5f16dd1c80ac24168d7f67f352cac683_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f16dd1c80ac24168d7f67f352cac683_JaffaCakes118
Size

12.1MB
MD5

5f16dd1c80ac24168d7f67f352cac683
SHA1

87711a5a2092d7ea9ff040caf0ac5c62b9a4328f
SHA256

b229aa8c6ad35513d77d86a5ea26cd01dedab0e6ab1ac0cf64d54367d336d2c5
SHA512

91f1c841b5aa1e1fe9aca3c03e025b38e8b780fc02e4a53a82857bfc955c94d5aebe480ffcaedeb7b4559606002ab8ecb347aa3fc2829a7e43b2bdf0b91483db
SSDEEP

393216:oa8W1exrGwcBLDJgwa/uvBZ7woRMQNKO4xezm:oa7EJytJgnMBZ7dMQkvP

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll	acprotect
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll	acprotect
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard.dll	acprotect
static1/unpack001/$PLUGINSDIR/MPlugin_NSIS.dll	acprotect

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard.dll	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard.exe	upx
static1/unpack001/$APPDATA/Microsoft/Internet Explorer/Quick Launch/winmaster.exe	upx
static1/unpack001/$PLUGINSDIR/MPlugin_NSIS.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/out.upx
unpack003/out.upx
unpack004/out.upx
unpack005/out.upx
unpack006/out.upx
unpack007/out.upx
unpack008/out.upx
unpack009/out.upx
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

5f16dd1c80ac24168d7f67f352cac683_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:7e:8c:2b:2d:ae:48:f0:be:24:81:1c:a4:8b:e2:ea:70:7b:9b:fc:64:8e:92:ba:b2:d9:ea:25:54:42:d7:9c
Signer

Actual PE Digest

2d:7e:8c:2b:2d:ae:48:f0:be:24:81:1c:a4:8b:e2:ea:70:7b:9b:fc:64:8e:92:ba:b2:d9:ea:25:54:42:d7:9c

Digest Algorithm

sha256

PE Digest Matches

true

36:bb:67:78:38:ba:d9:d4:15:83:e7:58:a9:72:95:46:30:96:a6:be
Signer

Actual PE Digest

36:bb:67:78:38:ba:d9:d4:15:83:e7:58:a9:72:95:46:30:96:a6:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/boostmaster.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:ad:37:44:46:62:a8:df:e8:35:2c:22:bf:53:43:98:d0:03:01:d6:79:69:7b:f2:57:da:4a:c9:74:4e:5f:7c
Signer

Actual PE Digest

22:ad:37:44:46:62:a8:df:e8:35:2c:22:bf:53:43:98:d0:03:01:d6:79:69:7b:f2:57:da:4a:c9:74:4e:5f:7c

Digest Algorithm

sha256

PE Digest Matches

true

96:65:35:33:7c:38:c1:5b:11:fe:68:99:7d:24:35:78:b9:bd:60:79
Signer

Actual PE Digest

96:65:35:33:7c:38:c1:5b:11:fe:68:99:7d:24:35:78:b9:bd:60:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 756KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 422KB - Virtual size: 424KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 784KB - Virtual size: 783KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/cleanmaster.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

92:82:66:e6:07:0d:cf:1d:56:da:21:48:79:64:c5:cc:67:2f:e4:a8:7b:44:bc:e6:5b:78:83:b9:90:39:1c:9f
Signer

Actual PE Digest

92:82:66:e6:07:0d:cf:1d:56:da:21:48:79:64:c5:cc:67:2f:e4:a8:7b:44:bc:e6:5b:78:83:b9:90:39:1c:9f

Digest Algorithm

sha256

PE Digest Matches

true

9e:09:93:f4:2f:0f:11:dc:14:1f:ef:5a:44:aa:99:d1:7a:1a:d1:7f
Signer

Actual PE Digest

9e:09:93:f4:2f:0f:11:dc:14:1f:ef:5a:44:aa:99:d1:7a:1a:d1:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 562KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 65KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1022KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/ithome.exe
.exe windows:5 windows x86 arch:x86

85a0ee3e5f1eed119204e3a566e4944d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:1f:69:44:c0:8e:e5:16:5c:02:db:d5:0f:ef:3c:ba:03:57:14:7d
Signer

Actual PE Digest

3e:1f:69:44:c0:8e:e5:16:5c:02:db:d5:0f:ef:3c:ba:03:57:14:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
GetLastError
OpenProcess
LocalFree
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
GetVersionExW
lstrcmpiW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
GetProcAddress
GetCurrentProcess
Process32NextW
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineW
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LoadLibraryW

advapi32

ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
DuplicateTokenEx

shell32

ShellExecuteExW
SHGetFolderPathW

shlwapi

PathAppendW
PathFileExistsW

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mydesk.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:8b:25:b8:47:2d:ce:1f:16:44:1c:ca:40:a1:62:16:c6:70:5d:7b:cc:cf:b1:2c:92:2e:cc:5d:e7:c7:5d:69
Signer

Actual PE Digest

3e:8b:25:b8:47:2d:ce:1f:16:44:1c:ca:40:a1:62:16:c6:70:5d:7b:cc:cf:b1:2c:92:2e:cc:5d:e7:c7:5d:69

Digest Algorithm

sha256

PE Digest Matches

true

66:4c:13:f7:ca:9c:4e:e9:56:39:b6:cc:e0:66:e3:e0:ca:1d:e0:a4
Signer

Actual PE Digest

66:4c:13:f7:ca:9c:4e:e9:56:39:b6:cc:e0:66:e3:e0:ca:1d:e0:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 920KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 1012KB - Virtual size: 1012KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/mytime.exe
.exe windows:5 windows x86 arch:x86

1e218c97bc177a1d2425c498aec03115

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:e3:08:3e:be:51:40:fb:5c:8c:2c:38:0b:b5:6a:57:88:88:ac:27:50:f2:8c:92:64:c1:eb:62:08:0a:ed:15
Signer

Actual PE Digest

8f:e3:08:3e:be:51:40:fb:5c:8c:2c:38:0b:b5:6a:57:88:88:ac:27:50:f2:8c:92:64:c1:eb:62:08:0a:ed:15

Digest Algorithm

sha256

PE Digest Matches

true

12:8d:67:89:76:ff:85:56:44:80:4d:5e:b9:e4:db:02:35:16:26:70
Signer

Actual PE Digest

12:8d:67:89:76:ff:85:56:44:80:4d:5e:b9:e4:db:02:35:16:26:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\MagicTray\Bin\Release\mytime.pdb

