403e625d30739f2b793a8a06240362f5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

403e625d30739f2b793a8a06240362f5_JaffaCakes118
Size

1.6MB
MD5

403e625d30739f2b793a8a06240362f5
SHA1

1974b2709201a9641ebb2277251d583956bc6bad
SHA256

784fd2d35c39a7c11ba40d8e5383b7933a29e85b16141ec6992f7ada9295011a
SHA512

1a86417fdbfb9f76b8b1f230312d2e1dce566eec50b3791b611b7f1c8c8f6dc535fcc158cfb0a9771e310990f0c9f72d93091bc87a0d4ba0f60a87f6c1936f0d
SSDEEP

49152:WuPvoXYgidn3BRMuANjpL69fclsLibblIr3ZUWa:DPwXjwnXgm9GSibepTa

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$PLUGINSDIR/IMG.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$PLUGINSDIR/IMG.dll	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/IMG.dll
unpack003/out.upx
unpack002/$PLUGINSDIR/PcBaseInfo.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UIEx.dll
unpack002/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/602box.exe	nsis_installer_1
static1/unpack001/602box.exe	nsis_installer_2

Files

403e625d30739f2b793a8a06240362f5_JaffaCakes118
.rar
602box.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

fa:a0:aa:54:2b:6e:2f:63:83:73:e2:91:33:44:a9:9b:a6:84:9f:36
Signer

Actual PE Digest

fa:a0:aa:54:2b:6e:2f:63:83:73:e2:91:33:44:a9:9b:a6:84:9f:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/01.jpg
.jpg
$PLUGINSDIR/02.jpg
.jpg
$PLUGINSDIR/03.jpg
.jpg
$PLUGINSDIR/04.jpg
.jpg
$PLUGINSDIR/IMG.dat
$PLUGINSDIR/IMG.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

show
stop

Sections

UPX0
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 492B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 570B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PcBaseInfo.dll
.dll windows:5 windows x86 arch:x86

e00bc47941f60630c90322f41adefb05

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\Nsis_plug\Release\PcBaseInfo.pdb

Imports

mfc90

ord2481
ord4477
ord1603
ord5750
ord6791
ord5761
ord6802
ord1252
ord3579
ord266
ord941
ord1247
ord265
ord2539
ord798
ord1241
ord1137
ord1152
ord819
ord820
ord817
ord391
ord316
ord2327
ord601
ord1254
ord800

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
memset
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
free
malloc
memcpy_s
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_crt_debugger_hook
__CxxFrameHandler3
__clean_type_info_names_internal

kernel32

GetTickCount
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
lstrlenA
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GlobalAlloc
lstrcpynA
GlobalFree
LoadLibraryA
GetProcAddress
MultiByteToWideChar

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

ws2_32

WSAStartup

Exports

Exports

GetMac

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Progress.bmp
$PLUGINSDIR/ProgressBar.bmp
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/UIEx.dll
.dll windows:4 windows x86 arch:x86

b134f67006924ec3c4955fb7af5ba9db

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcmpiA
GlobalAlloc
lstrcpynA
lstrcpyA
GlobalFree

user32

CallWindowProcA
LoadCursorA
InvalidateRect
GetDlgItem
MapWindowPoints
GetWindowLongA
GetAncestor
SystemParametersInfoA
GetWindowDC
DialogBoxParamA
GetWindowRect
ReleaseDC
EndPaint
SetWindowLongA
SetPropA
RemovePropA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
BeginPaint
EndDialog
wsprintfA
SetCursor

gdi32

DeleteObject
CreateFontIndirectA
DeleteDC
SelectObject
BitBlt
CreateCompatibleBitmap
GetObjectA
CreateCompatibleDC
CreatePatternBrush
SetBrushOrgEx
StretchBlt
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

