3bc5ff758d5bc6d026f94b50ccee7146_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3bc5ff758d5bc6d026f94b50ccee7146_JaffaCakes118
Size

4.3MB
MD5

3bc5ff758d5bc6d026f94b50ccee7146
SHA1

d6bc4db55437a73f655de7cadd74faf9b937d369
SHA256

f145fcc964d7ecd5dce86ac2cb610f235b2c63c5fd12f5458a224b12669f0ed5
SHA512

c55bdd580d325c8da6eaa3fb2089d0ae01203215e86ee10bc0fa56887df11b603e836539131d24c210b5e0cf0d07011badf224e5e53cc10d9edf8c4629b196cc
SSDEEP

98304:9nmHEjsW8i5Jj9sH/iZ/O4Ya+hPzv7C9AQQKdiyDaOYpBvxDx6:BmGB8SJBsJsm7WfyLpBv6

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 7 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$_27_/pcmasterdata.dll	acprotect
static1/unpack001/$_27_/plugins/leisure.dll	acprotect
static1/unpack001/$_27_/plugins/net.dll	acprotect
static1/unpack001/$_27_/plugins/notepad.dll	acprotect
static1/unpack001/$_43_/leisure.dll	acprotect
static1/unpack001/$_43_/net.dll	acprotect
static1/unpack001/$_43_/notepad.dll	acprotect

UPX packed file 10 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$_27_/pcmasterdata.dll	upx
static1/unpack001/$_27_/plugins/leisure.dll	upx
static1/unpack001/$_27_/plugins/mytimeweb.exe	upx
static1/unpack001/$_27_/plugins/net.dll	upx
static1/unpack001/$_27_/plugins/notepad.dll	upx
static1/unpack001/$_27_/rmup.exe	upx
static1/unpack001/$_43_/leisure.dll	upx
static1/unpack001/$_43_/mytimeweb.exe	upx
static1/unpack001/$_43_/net.dll	upx
static1/unpack001/$_43_/notepad.dll	upx

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/MPlugin_NSIS.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack002/out.upx
unpack003/out.upx
unpack004/out.upx
unpack005/out.upx
unpack006/out.upx
unpack007/out.upx
unpack008/out.upx
unpack009/out.upx

Files

3bc5ff758d5bc6d026f94b50ccee7146_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:b8:b6:9d:c2:91:5b:91:6e:a7:01:11:37:30:f4:06:d7:eb:04:8c:0b:6c:78:f2:2b:26:40:c0:5d:ee:11:1c
Signer

Actual PE Digest

d4:b8:b6:9d:c2:91:5b:91:6e:a7:01:11:37:30:f4:06:d7:eb:04:8c:0b:6c:78:f2:2b:26:40:c0:5d:ee:11:1c

Digest Algorithm

sha256

PE Digest Matches

true

87:04:75:7b:e5:83:1f:76:76:5e:37:c8:54:58:0b:32:c3:7c:ed:1d
Signer

Actual PE Digest

87:04:75:7b:e5:83:1f:76:76:5e:37:c8:54:58:0b:32:c3:7c:ed:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MPlugin_NSIS.dll
.dll windows:5 windows x86 arch:x86

a09d749968a8bdbca681f3e24aaed813

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\TFS_New2013\MPlugin_NSIS\bin\Release\MPlugin_NSIS.pdb

Imports

comctl32

_TrackMouseEvent

gdiplus

GdipDrawImageI
GdipAlloc
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipLoadImageFromFileICM
GdipGetImageWidth
GdipDrawImageRectI
GdipGetImageHeight
GdipCloneImage
GdipDrawImageRectRectI
GdipDrawImagePointRectI
GdipReleaseDC
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipFree

psapi

GetModuleInformation

kernel32

LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
GetCurrentProcess
GetProcAddress
GetModuleHandleW
LocalFree
GetLastError
FindNextFileW
FindClose
CloseHandle
OpenEventW
lstrcpyW
TerminateThread
GetExitCodeThread
ExpandEnvironmentStringsW
CreateThread
SetLastError
FindFirstFileW
GetWindowsDirectoryW
GetFullPathNameW
CreateDirectoryW
MoveFileExW
MoveFileW
GetTickCount
DeleteFileW
TerminateProcess
OpenProcess
Sleep
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEvent
ReadFile
GetFileSizeEx
CreateFileW
UnmapViewOfFile
WaitForSingleObject
CreateEventW
MapViewOfFile
CreateFileMappingW
lstrcmpiW
GetVersionExW
GetPrivateProfileStringW
GetThreadSelectorEntry
GetCurrentThread
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
VirtualQuery
VirtualAlloc
GetSystemInfo
VirtualFree
ResumeThread
GetThreadContext
SuspendThread
OpenThread
SetThreadPriority
LockResource
GetCurrentThreadId
GetCurrentProcessId
FlushInstructionCache
VirtualProtectEx
InterlockedDecrement
LoadLibraryW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
lstrcpynW
WideCharToMultiByte
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
SetConsoleCtrlHandler
ExitProcess
HeapCreate
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineA
GetStdHandle
GetFileType
WriteConsoleW
DecodePointer
EncodePointer
RtlUnwind
GetProcessHeap
lstrlenW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LoadLibraryA
InterlockedExchange
FreeLibrary
LocalAlloc
SetStdHandle
GetFullPathNameA
GetDriveTypeW
SizeofResource
RaiseException
SetHandleCount
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoW
EnumSystemLocalesA
GetLocaleInfoA
IsValidLocale
SetFilePointer
GetCurrentDirectoryW
SetCurrentDirectoryW
GetThreadPriority

user32

LoadStringW
wsprintfW
CopyRect
InvalidateRect
ScreenToClient
IsWindow
MoveWindow
GetWindowRect
GetDesktopWindow
GetParent
RegisterClassW
LoadCursorW
SetCursor
DestroyWindow
GetWindowTextW
DrawTextW
EnableWindow
KillTimer
BeginPaint
EndPaint
PostMessageW
FindWindowW
GetDlgCtrlID
ShowWindow
GetDlgItem
GetWindowLongW
CreateWindowExW
SetWindowTextW
SetFocus
SetWindowLongW
DefWindowProcW
CallWindowProcW
GetClientRect
GetDC
IsWindowVisible
UpdateLayeredWindow
ReleaseDC
SetWindowRgn
SetTimer
SetWindowPos
ClientToScreen
GetWindow
SendMessageW
SystemParametersInfoW
GetWindowThreadProcessId

gdi32

CreateSolidBrush
GetObjectW
BitBlt
SetBkMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
CreateRoundRectRgn
DeleteObject
CreateFontIndirectW
SetTextColor

advapi32

SetEntriesInAclW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
DeleteAce
SetNamedSecurityInfoW

shell32

SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW
SHChangeNotify

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
CreateErrorInfo
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetSetCookieW

Exports

Exports

ArragePath
CloseProcessByClassName
CloseProcessByProcessName
CloseQiyuProcessByClassName
CloseWinGuard
CombinePath
ComponentImportConfig
CreateCheckBox
CreateDir
CreateEdit
CreateHyperLink
CreateProgress
CreatePushButton
CreateShotcut
CreateStatic
DeleteOlderVersion
DeleteOneFile
ExecNoAdmin
FindProcessByProcessName
FindWindowByClassName
GetCheck
GetFontSize
GetInstallPath
GetProgressPos
GetRandNumber
GetText
GetTextAlignMode
Init
IsEnable
IsFontBold
IsInFavorite
IsPathVolid
IsVisible
IsWin10OrLater
IsWin8
IsWin8Blue
MainPageIsOurs
MoveCtrl
NotifyMainPage
PinToTaskBarWithType
QiyuIEFileReset
QiyuSHChangeNotify
RegChildDialog
RegCtrlEventHandler
RegDialogMsgHandler
ResizeCtrl
ResizeMainWindow
SearchEngineIsOurs
SetAeroEnable
SetCheck
SetChildDialogBorder
SetCtrlTextColor
SetEditBkColor
SetEnable
SetFontBold
SetFontSize
SetHao123Cookie
SetProgressPos
SetShadowEnable
SetText
SetTextAlignMode
SetVisible
SetWindowRoundCorner
ShowFolderSelDialog
StartThread
StartWindowBkImage
StartWindowSizingAni
StopThread
Uninit
UnregChildDialog