Imports

kernel32

GetSystemDirectoryW
GetTempFileNameW
GetWindowsDirectoryW
GetDiskFreeSpaceExW
GetFullPathNameW
CreateFileA
SetFileAttributesW
DeleteFileA
DeleteFileW
CopyFileW
MoveFileA
MoveFileW
MoveFileExW
WaitNamedPipeW
IsBadReadPtr
IsBadCodePtr
GetStartupInfoW
CreateProcessW
GetModuleFileNameW
CreateMutexW
lstrcpyW
lstrcmpiW
lstrcmpW
GetTickCount
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetSystemInfo
SetLocalTime
GetLocalTime
GetSystemTime
DeviceIoControl
GetLogicalDrives
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SuspendThread
SetLastError
GetCurrentThreadId
CreateThread
SetUnhandledExceptionFilter
GetCurrentProcessId
SetProcessWorkingSetSize
VirtualProtect
LocalFree
GlobalMemoryStatusEx
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeResource
InterlockedDecrement
InterlockedIncrement
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
BeginUpdateResourceA
LoadLibraryExW
LoadLibraryExA
FreeLibrary
Module32NextW
Module32FirstW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
GetModuleHandleW
LoadLibraryW
lstrlenW
lstrlenA
WaitForSingleObject
WriteProcessMemory
CreateRemoteThread
GetCurrentProcess
OpenProcess
VirtualFreeEx
VirtualAllocEx
GetProcAddress
FindNextFileW
FindFirstFileW
GetFileAttributesW
CreateFileW
CreateDirectoryW
FindResourceExW
FindResourceW
DosDateTimeToFileTime
GetDriveTypeW
LocalFileTimeToFileTime
FileTimeToLocalFileTime
CloseHandle
SetFileTime
GetFileTime
FindClose
ReadFile
WriteFile
GetFileSizeEx
GetFileSize
SizeofResource
LoadResource
LockResource
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
DecodePointer
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
SetEndOfFile
GetCurrentDirectoryW
SetCurrentDirectoryW
WriteConsoleW
FlushFileBuffers
SetStdHandle
OutputDebugStringA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
HeapDestroy
FindFirstFileExA
SetConsoleCtrlHandler
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetFileType
GetCurrentThread
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetFullPathNameA
InterlockedFlushSList
RtlUnwind
SetFilePointer
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetUserDefaultUILanguage
MulDiv
IsBadStringPtrW
SetEvent
TerminateThread
GetCPInfo
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
FileTimeToDosDateTime
GetCommandLineW
TlsGetValue
TlsAlloc
CreateEventW
FormatMessageW
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
VirtualQuery

gdi32

MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
SetBkColor
ExtSelectClipRgn
DeleteObject
SelectObject
SetBkMode
SelectClipRgn
RoundRect
Rectangle
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CombineRgn
SetStretchBltMode
SetBitmapBits
GetStockObject
GetDeviceCaps
GetBitmapBits
CreateCompatibleBitmap
CreateSolidBrush
PtInRegion
SetTextColor
OffsetRgn
SetWindowOrgEx
SaveDC
RestoreDC
CreateRoundRectRgn
BitBlt
GetTextMetricsW
GetObjectW
SetDIBColorTable
CreateDIBSection
GetDIBits
DeleteDC
CreateDCW
CreateCompatibleDC
StretchBlt
GetObjectA
CreateFontIndirectW

comdlg32

GetSaveFileNameW
ChooseColorW
ChooseFontW
GetOpenFileNameW

advapi32

DuplicateTokenEx
ConvertStringSidToSidW
SetNamedSecurityInfoW
SetEntriesInAclW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
SetTokenInformation
AllocateAndInitializeSid
FreeSid
StartServiceW
OpenServiceW
OpenSCManagerW
CreateServiceW
CloseServiceHandle
ChangeServiceConfig2W
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
GetLengthSid
GetUserNameW
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyExW
RegFlushKey
RegOpenKeyExW

shell32

ShellExecuteExW
CommandLineToArgvW
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteW

ole32

CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
StgCreateDocfile
OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CreateStreamOnHGlobal
OleLockRunning

oleaut32

VariantClear
SysStringByteLen
SetErrorInfo
GetErrorInfo
SysAllocStringByteLen
SystemTimeToVariantTime
SysFreeString
VarUdateFromDate
VariantChangeType
VariantCopy
SysAllocString
VariantTimeToSystemTime
CreateErrorInfo
VariantInit

shlwapi

PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathFileExistsA
PathAppendW

comctl32

ImageList_Create
ImageList_Destroy
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ord17
_TrackMouseEvent

gdiplus

GdipSetTextRenderingHint
GdipReleaseDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipRotateWorldTransform
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipGetPathWorldBounds
GdipAddPathString
GdipDeletePath
GdipCreatePath
GdipFree
GdipAlloc
GdipDrawLineI
GdipDrawLinesI
GdipFillRectangleI
GdipFillEllipseI
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipGetImageEncoders
GdipDeleteFontFamily
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipDeleteFont
GdipGetFamily
GdipGetFontStyle
GdipGetFontSize
GdipDrawString
GdipMeasureString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatTrimming
GdipDrawPath
GdipDrawRectangleI
GdipSetImageAttributesColorKeys
GdipSetPenDashStyle
GdipAddPathArcI
GdipAddPathLineI
GdipSetStringFormatAlign
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipSaveGraphics
GdipDrawImageI
GdipSetStringFormatLineAlign
GdipGetImageEncodersSize
GdipTranslateWorldTransform
GdipCreateBitmapFromStreamICM
GdipSaveImageToFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipSetImageAttributesWrapMode
GdipGraphicsClear
GdipSetSmoothingMode

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

wininet

InternetConnectW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetWriteFile
InternetSetOptionW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetOpenW

iphlpapi

GetAdaptersInfo

winmm

sndPlaySoundW

powrprof

SetSuspendState

dbghelp

MiniDumpWriteDump

ws2_32

htonl
htons
inet_addr
ntohl
bind
sendto
setsockopt
socket
WSACleanup
recvfrom
WSAStartup

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 325KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcdstart.dll
.dll windows:5 windows x86 arch:x86

4e1b61525e1e60b23ce7bc7bc455b974

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:97:ee:38:65:f5:69:9e:7e:7b:a3:17:53:fd:a3:88:8f:eb:31:03
Signer

Actual PE Digest

28:97:ee:38:65:f5:69:9e:7e:7b:a3:17:53:fd:a3:88:8f:eb:31:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 309KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmaster.exe
.exe windows:5 windows x86 arch:x86