DlgBox
Init
Link
SkinBtn
SkinDlg
SkinProgress
onClick

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btn.bmp
$PLUGINSDIR/check.bmp
$PLUGINSDIR/close.bmp
$PLUGINSDIR/closebox.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:83:19:94:31:c4:a0:ac:17:48:ff:62:57:f4:27:5e
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

28/05/2014, 00:00

Not After

28/05/2015, 23:59

Subject

CN=上海游窝信息科技有限公司,O=上海游窝信息科技有限公司,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0e:36:8f:04:64:7c:14:9f:88:63:1f:1f:c5:74:2c:86:d4:67:52
Signer

Actual PE Digest

61:0e:36:8f:04:64:7c:14:9f:88:63:1f:1f:c5:74:2c:86:d4:67:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/ins.bmp
$PLUGINSDIR/license.rtf
.rtf
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/opt.bmp
$PLUGINSDIR/soft.bmp
$PLUGINSDIR/uncheck.bmp
$PLUGINSDIR/wel.bmp
602game.ico
602you.exe
.exe windows:5 windows x86 arch:x86

2156680392d8c33fad24fbf892c32d46

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0d:23:83:2b:c9:34:e7:53:2b:de:93:81:62:1e:e2:86
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/12/2014, 00:00

Not After

18/12/2015, 23:59

Subject

CN=Kunshan Yiwan Information Technology Co.\, Ltd.,OU=IT,O=Kunshan Yiwan Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:ba:5b:68:28:23:f9:02:35:64:2f:cc:72:1a:ce:14:2f:35:9e:0c
Signer

Actual PE Digest

6a:ba:5b:68:28:23:f9:02:35:64:2f:cc:72:1a:ce:14:2f:35:9e:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\e盘拷贝\游戏盒版本\youxun\trunk\bin\Win32\Release\602\602you.pdb

Imports

kernel32

LocalReAlloc
TlsFree
GetFileSizeEx
GetFileTime
SetErrorMode
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
GlobalReAlloc
QueryPerformanceCounter
TlsSetValue
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCurrentDirectoryA
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
TlsGetValue
GetProcessHeap
GlobalFlags
TlsAlloc
GetCPInfo
GlobalHandle
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetUserDefaultLCID
LocalAlloc
FileTimeToLocalFileTime
GetThreadLocale
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
FormatMessageW
LocalFree
MulDiv
WaitForSingleObject
GlobalAddAtomW
GetCurrentProcessId
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FileTimeToSystemTime
UnmapViewOfFile
GetFileSize
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
SetFilePointer
FreeResource
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
RaiseException
GetModuleFileNameW
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryExW
SetLastError
GetModuleHandleW
CreatePipe
GetStdHandle
lstrlenW
GetVersionExW
CreateDirectoryW
GetCurrentProcess
CreateProcessW
GetTickCount
lstrlenA
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
CreateThread
SetFileAttributesW
CreateToolhelp32Snapshot
FindNextFileW
Process32NextW
SetProcessWorkingSetSize
RemoveDirectoryW
Process32FirstW
FindClose
GetProcAddress
GetFileAttributesW
OpenProcess
FindFirstFileW
DeleteFileW
MultiByteToWideChar
GlobalFree
GlobalUnlock
CreateFileW
GlobalAlloc
WriteFile
GlobalLock
CloseHandle
LockResource
GetLastError
SizeofResource
Sleep
LoadLibraryW
SetUnhandledExceptionFilter
LoadResource
FreeLibrary
FindResourceW
VirtualFree
CreateMutexW