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/img/blue-bg.png
.png
$PLUGINSDIR/img/browse_button_down.png
.png
$PLUGINSDIR/img/browse_button_normal.png
.png
$PLUGINSDIR/img/browse_button_over.png
.png
$PLUGINSDIR/img/chkbox_normal.png
.png
$PLUGINSDIR/img/chkbox_normal_checked.png
.png
$PLUGINSDIR/img/chkbox_over.png
.png
$PLUGINSDIR/img/chkbox_over_checked.png
.png
$PLUGINSDIR/img/close_button_down.png
.png
$PLUGINSDIR/img/close_button_normal.png
.png
$PLUGINSDIR/img/close_button_over.png
.png
$PLUGINSDIR/img/finish_button_down.png
.png
$PLUGINSDIR/img/finish_button_normal.png
.png
$PLUGINSDIR/img/finish_button_over.png
.png
$PLUGINSDIR/img/inst_button_down.png
.png
$PLUGINSDIR/img/inst_button_normal.png
.png
$PLUGINSDIR/img/inst_button_over.png
.png
$PLUGINSDIR/img/logo.png
.png
$PLUGINSDIR/img/logobig.png
.png
$PLUGINSDIR/img/min_button_down.png
.png
$PLUGINSDIR/img/min_button_normal.png
.png
$PLUGINSDIR/img/min_button_over.png
.png
$PLUGINSDIR/img/path_input_bg.png
.png
$PLUGINSDIR/img/progress_bkgnd.png
.png
$PLUGINSDIR/img/progress_forgndmid.png
.png
$PLUGINSDIR/img/shadow.png
.png
$PLUGINSDIR/img/white_chkbox_normal.png
.png
$PLUGINSDIR/img/white_chkbox_normal_checked.png
.png
$PLUGINSDIR/img/white_chkbox_over.png
.png
$PLUGINSDIR/img/white_chkbox_over_checked.png
.png
$PLUGINSDIR/img/windowBk.png
.png
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/$_27_/uninstall_mytime.exe.nsis
$_27_/mytime.exe
.exe windows:5 windows x86 arch:x86

486e55bb223b40426a8f492f64be6e61

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:ef:a4:30:fd:17:64:16:c4:a1:7f:ad:df:de:47:1b:c1:e6:ba:b9:8d:9d:3e:30:4d:f9:b6:c2:b6:64:57:bf
Signer

Actual PE Digest

e5:ef:a4:30:fd:17:64:16:c4:a1:7f:ad:df:de:47:1b:c1:e6:ba:b9:8d:9d:3e:30:4d:f9:b6:c2:b6:64:57:bf

Digest Algorithm

sha256

PE Digest Matches

true

90:96:75:b1:52:6a:ee:fa:48:ab:ac:a4:21:a6:d8:62:cf:76:81:f6
Signer

Actual PE Digest

90:96:75:b1:52:6a:ee:fa:48:ab:ac:a4:21:a6:d8:62:cf:76:81:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\MagicTray\Bin\Release\mytime.pdb

Imports

kernel32

GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetFullPathNameW
CreateFileA
SetFileAttributesW
DeleteFileA
DeleteFileW
CopyFileW
MoveFileA
MoveFileW
MoveFileExW
WaitNamedPipeW
IsBadReadPtr
IsBadCodePtr
GetDriveTypeW
GetCommandLineW
GetStartupInfoW
CreateProcessW
GetModuleFileNameW
CreateMutexW
lstrcpyW
lstrcmpiW
lstrcmpW
GetTickCount
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetLocalTime
GetLocalTime
GetSystemTime
DeviceIoControl
GetLogicalDrives
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SuspendThread
SetLastError
GetCurrentThreadId
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
SetProcessWorkingSetSize
VirtualProtect
LocalFree
GlobalMemoryStatusEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
InterlockedDecrement
InterlockedIncrement
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
BeginUpdateResourceA
LoadLibraryExW
LoadLibraryExA
FreeLibrary
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetModuleHandleW
LoadLibraryW
lstrlenW
lstrlenA
WaitForSingleObject
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetProcAddress
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
FindResourceExW
FindResourceW
DosDateTimeToFileTime
GetTempFileNameW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
SetFileTime
GetFileTime
FindClose
ReadFile
WriteFile
GetFileSizeEx
GetFileSize
SizeofResource
LoadResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetEndOfFile
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
FlushFileBuffers
SetStdHandle
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
HeapDestroy
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetFullPathNameA
InterlockedFlushSList
RtlUnwind
SetFilePointer
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultUILanguage
MulDiv
IsBadStringPtrW
SetEvent
TerminateThread
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
FileTimeToDosDateTime
GetSystemDirectoryW
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
FormatMessageW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
VirtualQuery
GetSystemInfo