4c27906f59631d68260552132e5f089e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0f:61:22:03:c7:77:ac:94:6e:ed:b0:2a:be:44:5a:89:29:5e:7c:e5:66:e6:a8:3a:4d:f6:0c:ec:8c:ca:5b:54
Signer

Actual PE Digest

0f:61:22:03:c7:77:ac:94:6e:ed:b0:2a:be:44:5a:89:29:5e:7c:e5:66:e6:a8:3a:4d:f6:0c:ec:8c:ca:5b:54

Digest Algorithm

sha256

PE Digest Matches

true

f5:6d:f1:12:06:6a:98:bd:ca:d9:da:90:61:d2:97:2d:6a:06:00:91
Signer

Actual PE Digest

f5:6d:f1:12:06:6a:98:bd:ca:d9:da:90:61:d2:97:2d:6a:06:00:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\PCMaster\bin\Release\pcmaster.pdb

Imports

urlmon

URLDownloadToFileW

kernel32

CreateThread
WaitForSingleObject
GetTickCount
lstrcmpiW
lstrcpyW
GetSystemDirectoryW
GetWindowsDirectoryW
GetVersionExW
LoadLibraryExA
LoadLibraryExW
BeginUpdateResourceA
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToSystemTime
QueryPerformanceCounter
QueryPerformanceFrequency
InterlockedDecrement
InterlockedIncrement
GlobalMemoryStatusEx
VirtualAllocEx
VirtualFreeEx
GetLongPathNameW
GetProcessTimes
SetProcessWorkingSetSize
OpenProcess
TerminateProcess
SetUnhandledExceptionFilter
CreateRemoteThread
TerminateThread
GetExitCodeThread
SetLastError
GetOverlappedResult
ReadProcessMemory
WriteProcessMemory
SetEvent
GetFileSizeEx
SetEndOfFile
FindClose
GetFileTime
WinExec
MulDiv
GetSystemTime
GetLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
CreatePipe
MapViewOfFile
UnmapViewOfFile
lstrcmpA
lstrcmpW
lstrcmpiA
lstrcpynW
lstrcpyA
CreateMutexW
CreateEventW
OpenEventW
CreateFileMappingW
OpenFileMappingW
CreateProcessW
GetStartupInfoW
GetCommandLineW
ExpandEnvironmentStringsW
OutputDebugStringA
OutputDebugStringW
WritePrivateProfileStringW
GetTempPathW
GetTempFileNameW
SetCurrentDirectoryW
GetDiskFreeSpaceExW
CreateDirectoryW
RemoveDirectoryW
GetFullPathNameW
QueryDosDeviceA
CreateFileA
SetFileAttributesW
GetFileAttributesW
DeleteFileA
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileA
MoveFileW
MoveFileExW
WaitNamedPipeW
GetVolumeInformationW
CancelIo
ReadDirectoryChangesW
IsBadCodePtr
GetComputerNameW
GetSystemPowerStatus
GlobalFree
FindNextVolumeA
GetVolumePathNamesForVolumeNameA
WTSGetActiveConsoleSessionId
IsWow64Process
GetLocaleInfoW
GetNumberFormatW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Module32FirstW
Module32NextW
LocalFree
LocalAlloc
SetFilePointer
ReadFile
WriteFile
GetFileSize
FreeResource
IsBadReadPtr
SetDllDirectoryW
LoadLibraryW
GetModuleHandleW
GetSystemInfo
Sleep
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
ResumeThread
SuspendThread
GetThreadContext
GetThreadPriority
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
FormatMessageW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
SetThreadPriority
OpenThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LCMapStringW
GetStringTypeW
UnhandledExceptionFilter
ResetEvent
VirtualQuery
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetProcAddress
GetThreadSelectorEntry
GetCurrentThread
WideCharToMultiByte
FindResourceExW
FindResourceW
SizeofResource
WaitForSingleObjectEx
IsBadStringPtrW
GetUserDefaultUILanguage
RtlUnwind
InterlockedFlushSList
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
GetFullPathNameA
ExitThread
FreeLibraryAndExitThread
ExitProcess
GetACP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetTimeZoneInformation
FindFirstFileExA
HeapDestroy
HeapAlloc
HeapReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
FindFirstVolumeA
FreeLibrary
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
LockResource
DecodePointer
MultiByteToWideChar
CreateFileW
GetDriveTypeW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
lstrlenW
lstrcatW
CloseHandle
DeviceIoControl
GetLogicalDrives
GetCurrentDirectoryW
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
HeapFree
HeapSize
FindNextFileA
FindFirstFileExW
GetProcessHeap
GetLastError
IsDebuggerPresent

gdi32

GetTextMetricsW
CreateRoundRectRgn
RestoreDC
SaveDC
SetWindowOrgEx
OffsetRgn
PtInRegion
GetBitmapBits
SetBitmapBits
SetDIBColorTable
CreateDIBSection
CreateRectRgn
CreateRectRgnIndirect
GetCharABCWidthsW
GetClipBox
GetTextExtentPoint32W
LineTo
RoundRect
SelectClipRgn
ExtSelectClipRgn
StretchBlt
MoveToEx
TextOutW
GdiFlush
CreatePatternBrush
CreateDCW
CombineRgn
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectW
SetStretchBltMode
CreatePen
GetObjectW
SetTextColor
SetBkMode
SetBkColor
SelectObject
Rectangle
GetStockObject
GetDIBits
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
BitBlt

comdlg32

GetOpenFileNameW

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetMalloc
SHBrowseForFolderW
SHChangeNotify
ShellExecuteW

ole32

CoInitializeEx
CoGetClassObject
CoInitializeSecurity
CoSetProxyBlanket
StringFromCLSID
CLSIDFromString
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
StgCreateDocfile
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
PropVariantClear
OleInitialize
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantInit
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect

shlwapi

PathFindExtensionW
SHDeleteKeyW
PathFindFileNameW
PathFileExistsA
PathAppendA
SHStrDupW
StrStrIA
PathFileExistsW
PathAppendW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

mprapi

MprConfigGetFriendlyName
MprConfigServerConnect

iphlpapi

GetNetworkParams
GetInterfaceInfo
GetAdaptersInfo
GetPerAdapterInfo

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpConnect
WinHttpSetTimeouts
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders

wininet

InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetSetOptionW
InternetConnectW
InternetReadFile
InternetWriteFile
HttpOpenRequestW
HttpSendRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetSetCookieW
InternetGetCookieW
InternetGetCookieExW
InternetCheckConnectionW
GetUrlCacheEntryInfoW

userenv

CreateEnvironmentBlock

wtsapi32

WTSQueryUserToken

psapi

GetModuleFileNameExW
EnumProcessModules
GetModuleInformation

powrprof

SetSuspendState
GetPwrCapabilities
IsPwrHibernateAllowed

crypt32

CertFindCertificateInStore
CryptMsgGetParam
CryptDecodeObject
CryptProtectData
CryptQueryObject
CertGetNameStringW