user32

DestroyMenu
CharUpperW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassNameW
RemovePropW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DefWindowProcW
CallWindowProcW
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
GetWindowTextW
GetSysColorBrush
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetDlgItem
RegisterClipboardFormatW
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetMessageW
GetActiveWindow
ValidateRect
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetFocus
GetWindow
GetPropW
UpdateWindow
SendMessageW
EnableMenuItem
CheckMenuItem
GetKeyState
TrackPopupMenu
wsprintfW
CharNextW
GetMenuItemID
ModifyMenuW
GetMenuState
GetSysColor
LoadBitmapW
GetMenuItemCount
CopyAcceleratorTableW
InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
IsWindow
PostThreadMessageW
UnregisterClassW
ShowWindow
GetDesktopWindow
SetForegroundWindow
SetFocus
MessageBeep
IsIconic
EnableWindow
SetWindowLongW
ReleaseDC
GetWindowLongW
SetRect
GetDC
PtInRect
LoadCursorW
GetWindowRect
SetTimer
UpdateLayeredWindow
SetCursor
GetSystemMetrics
SetWindowPos
CopyRect
InvalidateRect
IsRectEmpty
SetClipboardData
IsWindowVisible
OpenClipboard
EmptyClipboard
FillRect
CloseClipboard
GetParent
PostMessageW
KillTimer
SetWindowRgn
MoveWindow
RegisterHotKey
UnregisterHotKey
GetCursorPos
SystemParametersInfoW
LoadMenuW
TranslateMessage
PeekMessageW
DispatchMessageW
ScreenToClient
GetWindowDC
GetSubMenu
GetClientRect
GetClassLongW
SetPropW
LoadIconW

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetMapMode
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
CreateCompatibleDC
MoveToEx
LineTo
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
CreatePen
CreateSolidBrush
CreateRoundRectRgn
BitBlt
GetDeviceCaps
StretchBlt
GetDIBits
CreateDCW
CreateCompatibleBitmap
RealizePalette
SelectPalette
GetObjectW
GetPixel
GetStockObject
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegQueryValueW
RegEnumKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges
RegEnumValueW
RegDeleteValueW
LookupPrivilegeValueW
RegOpenKeyW
OpenProcessToken
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetSpecialFolderPathW

comctl32

_TrackMouseEvent

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
UrlUnescapeW
PathStripToRootW
PathIsUNCW
PathFileExistsW

oledlg

OleUIBusyW

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
CoTaskMemFree
CoTaskMemRealloc
CoFreeUnusedLibraries
CoInitialize
CoUninitialize
CoCreateInstance
OleUninitialize
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
OleInitialize

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysFreeString
VarUI4FromStr
VariantCopy
SysAllocString
SysStringLen
SafeArrayGetLBound
SafeArrayDestroy
VariantChangeType
SafeArrayGetElement
SafeArrayGetUBound
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantClear

urlmon

URLDownloadToFileW

wininet

InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetSetFilePointer
HttpAddRequestHeadersW
InternetWriteFile
InternetReadFile
InternetOpenUrlW
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCrackUrlW
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetQueryOptionW
InternetSetOptionExW
InternetQueryDataAvailable

gdiplus

GdipCreatePen1
GdiplusShutdown
GdiplusStartup
GdipSetTextRenderingHint
GdipDeleteBrush
GdipFree
GdipCloneBrush
GdipDeleteFont
GdipDeleteGraphics
GdipLoadImageFromFile
GdipSetStringFormatAlign
GdipDeleteFontFamily
GdipCreateSolidFill
GdipAlloc
GdipDisposeImage
GdipCreateFont
GdipDrawString
GdipFillRectangle
GdipCreateFontFamilyFromName
GdipCreateFromHDC
GdipCloneImage
GdipCreateStringFormat
GdipReleaseDC
GdipDeleteStringFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdipDeletePen
GdipDrawEllipseI
GdipFillRectangleI
GdipDrawLineI
GdipSetStringFormatFlags
GdipDrawPolygonI
GdipDrawRectangleI
GdipDrawImageRectRect

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

psapi

EmptyWorkingSet

netapi32

Netbios

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy

ws2_32

WSAStartup

Sections

.text
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GameClock.exe
.exe windows:5 windows x86 arch:x86

f1d5f806b93869e17fe4217e7dac06bb

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:23:83:2b:c9:34:e7:53:2b:de:93:81:62:1e:e2:86
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/12/2014, 00:00

Not After

18/12/2015, 23:59

Subject

CN=Kunshan Yiwan Information Technology Co.\, Ltd.,OU=IT,O=Kunshan Yiwan Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:4a:8a:8f:e1:e7:b2:3d:1a:e1:47:06:b1:bb:c0:6a:87:0c:df:8e
Signer

Actual PE Digest

fe:4a:8a:8f:e1:e7:b2:3d:1a:e1:47:06:b1:bb:c0:6a:87:0c:df:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\e盘拷贝\游戏盒版本\youxun\trunk\bin\Win32\Release\602\GameClock.pdb

Imports

kernel32

RaiseException
Sleep
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
RtlUnwind
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
GetTickCount
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
SetErrorMode
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FileTimeToSystemTime
GetThreadLocale
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
LoadLibraryW
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageW
LocalFree
lstrlenW
FreeLibrary
InterlockedDecrement
GetModuleHandleW
MulDiv
GetModuleHandleA
GetProcAddress
GlobalFree
GetCurrentProcessId
SetLastError
WideCharToMultiByte
MultiByteToWideChar
FreeResource
GlobalUnlock
GetModuleFileNameW
GetFileAttributesW
GlobalAlloc
GlobalLock
DeleteFileW
LockResource
GetTempPathW
WritePrivateProfileStringW
CreateFileW
SizeofResource
WriteFile
GetPrivateProfileStringW
LoadResource
FindResourceW
CloseHandle
GetLastError
GetTimeZoneInformation
CreateMutexW

user32

RegisterClipboardFormatW
PostThreadMessageW
GetSysColorBrush
DestroyMenu
GetMessageW
TranslateMessage
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetCursor
PostQuitMessage
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
RemovePropW
GetForegroundWindow
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
GetKeyState
GetScrollRange
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetMenuItemID
GetMenuItemCount
IntersectRect
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
MessageBoxW
GetWindowTextLengthW
GetWindowTextW
SetFocus
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageW
SetParent
GetScrollInfo
KillTimer
OffsetRect
IsRectEmpty
SetTimer
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
CharNextW
CharUpperW
GetSubMenu
DrawIcon
SetPropW
UnregisterClassW
SetMenu
LoadCursorW
LoadIconW
LoadMenuW
GetSystemMetrics
IsWindowVisible
IsIconic
SetForegroundWindow
GetDesktopWindow
IsWindow
UpdateWindow
GetPropW
GetWindow
FillRect
GetFocus
GetParent
GetClientRect
GetDC
GetWindowLongW
ReleaseDC
SetWindowLongW
GetSysColor
ShowWindow
FrameRect
CallWindowProcW
ScreenToClient
GetWindowRect
SetCapture
GetAsyncKeyState
SetRect
GetCursorPos
ReleaseCapture
SetWindowRgn
PtInRect
InvalidateRect
SetWindowPos
LoadBitmapW
SendMessageW
EnableWindow
CopyRect
SetScrollInfo

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetDeviceCaps
CreateFontIndirectW
GetMapMode
DPtoLP
GetBkColor
GetTextColor
GetRgnBox
CreateRectRgnIndirect
PtVisible
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
CreateRoundRectRgn
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteObject
CreateSolidBrush
StretchBlt
SelectObject
CreateFontW
CreateRectRgn
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
RectVisible

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
Shell_NotifyIconW

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysFreeString
SysStringLen

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDeleteStringFormat
GdipDeleteFontFamily
GdipDeleteFont
GdipCreatePen1
GdipDrawLineI
GdipDeletePen
GdipGetImageWidth
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipLoadImageFromStream
GdipDrawString
GdipCreateFont
GdipAlloc
GdipCreateSolidFill
GdipSetStringFormatAlign
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipGetImageHeight
GdipCloneBrush
GdipFree
GdipDeleteBrush
GdipDrawImageRectRect
GdipDisposeImage
GdipFillRectangle
GdipCloneImage

winmm

mciSendStringW

Sections

.text
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PlayGame.exe
.exe windows:5 windows x86 arch:x86

4baf6b3992b50ebbca03bac610e234c5

Code Sign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:23:83:2b:c9:34:e7:53:2b:de:93:81:62:1e:e2:86
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

18/12/2014, 00:00

Not After

18/12/2015, 23:59

Subject

CN=Kunshan Yiwan Information Technology Co.\, Ltd.,OU=IT,O=Kunshan Yiwan Information Technology Co.\, Ltd.,L=Kunshan,ST=Jiangsu,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:7f:8b:57:15:95:17:24:8d:d0:d8:58:e4:46:ee:a4:f0:a4:db:41
Signer

Actual PE Digest

c4:7f:8b:57:15:95:17:24:8d:d0:d8:58:e4:46:ee:a4:f0:a4:db:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\e盘拷贝\游戏盒版本\youxun\trunk\bin\Win32\Release\602\PlayGame.pdb

Imports

kernel32

GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetStartupInfoW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
SetErrorMode
WritePrivateProfileStringW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
GetFileTime
GetFileSizeEx
lstrlenA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetTickCount
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FormatMessageW
LocalFree
LocalAlloc
GetThreadLocale
MulDiv
GetModuleHandleA
GetCurrentProcessId
FindFirstFileW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileW
FindClose
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
GetLastError
SetLastError
lstrcmpW
GetVersionExA
IsBadWritePtr
LoadLibraryW
InterlockedDecrement
InterlockedIncrement
SetUnhandledExceptionFilter
FreeLibrary
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
CreateThread
LockResource
GlobalFree
GlobalUnlock
lstrlenW
CreateFileW
GetModuleFileNameW
GetFileAttributesW
SizeofResource
GlobalAlloc
WriteFile
GlobalLock
LoadResource
FindResourceW
WriteProcessMemory
CloseHandle
DeleteCriticalSection
VirtualProtect
EnterCriticalSection
GetProcAddress
LeaveCriticalSection
GetVersionExW
ReadProcessMemory
InitializeCriticalSection
GetModuleHandleW
GetTimeZoneInformation
GetCurrentProcess

user32

DestroyMenu
GetSysColorBrush
RegisterClipboardFormatW
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
SetCursor
PostQuitMessage
CharNextW
MoveWindow
SetWindowTextW
IsDialogMessageW
GetActiveWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetDesktopWindow
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetWindowThreadProcessId
IsWindowEnabled
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
IsWindowVisible
GetClientRect
PostMessageW
GetMenuItemID
GetMenuItemCount
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
GetWindowLongW
SetWindowLongW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
CopyAcceleratorTableW
CharUpperW
IsChild
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetSubMenu
SetForegroundWindow
IsWindow
UpdateWindow
CloseClipboard
SetWindowRgn
PtInRect
SetRect
InvalidateRect
EmptyClipboard
SetWindowPos
OpenClipboard
SetClipboardData
CopyRect
SetTimer
GetWindowRect
KillTimer
GetParent
LoadCursorW
SetParent
GetDC
ReleaseDC
ShowWindow
SendMessageW
EnableWindow
IsRectEmpty
GetWindowTextW

gdi32

ExtSelectClipRgn
GetBkColor
SetWindowExtEx
CreateRectRgnIndirect
GetMapMode
GetRgnBox
ScaleWindowExtEx
DeleteObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetTextColor
GetStockObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateRoundRectRgn
BitBlt
DeleteDC
GetDeviceCaps
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
GetViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation

shlwapi

PathFindExtensionW
UrlUnescapeW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoGetClassObject
OleInitialize
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
CoTaskMemFree
CoFreeUnusedLibraries
CoInitialize
CLSIDFromProgID
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysFreeString
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
VariantClear
SysAllocString

wininet

InternetCanonicalizeUrlW
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryOptionW
InternetQueryDataAvailable
InternetSetOptionExW
InternetCrackUrlW

gdiplus

GdiplusShutdown
GdipDeleteStringFormat
GdipCreateStringFormat
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipDrawString
GdipCreateFont
GdipCreateSolidFill
GdipDeleteFontFamily
GdipSetStringFormatAlign
GdipDeleteGraphics
GdipDeleteFont
GdipSetTextRenderingHint
GdipDrawImageRectRectI
GdipCloneBrush
GdipDeleteBrush
GdipSetStringFormatFlags
GdipCloneImage
GdipDisposeImage
GdipAlloc
GdipLoadImageFromFile
GdipFree
GdiplusStartup

winmm

waveOutWrite

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SYupdate.exe
.exe windows:5 windows x86 arch:x86

a46789edcb88ab3b9facffb762b911ed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:01:f7:f2:48:e5:be:e6:2a:5e:ef:d9:fa:34:9e:b4
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

14/07/2014, 00:00

Not After

13/07/2016, 23:59

Subject

CN=冻冻贾,OU=Individual Developer,O=No Organization Affiliation,L=河南省,ST=新乡市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

79:d9:d8:da:bb:83:44:7f:63:fd:ee:e5:60:2b:78:3d:7f:52:5e:c9
Signer

Actual PE Digest

79:d9:d8:da:bb:83:44:7f:63:fd:ee:e5:60:2b:78:3d:7f:52:5e:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\e盘拷贝\页游盒子\Webgame1.0.2.1\update\Release\SYupdate.pdb

Imports

kernel32

SetErrorMode
GetStartupInfoW
HeapFree
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
RaiseException
HeapReAlloc
Sleep
ExitProcess
SetStdHandle
GetFileType
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
VirtualFree
GlobalFlags
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
CreateFileA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentDirectoryA
GetDriveTypeA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
lstrlenA
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
GetFileTime
GetFileSizeEx
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
InterlockedIncrement
WaitForSingleObject
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
FindNextFileW
GetCurrentProcessId
GetModuleHandleA
InterlockedDecrement
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetVersionExW
CompareStringW
LoadLibraryA
lstrcmpW
GetModuleHandleW
GetProcAddress
GetVersionExA
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryW
FileTimeToLocalFileTime
SetLastError
GlobalFree
FormatMessageW
LocalFree
MulDiv
GetTickCount
UnmapViewOfFile
GetFileSize
FileTimeToSystemTime
SetFileTime
WriteFile
LocalFileTimeToFileTime
GetCurrentDirectoryW
SystemTimeToFileTime
ReadFile
SetFilePointer
CreateFileW
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileW
GetFileAttributesW
GetLastError
WritePrivateProfileStringW
GetPrivateProfileStringW
LockResource
FreeResource
GlobalUnlock
GlobalLock
GlobalAlloc
LoadResource
SizeofResource
FindResourceW
GetCurrentProcess
CloseHandle
TerminateProcess
OpenProcess
DeleteFileW
lstrlenW
CreateDirectoryW
QueryPerformanceCounter
GetModuleFileNameW

user32

PostThreadMessageW
MessageBeep
GetNextDlgTabItem
GetNextDlgGroupItem
ReleaseCapture
SetCapture
InvalidateRgn
SetRect
IsRectEmpty
CharNextW
UnregisterClassW
DestroyMenu
CharUpperW
GetSysColorBrush
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
RegisterClipboardFormatW
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
LoadIconW
LoadCursorW
SendMessageW
GetSystemMetrics
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClientRect
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CreateDialogIndirectParamW
EndDialog
IsDialogMessageW
SetWindowRgn
InvalidateRect
SetTimer
wsprintfW
MessageBoxW
CopyAcceleratorTableW
KillTimer
EnableWindow
UpdateWindow
GetDesktopWindow
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongW
GetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
CopyRect
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect

gdi32

CreateBitmap
GetStockObject
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
CreateRectRgnIndirect
CreateRoundRectRgn
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteW

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
UrlUnescapeW
PathFindExtensionW

oledlg

OleUIBusyW

ole32

OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
OleFlushClipboard

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysStringLen

urlmon

URLDownloadToFileW

wininet

InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionExW
InternetOpenW
InternetGetConnectedState
DeleteUrlCacheEntryW
GetUrlCacheEntryInfoW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetQueryOptionW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStream
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDrawString
GdipDrawLines
GdipDeletePen
GdipCreatePen1
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdiplusShutdown

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

Sections

.text
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Unins602.exe.nsis
bin/Cache/loading.html
.html .js polyglot
skins/web/activite.png
.png
skins/web/activitebtn.png
.png
skins/web/activitefree.png
.png
skins/web/boss.png
.png
skins/web/bottom.png
.png
skins/web/btn.png
.png
skins/web/btnno.png
.png
skins/web/btnyes.png
.png
skins/web/cache.png
.png
skins/web/canclem.png
.png
skins/web/checkm.png
.png
skins/web/close.png
.png
skins/web/closem.png
.png
skins/web/closet.png
.png
skins/web/demo.png
.png
skins/web/feedback.png
.png
skins/web/first.png
.png
skins/web/firstfip.png
.png
skins/web/free.png
.png
skins/web/fullbk.png
.png
skins/web/guide.jpg
.jpg
skins/web/inputok.png
.png
skins/web/loginbk.png
.png
skins/web/logo.png
.png
skins/web/max.png
.png
skins/web/maxnomal.png
.png
skins/web/message.png
.png
skins/web/min.png
.png
skins/web/net.png
.png
skins/web/option.png
.png
skins/web/pc.png
.png
skins/web/progress.png
.png
skins/web/progressthin.png
.png
skins/web/rightbottom.png
.png
skins/web/shade.png
.png
skins/web/shot.png
.png
skins/web/shotbut.png
.png
skins/web/shotpl.png
.png
skins/web/small.png
.png
skins/web/subbar.png
.png
skins/web/tab.png
.png
skins/web/tit-bg.png
.png
skins/web/titlebar.png
.png
skins/web/toolbar.png
.png
skins/web/toolbtn.png
.png
skins/web/toolbtn2.png
.png
skins/web/top.png
.png
skins/web/werwre.png
.png
9553下载站.url
.url
游戏攻略教程 - 9553资讯.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

fa:a0:aa:54:2b:6e:2f:63:83:73:e2:91:33:44:a9:9b:a6:84:9f:36Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 94KB - Virtual size: 94KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 20KB

UPX1 Size: 3KB - Virtual size: 4KB

UPX2 Size: 512B - Virtual size: 4KB

.rmnet Size: 56KB - Virtual size: 60KB

Headers

File Characteristics

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 492B

.reloc Size: 1024B - Virtual size: 570B

e00bc47941f60630c90322f41adefb05

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc90

msvcr90

kernel32

iphlpapi

netapi32

snmpapi

ws2_32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1020B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

.rmnet Size: 56KB - Virtual size: 60KB

b134f67006924ec3c4955fb7af5ba9db

Headers

fa:a0:aa:54:2b:6e:2f:63:83:73:e2:91:33:44:a9:9b:a6:84:9f:36
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 94KB - Virtual size: 94KB

UPX0
Size: - Virtual size: 20KB

UPX1
Size: 3KB - Virtual size: 4KB

UPX2
Size: 512B - Virtual size: 4KB

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 492B

.reloc
Size: 1024B - Virtual size: 570B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1020B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 432B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

3d:83:19:94:31:c4:a0:ac:17:48:ff:62:57:f4:27:5e
Certificate

61:0e:36:8f:04:64:7c:14:9f:88:63:1f:1f:c5:74:2c:86:d4:67:52
Signer

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.rmnet
Size: 56KB - Virtual size: 60KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B