gdi32

TextOutW
GdiFlush
CreatePatternBrush
MoveToEx
SetBkColor
ExtSelectClipRgn
DeleteObject
SelectObject
SetBkMode
SelectClipRgn
RoundRect
Rectangle
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CombineRgn
SetStretchBltMode
SetBitmapBits
GetStockObject
GetDeviceCaps
GetBitmapBits
CreateCompatibleBitmap
CreateSolidBrush
PtInRegion
SetTextColor
OffsetRgn
SetWindowOrgEx
SaveDC
RestoreDC
CreateRoundRectRgn
BitBlt
GetTextMetricsW
GetObjectW
SetDIBColorTable
CreateDIBSection
GetDIBits
DeleteDC
CreateDCW
CreateCompatibleDC
StretchBlt
GetObjectA
CreateFontIndirectW

comdlg32

ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
ChooseColorW

advapi32

DuplicateTokenEx
ConvertStringSidToSidW
SetNamedSecurityInfoW
SetEntriesInAclW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
SetTokenInformation
AllocateAndInitializeSid
FreeSid
GetLengthSid
StartServiceW
OpenServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
GetUserNameW
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW
SystemFunction036

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
StgCreateDocfile
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CreateStreamOnHGlobal
OleLockRunning

oleaut32

VariantClear
SysStringByteLen
SetErrorInfo
GetErrorInfo
SysAllocStringByteLen
SystemTimeToVariantTime
SysFreeString
VarUdateFromDate
VariantChangeType
VariantCopy
SysAllocString
VariantTimeToSystemTime
CreateErrorInfo
VariantInit

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathFileExistsA
PathAppendW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
_TrackMouseEvent
ord17
ImageList_Create

gdiplus

GdipSetSmoothingMode
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipRotateWorldTransform
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetPathWorldBounds
GdipAddPathString
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipDrawLineI
GdipDrawLinesI
GdipFillRectangleI
GdipFillEllipseI
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipSetTextRenderingHint
GdipGetImageEncoders
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipDrawPath
GdipDrawRectangleI
GdipSetImageAttributesColorKeys
GdipSetPenDashStyle
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatAlign
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipSaveGraphics
GdipDrawImageI
GdipSetStringFormatLineAlign
GdipGetImageEncodersSize
GdipTranslateWorldTransform
GdipCreateBitmapFromStreamICM
GdipSaveImageToFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipGraphicsClear
GdipSetInterpolationMode

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetConnectW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenW

iphlpapi

GetAdaptersInfo

winmm

sndPlaySoundW

powrprof

SetSuspendState

dbghelp

MiniDumpWriteDump

ws2_32

htonl
htons
inet_addr
ntohl
bind
sendto
setsockopt
socket
WSAStartup
WSACleanup
recvfrom

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/pcmasterdata.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:3a:3a:6b:f8:60:14:3d:8d:4e:ca:c6:60:60:1b:dc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/02/2012, 00:00

Not After

15/07/2014, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong \ ,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:a7:a0:97:13:a9:69:c1:01:90:92:35:a1:f6:55:88:89:66:05:46
Signer

Actual PE Digest

1e:a7:a0:97:13:a9:69:c1:01:90:92:35:a1:f6:55:88:89:66:05:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_rekey
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

UPX0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/pcmastersvc.exe
.exe windows:5 windows x86 arch:x86

b3106dacb45fa644b39f7f5e100743aa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:2b:36:b6:ac:6d:75:6f:f6:3d:71:4f:a6:cc:2e:d8:cb:24:09:55
Signer

Actual PE Digest

f6:2b:36:b6:ac:6d:75:6f:f6:3d:71:4f:a6:cc:2e:d8:cb:24:09:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\PCMaster\bin\Release\pcmastersvc.pdb

Imports

kernel32

GetFileAttributesW
ReadFile
Sleep
WaitNamedPipeW
SetEvent
lstrcmpiW
GetVersionExW
ConnectNamedPipe
GlobalAlloc
MultiByteToWideChar
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GlobalLock
GlobalUnlock
GlobalFree
CreateDirectoryW
GetModuleFileNameW
GetFullPathNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineW
CreateFileW
GetFileTime
CopyFileW
LocalFree
GetLastError
lstrlenW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
WTSGetActiveConsoleSessionId
GetTickCount
CreateEventW
WaitForSingleObject
CloseHandle
CreateNamedPipeW
UnmapViewOfFile
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetStringTypeW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
ResumeThread
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
WideCharToMultiByte
GetTimeZoneInformation
ExitProcess
HeapCreate
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetCPInfo

advapi32

RegisterServiceCtrlHandlerExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
GetTokenInformation
CreateProcessAsUserW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysFreeString

shlwapi

PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/plugins/leisure.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:be:82:09:d4:91:68:ed:7f:14:00:c3:1f:36:28:8b:40:1c:41:9d
Signer