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateHICONFromBitmap
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipSetPenWidth
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipReleaseDC
GdipCloneBrush
GdipFree
GdipAlloc
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipFillPieI
GdipDrawImageI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipCreateFontFromDC
GdipCreateFontFromLogfontW
GdipDeleteFont
GdipDrawString
GdipCreateStringFormat
GdipDeleteStringFormat
GdipSetStringFormatTrimming
GdipSetImageAttributesColorKeys
GdipSetStringFormatHotkeyPrefix
GdipDrawLineI
GdipSetInterpolationMode
GdipDeleteBrush
GdipGraphicsClear
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipMeasureString
GdipDrawPath
GdipSetPenDashStyle
GdipAddPathArcI
GdipAddPathLineI
GdipDeletePath
GdipCreatePath
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdiplusShutdown
GdiplusStartup
GdipSaveGraphics
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetImageAttributesWrapMode
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePaletteSize
GdipGetImagePalette
GdipSaveImageToFile
GdipDrawRectangleI

netapi32

NetUserSetInfo
NetApiBufferFree
NetUserGetInfo

pdh

PdhCloseQuery
PdhGetFormattedCounterValue
PdhOpenQueryW
PdhAddCounterW
PdhCollectQueryData
PdhRemoveCounter

wintrust

WinVerifyTrust

dbghelp

MiniDumpWriteDump

comctl32

ord17
_TrackMouseEvent

imm32

ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 905KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 225KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmasterdata.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

76:3a:3a:6b:f8:60:14:3d:8d:4e:ca:c6:60:60:1b:dc
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

02/02/2012, 00:00

Not After

15/07/2014, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong \ ,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:a7:a0:97:13:a9:69:c1:01:90:92:35:a1:f6:55:88:89:66:05:46
Signer

Actual PE Digest

1e:a7:a0:97:13:a9:69:c1:01:90:92:35:a1:f6:55:88:89:66:05:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

sqlite3_activate_see
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_key
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_rekey
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

UPX0
Size: - Virtual size: 340KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 499KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/pcmastersvc.exe
.exe windows:5 windows x86 arch:x86

b3106dacb45fa644b39f7f5e100743aa

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f6:2b:36:b6:ac:6d:75:6f:f6:3d:71:4f:a6:cc:2e:d8:cb:24:09:55
Signer

Actual PE Digest

f6:2b:36:b6:ac:6d:75:6f:f6:3d:71:4f:a6:cc:2e:d8:cb:24:09:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\PCMaster\bin\Release\pcmastersvc.pdb

Imports

kernel32

GetFileAttributesW
ReadFile
Sleep
WaitNamedPipeW
SetEvent
lstrcmpiW
GetVersionExW
ConnectNamedPipe
GlobalAlloc
MultiByteToWideChar
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GlobalLock
GlobalUnlock
GlobalFree
CreateDirectoryW
GetModuleFileNameW
GetFullPathNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCommandLineW
CreateFileW
GetFileTime
CopyFileW
LocalFree
GetLastError
lstrlenW
lstrcpyW
GetModuleHandleW
GetProcAddress
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
WTSGetActiveConsoleSessionId
GetTickCount
CreateEventW
WaitForSingleObject
CloseHandle
CreateNamedPipeW
UnmapViewOfFile
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
SetStdHandle
GetStringTypeW
IsValidLocale
LCMapStringW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoW
LoadLibraryW
InterlockedExchange
FreeLibrary
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
ResumeThread
HeapSetInformation
GetStartupInfoW
EncodePointer
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
WideCharToMultiByte
GetTimeZoneInformation
ExitProcess
HeapCreate
WriteFile
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FatalAppExitA
GetCPInfo

advapi32

RegisterServiceCtrlHandlerExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetServiceStatus
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
RegCreateKeyExW
RegFlushKey
RegCloseKey
RegOpenKeyExW
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfig2W
StartServiceW
GetTokenInformation
CreateProcessAsUserW
StartServiceCtrlDispatcherW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize

oleaut32

SysFreeString

shlwapi

PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

CreateEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSQuerySessionInformationW

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/rmup.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8a:59:56:e2:30:3b:c0:10:c5:59:dc:06:11:1e:1a:27:62:e1:5c:58:a4:dc:1b:2f:b7:43:ba:86:ed:0a:9b:8f
Signer

Actual PE Digest

8a:59:56:e2:30:3b:c0:10:c5:59:dc:06:11:1e:1a:27:62:e1:5c:58:a4:dc:1b:2f:b7:43:ba:86:ed:0a:9b:8f

Digest Algorithm

sha256

PE Digest Matches

true

ef:a4:ad:7d:2d:17:2c:fc:de:47:18:6b:97:e9:2f:6f:61:55:e2:10
Signer

Actual PE Digest

ef:a4:ad:7d:2d:17:2c:fc:de:47:18:6b:97:e9:2f:6f:61:55:e2:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 376KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 176KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmaster.exe
.exe windows:5 windows x86 arch:x86

376fa7f8eaa1c9c0772a537f865539fe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:4e:5b:2d:cb:14:e2:c4:2f:aa:7e:9a:b9:4e:88:e1:35:4f:81:d7:3d:40:80:49:c4:1d:a5:18:07:c5:ab:b7
Signer

Actual PE Digest

eb:4e:5b:2d:cb:14:e2:c4:2f:aa:7e:9a:b9:4e:88:e1:35:4f:81:d7:3d:40:80:49:c4:1d:a5:18:07:c5:ab:b7

Digest Algorithm

sha256

PE Digest Matches

true

62:d7:01:87:8d:9a:88:28:51:0a:70:e2:be:a6:f9:be:9a:88:29:db
Signer

Actual PE Digest

62:d7:01:87:8d:9a:88:28:51:0a:70:e2:be:a6:f9:be:9a:88:29:db

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\RuanMei\PCMaster\SoftMaster\Bin\softmaster.pdb

Imports

kernel32

GlobalMemoryStatusEx
VirtualProtect
GetLongPathNameW
GetCurrentProcessId
ExitProcess
SetUnhandledExceptionFilter
CreateThread
GetCurrentThread
GetCurrentThreadId
WriteProcessMemory
SuspendThread
ResumeThread
SetEvent
GetLogicalDrives
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
lstrcmpW
CreateMutexW
OpenEventW
GetLogicalDriveStringsW
LoadLibraryExW
GetCommandLineW
GetEnvironmentVariableW
EnumResourceNamesW
GetDriveTypeW
GetSystemDirectoryW
GetTempPathW
GetTempFileNameW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
SetCurrentDirectoryW
GetDiskFreeSpaceExW
RemoveDirectoryW
CreateFileA
DeleteFileA
MoveFileA
MoveFileW
WaitNamedPipeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoW
GetNumberFormatW
Module32FirstW
Module32NextW
VirtualAllocEx
VirtualFreeEx
CreateRemoteThread
lstrlenA
TerminateThread
GetExitCodeThread
ResetEvent
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
ReadProcessMemory
FindClose
DeviceIoControl
SetLastError
FreeResource
Thread32Next
Thread32First
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetVersionExW
MoveFileExW
CopyFileW
GetFullPathNameW
ExpandEnvironmentStringsW
CreateProcessW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
OpenFileMappingW
CreateEventW
lstrlenW
lstrcatW
lstrcpyW
lstrcpynW
lstrcmpiW
lstrcmpA
GetSystemInfo
Sleep
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetThreadTimes
OpenThread
GetProcessId
TerminateProcess
GetCurrentProcess
OpenProcess
LocalFree
LocalAlloc
GlobalFree
FreeLibrary
GlobalLock
GlobalAlloc
GetProcAddress
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
InterlockedDecrement
InterlockedIncrement
FindNextFileW
GetTickCount
FileTimeToSystemTime
GetLocalTime
GetFileSize
GetFileInformationByHandle
GetFileAttributesW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
LocalFileTimeToFileTime
SystemTimeToFileTime
CloseHandle
SetFileTime
SetFilePointer
ReadFile
WriteFile
WideCharToMultiByte
DeleteFileW
SetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
FindResourceExW
FindResourceW
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
SetEndOfFile
WriteConsoleW
FlushFileBuffers
DecodePointer
OutputDebugStringA
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetTimeZoneInformation
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetACP
GetStdHandle
GetModuleFileNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetFullPathNameA
PeekNamedPipe
GetFileType
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetUserDefaultUILanguage
MulDiv
IsBadStringPtrW
GetStringTypeW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
EncodePointer
FormatMessageW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter
WaitForSingleObjectEx
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
VirtualQuery
FindFirstFileW
GlobalUnlock
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
LockResource
GetStartupInfoW

gdi32

TextOutW
MoveToEx
StretchBlt
ExtSelectClipRgn
SelectClipRgn
RoundRect
LineTo
GetTextExtentPoint32W
GetClipBox
GetCharABCWidthsW
CreateRectRgnIndirect
CreateRectRgn
CombineRgn
SetStretchBltMode
SetBitmapBits
GetStockObject
GetDeviceCaps
GetBitmapBits
CreateCompatibleBitmap
CreatePatternBrush
PtInRegion
OffsetRgn
SetWindowOrgEx
SaveDC
RestoreDC
CreateRoundRectRgn
BitBlt
GetTextMetricsW
GdiFlush
GetObjectW
CreateDCW
SetTextColor
SetBkMode
SetBkColor
Rectangle
CreateSolidBrush
CreatePen
CreateFontIndirectW
SetDIBColorTable
CreateDIBSection
SelectObject
GetDIBits
DeleteObject
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameW

advapi32

AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
CreateProcessAsUserW
RegCloseKey
RegCreateKeyExW
RegFlushKey
RegOpenKeyExW
RegQueryValueExW
SaferCreateLevel
SaferCloseLevel
SaferComputeTokenFromLevel
OpenProcessToken
GetTokenInformation
SetTokenInformation
AdjustTokenPrivileges
ConvertStringSidToSidW
FreeSid
GetLengthSid
LookupPrivilegeValueW
GetUserNameW
DuplicateTokenEx
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
SHFileOperationW
SHBrowseForFolderW
ExtractIconExW
ExtractIconW
CommandLineToArgvW
ShellExecuteW
DragAcceptFiles
DragQueryFileW
SHGetFolderPathW
SHGetMalloc
ShellExecuteExW
SHGetPathFromIDListW

ole32

OleLockRunning
CLSIDFromProgID
CLSIDFromString
CreateILockBytesOnHGlobal
ReleaseStgMedium
OleDuplicateData
OleSetContainedObject
OleCreateStaticFromData
StgCreateDocfileOnILockBytes
StgCreateDocfile
OleUninitialize
CoInitialize
CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoTaskMemRealloc

oleaut32

SetErrorInfo
VariantChangeType
SysAllocString
GetErrorInfo
VarUdateFromDate
VarUI4FromStr
VariantClear
VariantInit
SysFreeString
CreateErrorInfo

shlwapi

PathFileExistsW
PathAppendW
PathFindExtensionW
PathFileExistsA
PathFindFileNameW
PathRemoveExtensionW
SHDeleteKeyW

gdiplus

GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToStream
GdipDisposeImage
GdipCloneImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipGetImagePixelFormat
GdipAlloc
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesColorMatrix
GdipFree
GdipGetImagePalette
GdipGetImagePaletteSize
GdipDeleteGraphics
GdipDrawImageI
GdipDrawImageRectRectI
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusShutdown
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipTranslateWorldTransform
GdipSetStringFormatHotkeyPrefix
GdipCreateBitmapFromHICON
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatFlags
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipDrawImageRectI
GdipSaveImageToFile
GdipCreateHBITMAPFromBitmap
GdipSetImageAttributesWrapMode
GdipCreateBitmapFromStream
GdipCreateFromHDC
GdipReleaseDC
GdipRotateWorldTransform
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFontFromDC
GdipDrawPath
GdipDrawRectangleI
GdipDrawLineI
GdipSetTextRenderingHint
GdipSetImageAttributesColorKeys
GdipSetPenDashStyle
GdipDeletePen
GdipGraphicsClear
GdipSaveGraphics
GdiplusStartup
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipCreatePath
GdipDeletePath
GdipAddPathLineI
GdipAddPathArcI
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipCreatePen1

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

wininet

InternetGetLastResponseInfoW
HttpOpenRequestW
HttpSendRequestExW
HttpEndRequestW
HttpQueryInfoW
InternetSetOptionW
InternetWriteFile
InternetReadFile
InternetOpenUrlW
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCheckConnectionW

urlmon

URLDownloadToFileW
ObtainUserAgentString

crypt32

CertGetNameStringW
CryptQueryObject
CryptMsgGetParam
CryptDecodeObject
CertFindCertificateInStore

wintrust

WinVerifyTrust

winhttp

WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpOpenRequest

iphlpapi

GetAdaptersInfo

dbghelp

MiniDumpWriteDump

comctl32

ord17
_TrackMouseEvent

imm32

ImmSetCompositionWindow
ImmGetContext
ImmReleaseContext

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/softmastergreen.dll
.dll windows:5 windows x86 arch:x86

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:e5:f3:79:78:6e:d7:38:f3:f1:18:59:d1:6d:c2:17:34:87:da:f9
Signer

Actual PE Digest

08:e5:f3:79:78:6e:d7:38:f3:f1:18:59:d1:6d:c2:17:34:87:da:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

UPX0
Size: - Virtual size: 276KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/virtualdrivemaster.exe
.exe windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d8:2b:04:42:92:79:59:1f:95:e8:dc:1a:5a:6e:a7:55:ad:e1:00:3b
Signer

Actual PE Digest

d8:2b:04:42:92:79:59:1f:95:e8:dc:1a:5a:6e:a7:55:ad:e1:00:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 584KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 324KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 547KB - Virtual size: 546KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/visualmaster.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:2e:d9:47:db:62:87:e9:cf:b2:b3:90:85:9d:56:4b:6d:e9:f9:c5:c9:db:7a:30:d7:9f:f1:06:1c:ce:51:f1
Signer

Actual PE Digest

53:2e:d9:47:db:62:87:e9:cf:b2:b3:90:85:9d:56:4b:6d:e9:f9:c5:c9:db:7a:30:d7:9f:f1:06:1c:ce:51:f1

Digest Algorithm

sha256

PE Digest Matches

true

27:d2:c6:72:a3:45:4d:da:5b:a8:2b:27:91:d0:e3:48:01:f7:a2:22
Signer

Actual PE Digest

27:d2:c6:72:a3:45:4d:da:5b:a8:2b:27:91:d0:e3:48:01:f7:a2:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 479KB - Virtual size: 480KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 898KB - Virtual size: 898KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 289KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard.dll
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:66:e5:7f:1e:df:4a:c9:82:e9:52:f3:da:3f:a5:9d:32:2f:ce:68:78:2b:db:39:e1:f8:e0:00:4a:80:9d:6d
Signer

Actual PE Digest

1c:66:e5:7f:1e:df:4a:c9:82:e9:52:f3:da:3f:a5:9d:32:2f:ce:68:78:2b:db:39:e1:f8:e0:00:4a:80:9d:6d

Digest Algorithm

sha256

PE Digest Matches

true

b3:a0:30:2e:3e:4b:a3:31:f0:d5:51:cf:df:74:ed:c6:45:18:48:25
Signer

Actual PE Digest

b3:a0:30:2e:3e:4b:a3:31:f0:d5:51:cf:df:74:ed:c6:45:18:48:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DisableProtect
EnableProtect

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 87KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a0:f0:1d:48:7d:e6:4c:ef:ae:fe:94:e5:8a:1b:fa:24:fc:f0:4c:b9:fe:28:a9:32:7a:a1:df:8e:a2:e7:4c:77
Signer

Actual PE Digest

a0:f0:1d:48:7d:e6:4c:ef:ae:fe:94:e5:8a:1b:fa:24:fc:f0:4c:b9:fe:28:a9:32:7a:a1:df:8e:a2:e7:4c:77

Digest Algorithm

sha256

PE Digest Matches

true

f2:ca:92:59:60:d7:8d:76:fd:03:52:72:f7:3d:c4:1c:aa:6d:a2:9d
Signer

Actual PE Digest

f2:ca:92:59:60:d7:8d:76:fd:03:52:72:f7:3d:c4:1c:aa:6d:a2:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 336KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard_x64.dll
.dll windows:5 windows x64 arch:x64

1021865a8b7c4865c2c6af56a2b5f276

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:d3:f3:b0:31:6b:68:f8:b7:d6:4c:bf:a0:cd:d2:9d:5c:54:7a:f8:95:af:c0:d7:ff:94:9f:bf:d1:1a:a9:f9
Signer

Actual PE Digest

4a:d3:f3:b0:31:6b:68:f8:b7:d6:4c:bf:a0:cd:d2:9d:5c:54:7a:f8:95:af:c0:d7:ff:94:9f:bf:d1:1a:a9:f9

Digest Algorithm

sha256

PE Digest Matches

true

87:d5:8b:9f:a2:45:a4:fa:84:7d:e2:ec:8d:8c:e0:3f:fb:13:7d:49
Signer

Actual PE Digest

87:d5:8b:9f:a2:45:a4:fa:84:7d:e2:ec:8d:8c:e0:3f:fb:13:7d:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
GlobalAlloc
lstrcpyW
lstrlenW
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
FlushInstructionCache
VirtualProtectEx
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualQuery
GetSystemInfo
VirtualFree
CloseHandle
ResumeThread
SetThreadPriority
GetThreadPriority
Sleep
GetThreadContext
SuspendThread
OpenThread
GetProcAddress
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
LocalFree
GetLastError
GetProcessId
GlobalUnlock
SetEvent
OpenEventW
FreeLibrary
ExpandEnvironmentStringsW
ReadProcessMemory
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
GetVersionExW
lstrcmpiA
CreateProcessW
GetCommandLineW
LoadLibraryExW
GetStringTypeW
SetStdHandle
MultiByteToWideChar
SetFilePointer
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapSize
HeapReAlloc
LCMapStringW
FlsAlloc
GlobalFree
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
GetCurrentProcess
GetCurrentThreadId
OutputDebugStringW
lstrcmpW
IsBadReadPtr
lstrcmpiW
GetModuleFileNameW
DisableThreadLibraryCalls
GetCurrentProcessId
GetThreadSelectorEntry
GetCurrentThread
LocalAlloc
SetLastError
FlsFree
FlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
GetStartupInfoW
SetHandleCount
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WriteFile
ExitProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
FlsSetValue
CreateThread
ExitThread
GetSystemTimeAsFileTime
DecodePointer
WriteConsoleW
GetFileType
GetStdHandle
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
CreateFileW

user32

FindWindowW
GetWindowThreadProcessId
CallNextHookEx
PostMessageW
GetParent
SendMessageW
GetClassNameW
IsWindow
SendMessageTimeoutW
RegisterWindowMessageW
SetWindowTextW
GetWindowTextW
FindWindowExW
wsprintfW
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
OpenProcessToken
FreeSid
RegQueryValueExW
RegFlushKey
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

CoInitialize
CoCreateInstance
CoUninitialize
StringFromCLSID

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

shlwapi

PathAppendW
StrRStrIW
StrStrIW
StrStrIA

urlmon

CreateURLMoniker
CreateURLMonikerEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

wininet

HttpQueryInfoW
HttpOpenRequestW

oleacc

ObjectFromLresult

Exports

Exports

DisableProtect
EnableProtect

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 223KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/winguard_x64.exe
.exe windows:5 windows x64 arch:x64

6ca0e67ce35aa246844eaca8c3665624

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 3,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d7:9f:72:74:6f:5e:9f:a8:c7:fd:f3:95:3f:b9:6d:21:71:b2:f5:05:f2:7e:e3:bf:cf:10:76:36:1e:f8:01:d3
Signer

Actual PE Digest

d7:9f:72:74:6f:5e:9f:a8:c7:fd:f3:95:3f:b9:6d:21:71:b2:f5:05:f2:7e:e3:bf:cf:10:76:36:1e:f8:01:d3

Digest Algorithm

sha256

PE Digest Matches

true

b1:7f:70:a5:4a:ff:90:3b:82:63:4e:da:ec:57:76:21:77:2c:7c:fb
Signer

Actual PE Digest

b1:7f:70:a5:4a:ff:90:3b:82:63:4e:da:ec:57:76:21:77:2c:7c:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
HeapFree
LocalAlloc
HeapAlloc
GetProcessHeap
LocalFree
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
GetProcAddress
GetModuleHandleW
GetVersionExW
VirtualFreeEx
LoadLibraryW
WriteProcessMemory
VirtualAllocEx
lstrlenW
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
Module32NextW
Module32FirstW
lstrlenA
EnterCriticalSection
LeaveCriticalSection
SuspendThread
GetExitCodeThread
GetModuleFileNameW
CreateThread
DeviceIoControl
CreateFileW
OpenEventW
InitializeCriticalSectionAndSpinCount
FlushInstructionCache
FindNextFileW
FindClose
Sleep
OutputDebugStringW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCurrentThreadId
lstrcmpiW
lstrcpyW
SetLastError
CreateProcessW
GetStartupInfoW
ReadFile
GetFileSizeEx
CreateFileA
FreeLibrary
LoadLibraryExW
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileExW
MoveFileW
GetTickCount
DeleteFileW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
FindResourceW
FindFirstFileW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetWindowsDirectoryW
GetFullPathNameW
GetTempFileNameW
WriteFile
WaitNamedPipeW
DeleteFileA
MoveFileA
CopyFileW
GetLocalTime
SetEvent
CreateEventW
lstrcpyA
RemoveDirectoryW
GetComputerNameW
OpenMutexW
GetCommandLineW
GetCurrentProcessId
HeapReAlloc
HeapDestroy
LoadLibraryA
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
GetCurrentDirectoryW
WriteConsoleW
FlushFileBuffers
SetStdHandle
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
GetStringTypeW
InterlockedPushEntrySList
ExitProcess
HeapCreate
GetVersion
HeapSetInformation
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetFileType
SetHandleCount
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlLookupFunctionEntry
RtlUnwindEx
DecodePointer
EncodePointer
RtlPcToFileHeader
GetLocaleInfoW
GetStdHandle
FlsAlloc
GetSystemTimeAsFileTime
GetDateFormatW
GetTimeFormatW
LoadResource
LockResource
SizeofResource
GetLogicalDrives
RaiseException
FlsFree
FlsSetValue
FlsGetValue
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ExitThread
HeapSize

user32

PeekMessageW
CharNextW
DefWindowProcW
RegisterClassExW
SetWindowLongPtrW
CreateWindowExW
GetMessageW
DestroyWindow
wsprintfW
GetSystemMetrics
RegisterWindowMessageW
IsWindow
FindWindowW
TranslateMessage
DispatchMessageW
CallWindowProcW
PostThreadMessageW
GetWindowThreadProcessId
UnregisterClassA
MessageBoxW
GetClassInfoExW
LoadCursorW
GetWindowLongPtrW

shell32

ShellExecuteExW
CommandLineToArgvW
ShellExecuteW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoInitializeSecurity
CoTaskMemFree
CoInitializeEx
CoSetProxyBlanket
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr
VariantClear
VariantInit
SysAllocString
VariantTimeToSystemTime
SysFreeString
SystemTimeToVariantTime

shlwapi

PathFileExistsA
PathFileExistsW
PathAppendW

mprapi

MprConfigServerConnect
MprConfigGetFriendlyName

iphlpapi

GetInterfaceInfo
GetNetworkParams
GetAdaptersInfo
GetPerAdapterInfo

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

InternetReadFile
InternetOpenW
InternetSetOptionW
InternetOpenUrlW
InternetCloseHandle
InternetCheckConnectionW
HttpQueryInfoW

urlmon

URLDownloadToFileW

Sections

.text
Size: 406KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Microsoft/Internet Explorer/Quick Launch/winmaster.exe
.exe windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

13/03/2016, 00:00

Not After

26/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/01/2016, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11/06/2015, 00:00

Not After

29/12/2020, 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 4,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01/01/1997, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

36:c2:b8:65:41:46:4c:12:d3:a0:f5:d4:e0:62:e0:e6:c2:ae:53:48:50:52:c8:35:36:6f:f2:e2:50:e9:54:47
Signer

Actual PE Digest

36:c2:b8:65:41:46:4c:12:d3:a0:f5:d4:e0:62:e0:e6:c2:ae:53:48:50:52:c8:35:36:6f:f2:e2:50:e9:54:47

Digest Algorithm

sha256

PE Digest Matches

true

c4:11:5b:c3:b0:df:46:1c:75:51:4f:54:56:cd:c8:6c:01:a7:1d:0f
Signer

Actual PE Digest

c4:11:5b:c3:b0:df:46:1c:75:51:4f:54:56:cd:c8:6c:01:a7:1d:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 611KB - Virtual size: 612KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$APPDATA/Microsoft/Internet Explorer/Quick Launch/读我.txt
$PLUGINSDIR/MPlugin_NSIS.dll
.dll windows:5 windows x86 arch:x86

Code Sign

9f:ea:c8:11:b0:f1:62:47:a5:fc:20:d8:05:23:ac:e6
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

05/05/2015, 00:00

Not After

31/12/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:e4:f3:47:8c:eb:8f:3b:8b:87:e0:ab:04:a7:ac:cf
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/07/2014, 00:00

Not After

23/08/2017, 23:59

Subject

CN=Qingdao Ruanmei Network Technology Co.\,Ltd.,OU=IT,O=Qingdao Ruanmei Network Technology Co.\,Ltd.,L=Qingdao,ST=Shandong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:00:a3:8c:79:de:1b:de:f7:74:6a:57:2d:6c:d7:ad:a9:1a:5b:58
Signer

Actual PE Digest

9e:00:a3:8c:79:de:1b:de:f7:74:6a:57:2d:6c:d7:ad:a9:1a:5b:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ArragePath
CloseProcessByClassName
CloseProcessByProcessName
CloseWinGuard
CombinePath
ComponentImportConfig
CreateCheckBox
CreateDir
CreateEdit
CreateHyperLink
CreateProgress
CreatePushButton
CreateShotcut
CreateStatic
DeleteOneFile
ExecNoAdmin
FindProcessByProcessName
FindWindowByClassName
GetCheck
GetFontSize
GetProgressPos
GetText
GetTextAlignMode
Init
IsEnable
IsFontBold
IsInFavorite
IsPathVolid
IsVisible
IsWin10OrLater
IsWin8
IsWin8Blue
MainPageIsOurs
MoveCtrl
NotifyMainPage
RegChildDialog
RegCtrlEventHandler
RegDialogMsgHandler
ResizeCtrl
ResizeMainWindow
SearchEngineIsOurs
SetAeroEnable
SetCheck
SetChildDialogBorder
SetCtrlTextColor
SetEditBkColor
SetEnable
SetFontBold
SetFontSize
SetProgressPos
SetShadowEnable
SetText
SetTextAlignMode
SetVisible
SetWindowRoundCorner
ShowFolderSelDialog
StartThread
StartWindowBkImage
StartWindowSizingAni
StopThread
Uninit
UnregChildDialog

Sections

UPX0
Size: - Virtual size: 212KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 119KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/img/6.png
.png
$PLUGINSDIR/img/blue-bg.png
.png
$PLUGINSDIR/img/browse_button_down.png
.png
$PLUGINSDIR/img/browse_button_normal.png
.png
$PLUGINSDIR/img/browse_button_over.png
.png
$PLUGINSDIR/img/chkbox_normal.png
.png
$PLUGINSDIR/img/chkbox_normal_checked.png
.png
$PLUGINSDIR/img/chkbox_over.png
.png
$PLUGINSDIR/img/chkbox_over_checked.png
.png
$PLUGINSDIR/img/close_button_down.png
.png
$PLUGINSDIR/img/close_button_normal.png
.png
$PLUGINSDIR/img/close_button_over.png
.png
$PLUGINSDIR/img/dlg_shadow.png
.png
$PLUGINSDIR/img/inst_button_down.png
.png
$PLUGINSDIR/img/inst_button_normal.png
.png
$PLUGINSDIR/img/inst_button_over.png
.png
$PLUGINSDIR/img/logo.png
.png
$PLUGINSDIR/img/logobig.png
.png
$PLUGINSDIR/img/min_button_down.png
.png
$PLUGINSDIR/img/min_button_normal.png
.png
$PLUGINSDIR/img/min_button_over.png
.png
$PLUGINSDIR/img/path_input_bg.png
.png
$PLUGINSDIR/img/progress_bkgnd.png
.png
$PLUGINSDIR/img/progress_forgndmid.png
.png
$PLUGINSDIR/img/windowBk.png
.png
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_39_/$_39_/uninstall_pcmaster.exe.nsis

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9Certificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

2d:7e:8c:2b:2d:ae:48:f0:be:24:81:1c:a4:8b:e2:ea:70:7b:9b:fc:64:8e:92:ba:b2:d9:ea:25:54:42:d7:9cSigner

36:bb:67:78:38:ba:d9:d4:15:83:e7:58:a9:72:95:46:30:96:a6:beSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.8MB

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 4KB - Virtual size: 3KB

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1fCertificate

Extended Key Usages

Key Usages

Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

22:ad:37:44:46:62:a8:df:e8:35:2c:22:bf:53:43:98:d0:03:01:d6:79:69:7b:f2:57:da:4a:c9:74:4e:5f:7cSigner

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

2d:7e:8c:2b:2d:ae:48:f0:be:24:81:1c:a4:8b:e2:ea:70:7b:9b:fc:64:8e:92:ba:b2:d9:ea:25:54:42:d7:9c
Signer

36:bb:67:78:38:ba:d9:d4:15:83:e7:58:a9:72:95:46:30:96:a6:be
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.8MB

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

70:a0:1c:f4:ea:ef:99:fd:46:6c:ed:16:30:c1:b0:1f
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

22:ad:37:44:46:62:a8:df:e8:35:2c:22:bf:53:43:98:d0:03:01:d6:79:69:7b:f2:57:da:4a:c9:74:4e:5f:7c
Signer

96:65:35:33:7c:38:c1:5b:11:fe:68:99:7d:24:35:78:b9:bd:60:79
Signer

UPX0
Size: - Virtual size: 756KB

UPX1
Size: 422KB - Virtual size: 424KB

.rsrc
Size: 45KB - Virtual size: 48KB

.text
Size: 784KB - Virtual size: 783KB

.rdata
Size: 167KB - Virtual size: 167KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 135KB - Virtual size: 135KB

.reloc
Size: 54KB - Virtual size: 54KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:28:4b:e9:ab:1a:22:9c:8f:2c:9f:dd:7b:7e:4a:e4
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5a:de:81:b0:3a:cc:dd:91:fa:96:e7:89:18:ad:f6:e7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

55:45:ca:02:24:61:90:d9:79:ee:b4:0d:b9:ff:bc:18
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

92:82:66:e6:07:0d:cf:1d:56:da:21:48:79:64:c5:cc:67:2f:e4:a8:7b:44:bc:e6:5b:78:83:b9:90:39:1c:9f
Signer

9e:09:93:f4:2f:0f:11:dc:14:1f:ef:5a:44:aa:99:d1:7a:1a:d1:7f
Signer

UPX0
Size: - Virtual size: 1.1MB

UPX1
Size: 562KB - Virtual size: 564KB

.rsrc
Size: 65KB - Virtual size: 68KB

.text
Size: 1022KB - Virtual size: 1022KB

.rdata
Size: 336KB - Virtual size: 336KB

.data
Size: 33KB - Virtual size: 53KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 424B

.rsrc
Size: 212KB - Virtual size: 211KB

.reloc
Size: 77KB - Virtual size: 76KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate