2d:bb:46:e1:9c:bf:48:b9:07

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
load
loadex
screenClose
screenOpen
unload

Sections

UPX0
Size: - Virtual size: 892KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 607KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Inst.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

49:13:56:dc:80:6a:ad:e1:99:fa:f6:34:97:4c:d9:80:1b:f2:14:37
Signer

Actual PE Digest

49:13:56:dc:80:6a:ad:e1:99:fa:f6:34:97:4c:d9:80:1b:f2:14:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
startupW

Sections

UPX0
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 212KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SeedIcon.ico
gma.dll
.dll windows:5 windows x86 arch:x86

4ab658a260b9da0d35d9300aea6d97b9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

72:69:eb:e2:99:6a:28:0c:c4:0d:e7:d2:a7:1b:08:8d
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

23/07/2012, 00:00

Not After

02/08/2014, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b7:5e:2a:8d:39:f5:17:f7:b0:ad:94:73:f7:62:c8:b3:5f:3a:d7:fc
Signer

Actual PE Digest

b7:5e:2a:8d:39:f5:17:f7:b0:ad:94:73:f7:62:c8:b3:5f:3a:d7:fc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

I:\build3.0.1\Funshion\Rel\symbols\gma.pdb

Imports

iphlpapi

SendARP
GetBestInterface
GetBestRoute
GetIpAddrTable

ws2_32

gethostbyname
gethostname

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

kernel32

InterlockedDecrement
GetPrivateProfileStringW
GetLastError
ExpandEnvironmentStringsW
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
GetModuleFileNameW
CreateFileW
DeviceIoControl
CloseHandle
GetSystemTime
GetTickCount
GetVersionExW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
GetModuleFileNameA
ResetEvent
OpenEventA
GetProcessHeap
FlushFileBuffers
ReadFile
WriteConsoleW
SetStdHandle
LoadLibraryW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
InterlockedIncrement
InterlockedExchange
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
HeapFree
HeapAlloc
GetCommandLineA
RtlUnwind
RaiseException
GetCPInfo
LCMapStringW
IsProcessorFeaturePresent
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetLocaleInfoW
HeapCreate
HeapDestroy
ExitProcess
HeapSize

ole32

CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitialize
CoSetProxyBlanket

oleaut32

SysAllocString
VariantClear
SafeArrayAccessData
VariantInit
SafeArrayUnaccessData
SysFreeString

shlwapi

PathRemoveFileSpecW

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP
get_and_update_mac
get_mac_info
get_nic_description
get_time_cost_mac
get_time_cost_mac_main

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sFunWorks.daw
ssdodge.daw
uninst.exe
.exe windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

01/07/2016, 00:00

Not After

01/08/2018, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ff:22:58:e6:54:7c:b3:a6:43:79:1a:51:94:f1:44:dc:7c:78:84:61
Signer

Actual PE Digest

ff:22:58:e6:54:7c:b3:a6:43:79:1a:51:94:f1:44:dc:7c:78:84:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 632KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 320KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
风行视频加速器.exe
.exe windows:5 windows x86 arch:x86

0c2582cf99530c3b683ef2ce636f80e1

Code Sign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

04/07/2014, 00:00

Not After

01/08/2016, 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3f
Signer

Actual PE Digest

55:e7:34:f7:6f:bb:81:4a:65:62:4a:62:20:30:f3:b5:49:47:43:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\tk\Fun Player\Rel2.8.6\src\toolkits\bin\Release\风行视频加速器.pdb

Imports

gdiplus

GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipSetTextRenderingHint
GdipSetStringFormatLineAlign
GdipFree
GdipCreateLineBrushI
GdipAlloc
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromStream
GdiplusStartup
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipLoadImageFromFileICM
GdipDeleteFont
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipGetGenericFontFamilySansSerif
GdipCreateFont
GdipDrawLine
GdipDeletePen
GdipCreatePen1
GdipResetClip
GdipEndContainer
GdipRotateWorldTransform
GdipScaleWorldTransform
GdipTranslateWorldTransform
GdipBeginContainer2
GdipSetClipRect
GdiplusShutdown
GdipCreateBitmapFromFile

kernel32

GetTickCount
WaitForSingleObject
GetProcessHeap
HeapFree
HeapAlloc
GetCurrentThreadId
InterlockedExchange
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetModuleHandleExA
ResetEvent
CreateEventW
GetNativeSystemInfo
CreateProcessW
GetCurrentProcess
Sleep
TerminateProcess
GetTempPathW
SetLastError
GetProcAddress
GetFileAttributesExW
DeleteFileW
WriteFile
InterlockedDecrement
GetCurrentProcessId
CreateFileW
FlushFileBuffers
GetVersionExW
ReadFile
GetFileSize
SetFilePointer
LoadLibraryW
GetCurrentDirectoryW
GetACP
FreeResource
ExitProcess
DosDateTimeToFileTime
SystemTimeToFileTime
GetFileType
DuplicateHandle
MulDiv
GetLocalTime
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapReAlloc
HeapSize
InterlockedIncrement
GetStringTypeW
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
HeapSetInformation
GetStartupInfoW
MoveFileW
GetCommandLineW
MultiByteToWideChar
FormatMessageA
LocalFree
GetTimeZoneInformation
ExitThread
CreateThread
RtlUnwind
LCMapStringW
GetCPInfo
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateMutexW
SetEvent
CloseHandle
CreateEventA
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetStdHandle
GetLocaleInfoW
SetHandleCount
GetConsoleCP
GetConsoleMode
HeapCreate
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
SetStdHandle
CreateFileA
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
OpenEventA