Actual PE Digest

3d:be:82:09:d4:91:68:ed:7f:14:00:c3:1f:36:28:8b:40:1c:41:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 325KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/plugins/mytimeweb.exe
.exe windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:2c:5e:2e:27:3b:d4:b1:b7:8e:09:e4:96:d8:cc:ff:28:ef:3c:da
Signer

Actual PE Digest

d5:2c:5e:2e:27:3b:d4:b1:b7:8e:09:e4:96:d8:cc:ff:28:ef:3c:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/plugins/net.dll
.dll windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cd:d6:7e:96:73:74:93:aa:de:cd:f8:a6:6c:e1:67:4f:bf:32:a1
Signer

Actual PE Digest

69:cd:d6:7e:96:73:74:93:aa:de:cd:f8:a6:6c:e1:67:4f:bf:32:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/plugins/notepad.dll
.dll windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:dc:b5:14:dd:83:c1:b1:f6:30:ba:fd:17:16:82:a4:e0:3e:45:96
Signer

Actual PE Digest

a6:dc:b5:14:dd:83:c1:b1:f6:30:ba:fd:17:16:82:a4:e0:3e:45:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/plugins/remind.dll
.dll windows:6 windows x86 arch:x86

cc64aaf7779a5e773f2ada6b04560751

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:d9:7b:a9:5b:d8:43:49:54:87:b1:82:16:d3:b4:b0:58:3e:1e:a8:e9:d3:af:4b:4e:65:6c:a6:47:cb:d5:57
Signer

Actual PE Digest

bf:d9:7b:a9:5b:d8:43:49:54:87:b1:82:16:d3:b4:b0:58:3e:1e:a8:e9:d3:af:4b:4e:65:6c:a6:47:cb:d5:57

Digest Algorithm

sha256

PE Digest Matches

true

d1:52:76:cc:fe:54:a0:a2:bb:f2:ec:4a:cc:30:87:d8:bd:af:18:45
Signer

Actual PE Digest

d1:52:76:cc:fe:54:a0:a2:bb:f2:ec:4a:cc:30:87:d8:bd:af:18:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\RuanMei\MagicTray\Bin\Release\plugins\remind.pdb

Imports

kernel32

DecodePointer
VerSetConditionMask
VerifyVersionInfoW
RaiseException
SetLastError
FreeLibraryAndExitThread
CreateProcessW
GetStartupInfoW
CopyFileW
SetFileAttributesW
GetFileAttributesW
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
GetLocalTime
GetCurrentThreadId
InitializeCriticalSectionEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
GetModuleFileNameW
GetFullPathNameW
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetWindowsDirectoryW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
TerminateThread
SetEvent
WaitForSingleObject
Sleep
GetTickCount
CreateEventW
GetVersionExW
GetFileSize
FreeResource
IsBadStringPtrW
MulDiv
GetUserDefaultUILanguage
lstrcmpW
InterlockedIncrement
InterlockedDecrement
WriteFile
SetFilePointer
LocalFree
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
CreateThread
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetACP
GetStringTypeW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetLastError
lstrcpyW
LoadLibraryW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EncodePointer
lstrcmpiW

gdi32

DeleteDC
CreateCompatibleDC
SaveDC
GetDIBits
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
GetTextMetricsW
SetTextColor
CreateDIBSection
OffsetRgn
MoveToEx
TextOutW
GdiFlush
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetBitmapBits
CreatePatternBrush
CreateSolidBrush
SetWindowOrgEx
PtInRegion
BitBlt
CreateFontIndirectW
CombineRgn
CreatePen
CreateRectRgn
DeleteObject
SelectObject
CreateRoundRectRgn
GetObjectW
RestoreDC
CreateRectRgnIndirect
GetBitmapBits
GetCharABCWidthsW
SetStretchBltMode
GetClipBox

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
OpenProcessToken
LookupPrivilegeValueW
SystemFunction036
RegCreateKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoUninitialize
OleRun
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoInitialize

oleaut32

VariantInit
GetErrorInfo
VariantTimeToSystemTime
VariantChangeType
SystemTimeToVariantTime
SysFreeString
SysAllocString
SysAllocStringByteLen
VariantClear
SysStringByteLen

shlwapi

PathFileExistsW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

sndPlaySoundW
mciSendStringW

powrprof

SetSuspendState

comctl32

ord17
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipSaveGraphics
GdipGraphicsClear
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDisposeImageAttributes

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

.text
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_27_/rmup.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:56:4a:4c:fe:e6:76:14:24:d0:f9:97:bb:ba:aa:7b:91:2d:fa:05
Signer

Actual PE Digest

4c:56:4a:4c:fe:e6:76:14:24:d0:f9:97:bb:ba:aa:7b:91:2d:fa:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 176KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_43_/leisure.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:be:82:09:d4:91:68:ed:7f:14:00:c3:1f:36:28:8b:40:1c:41:9d
Signer

Actual PE Digest

3d:be:82:09:d4:91:68:ed:7f:14:00:c3:1f:36:28:8b:40:1c:41:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 325KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 473KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_43_/mytimeweb.exe
.exe windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:2c:5e:2e:27:3b:d4:b1:b7:8e:09:e4:96:d8:cc:ff:28:ef:3c:da
Signer

Actual PE Digest

d5:2c:5e:2e:27:3b:d4:b1:b7:8e:09:e4:96:d8:cc:ff:28:ef:3c:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 504KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 268KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 53KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_43_/net.dll
.dll windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cd:d6:7e:96:73:74:93:aa:de:cd:f8:a6:6c:e1:67:4f:bf:32:a1
Signer

Actual PE Digest

69:cd:d6:7e:96:73:74:93:aa:de:cd:f8:a6:6c:e1:67:4f:bf:32:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 496KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 270KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$_43_/notepad.dll
.dll windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:dc:b5:14:dd:83:c1:b1:f6:30:ba:fd:17:16:82:a4:e0:3e:45:96
Signer

Actual PE Digest

a6:dc:b5:14:dd:83:c1:b1:f6:30:ba:fd:17:16:82:a4:e0:3e:45:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

UPX0
Size: - Virtual size: 544KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$_43_/remind.dll
.dll windows:6 windows x86 arch:x86

cc64aaf7779a5e773f2ada6b04560751

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:d9:7b:a9:5b:d8:43:49:54:87:b1:82:16:d3:b4:b0:58:3e:1e:a8:e9:d3:af:4b:4e:65:6c:a6:47:cb:d5:57
Signer

Actual PE Digest

bf:d9:7b:a9:5b:d8:43:49:54:87:b1:82:16:d3:b4:b0:58:3e:1e:a8:e9:d3:af:4b:4e:65:6c:a6:47:cb:d5:57

Digest Algorithm

sha256

PE Digest Matches

true

d1:52:76:cc:fe:54:a0:a2:bb:f2:ec:4a:cc:30:87:d8:bd:af:18:45
Signer

Actual PE Digest

d1:52:76:cc:fe:54:a0:a2:bb:f2:ec:4a:cc:30:87:d8:bd:af:18:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\RuanMei\MagicTray\Bin\Release\plugins\remind.pdb

Imports

kernel32

DecodePointer
VerSetConditionMask
VerifyVersionInfoW
RaiseException
SetLastError
FreeLibraryAndExitThread
CreateProcessW
GetStartupInfoW
CopyFileW
SetFileAttributesW
GetFileAttributesW
CloseHandle
ReadFile
GetFileSizeEx
CreateFileW
GetLocalTime
GetCurrentThreadId
InitializeCriticalSectionEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MultiByteToWideChar
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryW
GetModuleFileNameW
GetFullPathNameW
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
LoadLibraryExA
IsDebuggerPresent
OutputDebugStringW
GetWindowsDirectoryW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
InitializeCriticalSectionAndSpinCount
TerminateThread
SetEvent
WaitForSingleObject
Sleep
GetTickCount
CreateEventW
GetVersionExW
GetFileSize
FreeResource
IsBadStringPtrW
MulDiv
GetUserDefaultUILanguage
lstrcmpW
InterlockedIncrement
InterlockedDecrement
WriteFile
SetFilePointer
LocalFree
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
InterlockedFlushSList
CreateThread
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
CompareStringW
LCMapStringW
GetTimeZoneInformation
GetACP
GetStringTypeW
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
SetFilePointerEx
ReadConsoleW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleW
FlushFileBuffers
SetEndOfFile
GetLastError
lstrcpyW
LoadLibraryW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
EncodePointer
lstrcmpiW

gdi32

DeleteDC
CreateCompatibleDC
SaveDC
GetDIBits
GetStockObject
GetTextExtentPoint32W
LineTo
Rectangle
RoundRect
SelectClipRgn
ExtSelectClipRgn
SetBkColor
SetBkMode
StretchBlt
GetTextMetricsW
SetTextColor
CreateDIBSection
OffsetRgn
MoveToEx
TextOutW
GdiFlush
CreateDCW
CreateCompatibleBitmap
GetDeviceCaps
SetBitmapBits
CreatePatternBrush
CreateSolidBrush
SetWindowOrgEx
PtInRegion
BitBlt
CreateFontIndirectW
CombineRgn
CreatePen
CreateRectRgn
DeleteObject
SelectObject
CreateRoundRectRgn
GetObjectW
RestoreDC
CreateRectRgnIndirect
GetBitmapBits
GetCharABCWidthsW
SetStretchBltMode
GetClipBox

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
OpenProcessToken
LookupPrivilegeValueW
SystemFunction036
RegCreateKeyExW
AdjustTokenPrivileges

shell32

ShellExecuteW

ole32

CoUninitialize
OleRun
OleLockRunning
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoCreateInstance
CLSIDFromProgID
CoInitialize

oleaut32

VariantInit
GetErrorInfo
VariantTimeToSystemTime
VariantChangeType
SystemTimeToVariantTime
SysFreeString
SysAllocString
SysAllocStringByteLen
VariantClear
SysStringByteLen

shlwapi

PathFileExistsW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

sndPlaySoundW
mciSendStringW

powrprof

SetSuspendState

comctl32

ord17
_TrackMouseEvent

gdiplus

GdiplusShutdown
GdiplusStartup
GdipSaveGraphics
GdipGraphicsClear
GdipAlloc
GdipFree
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1
GdipDeletePen
GdipSetPenDashStyle
GdipGetImageWidth
GdipGetImageHeight
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesColorKeys
GdipSetImageAttributesWrapMode
GdipCreateFromHDC
GdipDeleteGraphics
GdipReleaseDC
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipSetInterpolationMode
GdipDrawLineI
GdipDrawRectangleI
GdipDrawPath
GdipDrawImageRectRectI
GdipCreateFontFromDC
GdipDeleteFont
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipTranslateWorldTransform
GdipRotateWorldTransform
GdipDisposeImageAttributes

imm32

ImmGetContext
ImmReleaseContext
ImmSetCompositionWindow

Exports

Exports

CreatePlugin
DestroyPlugin

Sections

.text
Size: 535KB - Virtual size: 534KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9eCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

d4:b8:b6:9d:c2:91:5b:91:6e:a7:01:11:37:30:f4:06:d7:eb:04:8c:0b:6c:78:f2:2b:26:40:c0:5d:ee:11:1cSigner

87:04:75:7b:e5:83:1f:76:76:5e:37:c8:54:58:0b:32:c3:7c:ed:1dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.2MB

.rsrc Size: 61KB - Virtual size: 60KB

.reloc Size: 4KB - Virtual size: 3KB

a09d749968a8bdbca681f3e24aaed813

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

gdiplus

psapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

version

wininet

Exports

Exports

Sections

.text Size: 319KB - Virtual size: 319KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 156KB - Virtual size: 164KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

d4:b8:b6:9d:c2:91:5b:91:6e:a7:01:11:37:30:f4:06:d7:eb:04:8c:0b:6c:78:f2:2b:26:40:c0:5d:ee:11:1c
Signer

87:04:75:7b:e5:83:1f:76:76:5e:37:c8:54:58:0b:32:c3:7c:ed:1d
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.2MB

.rsrc
Size: 61KB - Virtual size: 60KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 319KB - Virtual size: 319KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 156KB - Virtual size: 164KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

e5:ef:a4:30:fd:17:64:16:c4:a1:7f:ad:df:de:47:1b:c1:e6:ba:b9:8d:9d:3e:30:4d:f9:b6:c2:b6:64:57:bf
Signer

90:96:75:b1:52:6a:ee:fa:48:ab:ac:a4:21:a6:d8:62:cf:76:81:f6
Signer