user32

GetMonitorInfoW
IsIconic
wvsprintfW
InflateRect
OffsetRect
PtInRect
GetFocus
GetCursorPos
ScreenToClient
MapWindowPoints
IsRectEmpty
EndPaint
BeginPaint
GetUpdateRect
GetKeyState
GetPropW
SetPropW
CallWindowProcW
GetClassInfoExW
LoadImageW
SetFocus
GetWindow
MonitorFromWindow
GetWindowRect
IntersectRect
GetSystemMetrics
SetTimer
UnregisterClassW
KillTimer
WaitMessage
GetQueueStatus
TranslateMessage
RegisterClassExW
CallMsgFilterW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
SetCapture
SetWindowRgn
IsZoomed
CharNextW
CreateCaret
ShowCaret
HideCaret
SetCaretPos
ClientToScreen
PostMessageW
SendMessageW
UpdateLayeredWindow
GetWindowDC
ReleaseDC
GetDC
InvalidateRect
DefWindowProcW
GetWindowLongW
GetSysColor
DrawIconEx
DestroyIcon
FillRect
DrawTextW
SetRect
CharPrevW
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
SystemParametersInfoW
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
LoadIconW
SetCursor
LoadCursorW
MoveWindow
BringWindowToTop
SetWindowPos
GetClientRect
EnableWindow
GetParent
PostQuitMessage
ShowWindow
SetWindowTextW
MessageBoxW
ReleaseCapture

gdi32

CreateSolidBrush
CreatePenIndirect
MoveToEx
LineTo
RoundRect
SetBkMode
ExtTextOutW
GetCharABCWidthsW
GetTextExtentPoint32W
TextOutW
GetObjectA
SetBkColor
SetStretchBltMode
StretchBlt
CombineRgn
ExtSelectClipRgn
CreateRectRgnIndirect
GetClipBox
SelectClipRgn
GetDeviceCaps
CreateRoundRectRgn
GetTextMetricsW
SetWindowOrgEx
Rectangle
RestoreDC
SaveDC
CreatePen
CreateFontIndirectW
GetStockObject
GetObjectW
CreateDIBSection
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
SetTextColor
CreateCompatibleDC

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoCreateGuid
CreateStreamOnHGlobal

oleaut32

VariantClear

shlwapi

PathFileExistsW
SHGetValueW
SHSetValueW
PathRemoveFileSpecW
PathFindFileNameW

comctl32

ord17
_TrackMouseEvent

wininet

HttpQueryInfoA
InternetReadFile
InternetSetOptionA
HttpQueryInfoW
InternetGetConnectedState
InternetOpenUrlW
InternetOpenA
InternetCloseHandle

urlmon

UrlMkGetSessionOption

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

239bd0d3000bc4bbad65bcdd4c68ff77

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

Extended Key Usages

Key Usages

5f:a4:b5:d4:9f:e8:57:47:48:e8:b4:02:fe:f0:56:ca:fc:ad:15:d6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

urlmon

kernel32

ole32

shell32

oleaut32

shlwapi

version

Sections

.text Size: 188KB - Virtual size: 187KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 387KB - Virtual size: 387KB

.reloc Size: 25KB - Virtual size: 25KB

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7Certificate

Extended Key Usages

Key Usages

f7:cf:16:22:1c:15:56:9f:e0:a4:42:5a:07:69:36:5c:c9:93:cc:15Signer

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 340KB

UPX1 Size: 185KB - Virtual size: 188KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 375KB - Virtual size: 375KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 13KB - Virtual size: 21KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 31KB - Virtual size: 31KB

a3de791311726f3b8349fccb0b00a37f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03Certificate

Extended Key Usages

Key Usages

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:deCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

5f:a4:b5:d4:9f:e8:57:47:48:e8:b4:02:fe:f0:56:ca:fc:ad:15:d6
Signer

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 387KB - Virtual size: 387KB

.reloc
Size: 25KB - Virtual size: 25KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

09:ee:6e:75:f2:8d:55:76:06:52:9d:dc:fe:40:d9:b7
Certificate

f7:cf:16:22:1c:15:56:9f:e0:a4:42:5a:07:69:36:5c:c9:93:cc:15
Signer

UPX0
Size: - Virtual size: 340KB

UPX1
Size: 185KB - Virtual size: 188KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 375KB - Virtual size: 375KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 13KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 31KB - Virtual size: 31KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

56:ef:4a:1b:94:fd:0c:76:13:f7:22:15:7d:94:05:79:d6:c6:c1:24
Signer

.text
Size: 306KB - Virtual size: 306KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 21KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 27KB

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

33:a6:a2:62:6f:72:48:24:5f:3a:61:5a:8c:e7:da:de
Certificate

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

b9:bb:ed:69:2d:c4:76:18:68:0a:8a:f5:4d:d7:33:e3:79:92:30:39
Signer

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate