5fe590ba6c4dd86f391fb4b8de208cdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5fe590ba6c4dd86f391fb4b8de208cdd_JaffaCakes118
Size

7.5MB
MD5

5fe590ba6c4dd86f391fb4b8de208cdd
SHA1

1ead38120e9d67da7faf52b841eb19a2933fe012
SHA256

fcccdd695daeb39fc2a3b75ad7f22547cd793c02da33fda2afe1cd22da3e2f11
SHA512

5c55faa35467999af0e4195301a8ac0bbf147b9dfc15f040fbea7a8625f478fcf452720fe1a1bbbe7481e2cf8015382c3e970e2873535dc92455e733ffcae073
SSDEEP

196608:oXU57nLpEFqIoeUGX1AzXQJxqHu3tHgzlcO71hv:oanLp62KASxf9Nob

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/nsDialogs.dll

Files

5fe590ba6c4dd86f391fb4b8de208cdd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 996KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/SGWPCommon/SGWPSheEx32.dll
.dll regsvr32 windows:5 windows x86 arch:x86

2b6a9512f2a7a723c41306b2f3e550f8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\SGWPSheEx32.pdb

Imports

kernel32

LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemInfo
GetCurrentProcess
WriteFile
LoadLibraryW
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
HeapAlloc
HeapFree
RtlUnwind
GetCommandLineA
GetFileAttributesW
GetSystemTimeAsFileTime
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

CharNextW

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/SGWPCommon/SGWPSheEx64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

804fa8851d4abfd302d5f3c7aeccb16b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\SGWPSheEx64.pdb

Imports

kernel32

LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetLastError
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemInfo
GetCurrentProcess
WriteFile
LoadLibraryW
GetCurrentThreadId
CloseHandle
WideCharToMultiByte
RtlUnwindEx
HeapAlloc
HeapFree
RtlPcToFileHeader
RtlLookupFunctionEntry
FlsSetValue
GetCommandLineA
GetFileAttributesW
GetSystemTimeAsFileTime
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

CharNextW

advapi32

RegDeleteKeyW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegEnumKeyExW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HWSignature.dll
.dll windows:5 windows x86 arch:x86

02a9058c889f86b891a63b683ab98a79

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupLib.dll
.dll windows:5 windows x86 arch:x86

97f70d97b58ffbd6b2a6903ada8ac064

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper_2.5.2_GW\bin\SetupLib.pdb

Imports

shlwapi

PathFileExistsW
StrToIntW
PathIsDirectoryW
SHGetValueW
StrStrIW

kernel32

ReadFile
FlushFileBuffers
SetFileAttributesW
lstrcpyW
InitializeCriticalSectionAndSpinCount
Sleep
DebugBreak
GetCurrentProcessId
DeleteFileW
CloseHandle
GetDiskFreeSpaceExW
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
DeviceIoControl
Process32FirstW
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
RaiseException
FlushInstructionCache
lstrlenW
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
OpenProcess
WriteFile
OutputDebugStringW
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetDriveTypeW
lstrlenA
SetEndOfFile
SetFilePointer
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
VirtualProtect
SetEnvironmentVariableA
LocalFree
FindNextFileW
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
FindClose
FindFirstFileW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
SetStdHandle
GetFullPathNameA
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
InterlockedExchange
RemoveDirectoryW
GetFileAttributesW
CreateDirectoryW
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
LoadLibraryA
GetStdHandle
PeekNamedPipe
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
SleepEx
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
GetModuleHandleW
GetCurrentThread
GetTickCount
GetVersionExW
TerminateProcess
CreateProcessW
GetSystemDirectoryW
GetModuleFileNameW
GetSystemInfo
lstrcatW
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
GetLocalTime

user32

CreateWindowExW
FindWindowExW
IsWindow
LoadStringW
SetWindowLongW
GetDlgItem
ReleaseDC
GetWindowLongW
RegisterClassExW
GetDC
GetClassInfoExW
FindWindowW
LoadCursorW
wvsprintfW
CharNextW
DestroyWindow
MoveWindow
SetWindowTextW
EnableWindow
GetDlgItemTextW
SetWindowPos
GetWindowTextW
GetParent
KillTimer
PostMessageW
GetWindowRect
SetTimer
GetWindowTextLengthW
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
GetSystemMenu
GetDlgCtrlID
MessageBoxW
GetCursorPos
SetClassLongW
InvalidateRect
OffsetRect
PtInRect
GetClientRect
TrackMouseEvent
ScreenToClient
IsWindowVisible
UnregisterClassA
RemovePropW
MonitorFromPoint
IntersectRect
UnionRect
GetSystemMetrics
GetWindowThreadProcessId
UpdateLayeredWindow
GetFocus
DrawTextW
GetDesktopWindow
ClientToScreen
SetCursor
PostQuitMessage
IsIconic
SetCapture
GetKeyState
SetDlgItemTextW
SendMessageW
SetPropW
ReleaseCapture
GetPropW
EndPaint
FillRect
LoadImageW
BeginPaint
CallWindowProcW
DefWindowProcW
GetSysColorBrush
MessageBoxIndirectW
ShowWindow
LoadIconW
SetFocus
SetParent
SetForegroundWindow
SystemParametersInfoW
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
TranslateMessage
GetMessageW
IsWindowEnabled
CopyRect

gdi32

GetFontData
CreateDIBSection
BitBlt
SetViewportOrgEx
DeleteDC
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
CreatePen
GetObjectW
GetTextExtentExPointW
SelectObject
DeleteObject
SetBkMode
SetBkColor
CreateFontIndirectW
SetTextColor
LineTo
MoveToEx

advapi32

RegCloseKey
GetLengthSid
RegOpenKeyExW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
BuildExplicitAccessWithNameW
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
SetEntriesInAclW
RegQueryValueExW
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
OleDraw
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
GetErrorInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

psapi

GetModuleBaseNameW

ws2_32

gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord200
ord32

wininet

InternetOpenUrlW
InternetOpenW
InternetSetOptionW
InternetCloseHandle

Exports

Exports

AddAccess
AddAppToFireWall
AttachProgressBar
CheckAccess
CheckMainWndVisible
CreateCheckBox
CreateStatic
CreateStaticLink
ExecMedium
ExecShellWait
ExitAllProcess
GetAssignedFormatID
GetAssignedWideID
GetAutoKey
GetAutoValue
GetBtnClicked
GetCheckBoxState
GetFeedBackContact
GetFeedBackReason
GetHWID
GetInstallPath
GetMyPixel
GetPPName
GetRealSize
GuiInitAndAttach
HideChildWindows
InitInstallPath
InitResource
LoadAutoKeyValueFromFile
ModifyInstDir
MonitorCheckBox
MonitorSize
MonitorUninstallCompleted
OnAbort
OnPageLeave
OnPagePre
OnPageShow
Ping
PingBackAnotherThread
RemoveFireWall
RunAsMedium
SaveAutoKeyValueToFile
SetCheckBoxState
SetEditToMultiLine
SetReadSecond
SetReadSecondSimple
URLEncode
UnGuiInitAndAttach
UnPinQuickLauch
UpdateUserRcmd
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupUI.cupf
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/donghua.swf
$PLUGINSDIR/flashbk.png
.png
$PLUGINSDIR/install0.bmp
$PLUGINSDIR/install1.bmp
$PLUGINSDIR/install2.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$_19_/SogouWP/Boot/SogouWP.exe
.exe windows:5 windows x86 arch:x86

699b10a17b447a68ffe65f81ba480dd1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_GW\bin\SGWPBoot.pdb

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetCurrentProcess
OutputDebugStringW
WriteFile
LoadLibraryW
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
FindFirstFileW
GetFileAttributesW
FileTimeToSystemTime
GetLastError
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
RaiseException
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
FlushFileBuffers
FreeLibrary
GetSystemInfo
GetProcAddress
GetModuleHandleW
ExitProcess

shell32

ShellExecuteW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_19_/SogouWP/Calendar/Boot/sogouWPCW.exe
.exe windows:5 windows x86 arch:x86

699b10a17b447a68ffe65f81ba480dd1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_GW\bin\SGWPBoot.pdb

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetCurrentProcess
OutputDebugStringW
WriteFile
LoadLibraryW
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
FindFirstFileW
GetFileAttributesW
FileTimeToSystemTime
GetLastError
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
RaiseException
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
FlushFileBuffers
FreeLibrary
GetSystemInfo
GetProcAddress
GetModuleHandleW
ExitProcess

shell32

ShellExecuteW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/DTStub.dll
.dll windows:5 windows x86 arch:x86

fdcc5b8e651211ebed82a74ca68e814c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\Bin\DTStub.pdb

Imports

user32

FindWindowExW
wvsprintfW
SetWindowLongW
CallWindowProcW
DefWindowProcW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FlushFileBuffers
CreateFileA
GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
GetLastError
SetLastError
GetProcAddress
GetCurrentThreadId
CloseHandle
OutputDebugStringW
WideCharToMultiByte
GetCurrentProcessId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCPInfo
GetACP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
RaiseException
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP

Exports

Exports

DTStub_Install
DTStub_UnInstall

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/DTStub64.dll
.dll windows:5 windows x64 arch:x64

b9bc0a520e4f1e6f1c4dba8ee9592d78

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\Bin\DTStub64.pdb

Imports

user32

FindWindowExW
wvsprintfW
SetWindowLongPtrW
CallWindowProcW
DefWindowProcW
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

FlushFileBuffers
CreateFileA
GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
GetLastError
SetLastError
GetProcAddress
GetCurrentThreadId
CloseHandle
OutputDebugStringW
WideCharToMultiByte
GetCurrentProcessId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
FlsSetValue
GetCommandLineA
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
Sleep
ExitProcess
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
GetTickCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RaiseException
RtlPcToFileHeader
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
QueryPerformanceCounter

Exports

Exports

DTStub_Install
DTStub_UnInstall

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/HWSignature.dll
.dll windows:5 windows x86 arch:x86

02a9058c889f86b891a63b683ab98a79

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/HWSignature64.dll
.dll windows:5 windows x64 arch:x64

6b143cead3841aaf7270b43f834f6059

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\Bin\HWSignature64.pdb

Imports

ws2_32

WSAStartup

kernel32

GetStdHandle
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 654B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/RcmdDate.ini
2.5.2.2509/Recommend_Big.gz
.gz
config.1.2.ini
2.5.2.2509/Recommend_Cursor.gz
.gz
config.cursor.ini
2.5.2.2509/Res/Surf/LinkError.html
.html .js polyglot
2.5.2.2509/Res/Surf/images/close.png
.png
2.5.2.2509/Res/Surf/images/loadfailed.png
.png
2.5.2.2509/Res/Surf/images/retry.png
.png
2.5.2.2509/SGBrowserInfo.exe
.exe windows:5 windows x86 arch:x86

487f0df12ad7a7dd87fc98139b2b5654

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper\bin\SGBrowserInfo.pdb

Imports

kernel32

GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetLastError
CreateMutexW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetModuleHandleA
SetStdHandle
LCMapStringW
LCMapStringA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
RtlUnwind
FindFirstFileA
FreeLibrary
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
WriteFile
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetSystemInfo
GetCurrentThreadId
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
lstrcpyW
WideCharToMultiByte
OpenMutexW
ReleaseMutex
MultiByteToWideChar
FindFirstFileW
FindClose
LocalAlloc
LocalFree
UnmapViewOfFile
Sleep
ReadFile
FlushFileBuffers
SetLastError
SetEndOfFile
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
SleepEx
GetVersionExA
GetTickCount
PeekNamedPipe
GetStdHandle
LoadLibraryA
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
GetFileAttributesW
FlushInstructionCache
FindResourceW
LoadResource
SizeofResource
LockResource
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA

user32

PtInRect
GetClientRect
FindWindowW
KillTimer
PostMessageW
PostQuitMessage
GetWindowRect
SetTimer
GetCursorPos
SetLayeredWindowAttributes
GetMessageW
TranslateMessage
DispatchMessageW
SetWindowPos
FillRect
DrawTextW
InflateRect
IntersectRect
UpdateLayeredWindow
MonitorFromPoint
EndPaint
DestroyWindow
ScreenToClient
SetCapture
UnregisterClassW
LoadCursorW
IsWindowEnabled
SetRectEmpty
BeginPaint
GetClassInfoExW
GetDC
RegisterClassExW
GetWindowThreadProcessId
GetMonitorInfoW
IsWindowVisible
IsWindow
ShowWindow
SystemParametersInfoW
GetWindowLongW
GetParent
IsIconic
wvsprintfW
IsRectEmpty
DefWindowProcW
SendMessageW
ReleaseCapture
CreateWindowExW
RedrawWindow
SetWindowLongW
ReleaseDC
PeekMessageW
UnionRect
LoadIconW

gdi32

GetObjectW
BitBlt
DeleteDC
CreateDIBSection
SelectObject
CreateCompatibleDC
GetStockObject
DeleteObject
StretchBlt
GetTextExtentPoint32W
SetTextColor
SetBkMode

ole32

OleCreate
OleUninitialize
CoInitialize
OleInitialize
StgCreateDocfile

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

imm32

ImmDisableIME

ws2_32

select
recvfrom
sendto
__WSAFDIsSet
getpeername
getsockname
WSAIoctl
connect
WSAGetLastError
htons
WSACleanup
WSAStartup
getsockopt
ntohs
WSASetLastError
socket
bind
recv
setsockopt
send
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
closesocket

wldap32

ord211
ord32
ord35
ord22
ord50
ord143
ord41
ord26
ord60
ord30
ord79
ord33
ord46
ord27
ord301
ord200

advapi32

AddAccessAllowedAceEx
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteW

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGBrowserSurf.exe
.exe windows:5 windows x86 arch:x86

eab5a1bf7951b148951f611ae3f853b9

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_Game\bin\SGBrowserSurf.pdb

Imports

kernel32

GetTickCount
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetLastError
CreateMutexW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetStdHandle
LCMapStringW
LCMapStringA
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RaiseException
RtlUnwind
FindFirstFileA
GetDriveTypeA
FreeLibrary
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
WriteFile
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetSystemInfo
GetCurrentThreadId
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
lstrcpyW
WideCharToMultiByte
OpenMutexW
ReleaseMutex
MultiByteToWideChar
FindFirstFileW
FindClose
LocalAlloc
LocalFree
UnmapViewOfFile
Sleep
ReadFile
FlushFileBuffers
SetLastError
SetEndOfFile
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
SleepEx
GetVersionExA
PeekNamedPipe
GetStdHandle
LoadLibraryA
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
GetFileAttributesW
FlushInstructionCache
FindResourceW
LoadResource
SizeofResource
LockResource
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetSystemTimeAsFileTime
HeapReAlloc
FileTimeToLocalFileTime
GetDriveTypeW

user32

SetWindowPos
PtInRect
GetClientRect
FindWindowW
KillTimer
PostMessageW
PostQuitMessage
GetWindowRect
SetTimer
GetCursorPos
SetLayeredWindowAttributes
GetMessageW
TranslateMessage
DispatchMessageW
GetWindowLongW
FillRect
DrawTextW
InflateRect
IntersectRect
UpdateLayeredWindow
MonitorFromPoint
EndPaint
DestroyWindow
ScreenToClient
SetCapture
UnregisterClassW
LoadCursorW
IsWindowEnabled
SetRectEmpty
BeginPaint
GetClassInfoExW
GetDC
RegisterClassExW
GetWindowThreadProcessId
GetMonitorInfoW
IsWindowVisible
IsWindow
ShowWindow
SystemParametersInfoW
GetParent
IsIconic
wvsprintfW
IsRectEmpty
DefWindowProcW
SendMessageW
ReleaseCapture
CreateWindowExW
RedrawWindow
SetWindowLongW
ReleaseDC
PeekMessageW
UnionRect
LoadIconW

gdi32

SetBkMode
BitBlt
DeleteDC
CreateDIBSection
DeleteObject
SelectObject
CreateCompatibleDC
GetStockObject
GetObjectW
StretchBlt
GetTextExtentPoint32W
SetTextColor

ole32

OleCreate
OleUninitialize
CoInitialize
OleInitialize
StgCreateDocfile

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

imm32

ImmDisableIME

ws2_32

select
sendto
__WSAFDIsSet
getpeername
WSAIoctl
setsockopt
connect
WSAGetLastError
htons
ntohs
WSACleanup
WSAStartup
getsockname
closesocket
WSASetLastError
socket
bind
recv
send
gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
getsockopt

wldap32

ord211
ord32
ord35
ord22
ord50
ord143
ord41
ord26
ord60
ord30
ord79
ord46
ord301
ord33
ord27
ord200

advapi32

InitializeSecurityDescriptor
RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
RegOpenKeyExW
RegCloseKey
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
SetSecurityDescriptorDacl
AddAccessAllowedAceEx

shell32

ShellExecuteW

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGDynamicWp.exe
.exe windows:5 windows x86 arch:x86

b35909b463baed0d0df449445379556f

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper\bin\SGDynamicWp.pdb

Imports

kernel32

DebugBreak
GetCurrentThreadId
GetSystemInfo
FindClose
GetModuleHandleW
FindFirstFileW
WaitForMultipleObjects
CreateEventW
Sleep
SetEvent
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GetLastError
CreateMutexW
IsProcessorFeaturePresent
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetFullPathNameA
GetCurrentDirectoryA
GetFullPathNameW
GetTimeZoneInformation
GetProcessHeap
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
VirtualAlloc
QueryPerformanceCounter
VirtualFree
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
FindFirstFileA
GetDriveTypeA
GetDriveTypeW
FileTimeToLocalFileTime
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
GetStartupInfoW
FreeLibrary
LoadLibraryW
GetModuleFileNameW
GetProcAddress
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcessId
GetCurrentProcess
FlushInstructionCache
ReadFile
CreateFileW
GetFileSizeEx
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
SetThreadPriority
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
GetLocalTime
SetFileAttributesW
MoveFileExW
CreateDirectoryW
CopyFileW
GetFileAttributesW
FileTimeToSystemTime
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
OpenMutexW
ReleaseMutex
CreateProcessW
OutputDebugStringW
WriteFile
GetSystemDirectoryW
GetVersionExW
GetVersion
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
lstrcatW
lstrcpyW
LocalAlloc
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
FlushFileBuffers
SetLastError
SetEndOfFile
MoveFileW
GetFileType
GetFileInformationByHandle
SleepEx
GetVersionExA
PeekNamedPipe
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread

user32

GetDesktopWindow
SystemParametersInfoW
IsWindow
EnumDisplayMonitors
GetWindowThreadProcessId
MessageBoxW
ShowWindow
SetWindowPos
GetClientRect
KillTimer
GetWindowRect
SetTimer
UpdateLayeredWindow
BeginPaint
PostQuitMessage
EndPaint
FindWindowExW
IsWindowVisible
GetMonitorInfoW
PostMessageW
FindWindowW
IntersectRect
GetSysColor
GetSystemMetrics
WindowFromPoint
GetKeyState
MoveWindow
wvsprintfW
DefWindowProcW
CreateWindowExW
SetWindowLongW
RegisterClassExW
LoadCursorW
DispatchMessageW
IsRectEmpty
SendMessageW
ReleaseCapture
GetCursorPos
RedrawWindow
ReleaseDC
PeekMessageW
GetWindowLongW
UnionRect
LoadIconW
TranslateMessage
GetDC
GetClassInfoExW
SetRectEmpty
IsWindowEnabled
UnregisterClassW
SetCapture
GetMessageW
ScreenToClient
DestroyWindow
PtInRect
SetCursor
MonitorFromPoint
IsIconic
InflateRect
DrawTextW
FillRect

gdi32

CreateCompatibleDC
SelectObject
DeleteObject
StretchBlt
DeleteDC
BitBlt
CreateDIBSection
GetDeviceCaps
GetTextExtentPoint32W
SetTextColor
SetBkMode
GetStockObject
GetObjectW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

OleDraw
CoTaskMemFree
CoInitialize
CoCreateInstance

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrStrIW
SHGetValueW
PathFileExistsW

comctl32

_TrackMouseEvent

ws2_32

bind
getsockname
gethostname
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
WSACleanup
WSAStartup
getsockopt
closesocket
WSASetLastError
socket
setsockopt
recv
getaddrinfo
freeaddrinfo
ioctlsocket
listen

wldap32

ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord200
ord32
ord211
ord46
ord301
ord35
ord22
ord50

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle

advapi32

AddAccessAllowedAceEx
RegOpenKeyExW
RegCloseKey
InitializeSecurityDescriptor
RegQueryValueExW
SetSecurityDescriptorDacl
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl

oleaut32

GetErrorInfo
SysFreeString
SysAllocString

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 852KB - Virtual size: 851KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGUpdater.exe
.exe windows:5 windows x86 arch:x86

b02d995c3f178d5e15b5d22259e512eb

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_GW\bin\SGUpdater.pdb

Imports

kernel32

GetCurrentThreadId
DebugBreak
GetModuleHandleW
CloseHandle
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetModuleHandleA
SetStdHandle
LCMapStringW
LCMapStringA
GetFullPathNameA
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
TlsFree
GetLastError
CreateMutexW
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetDriveTypeW
FileTimeToLocalFileTime
CreateThread
ExitThread
IsDebuggerPresent
FreeLibrary
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
GetModuleFileNameW
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcessId
InterlockedIncrement
CreateProcessW
GetCurrentProcess
WaitForSingleObject
OutputDebugStringW
WriteFile
OpenProcess
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetSystemInfo
GetVersion
DeleteFileW
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
GetLocalTime
lstrcatW
lstrcpyW
WideCharToMultiByte
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
MultiByteToWideChar
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
LocalFree
OpenMutexW
ReleaseMutex
UnmapViewOfFile
Sleep
ReadFile
FlushFileBuffers
SetLastError
SetFileAttributesW
SetEndOfFile
MoveFileW
InterlockedDecrement
FileTimeToSystemTime
GetFileType
GetFileInformationByHandle
SleepEx
GetVersionExA
GetTickCount
PeekNamedPipe
GetStdHandle
LoadLibraryA
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
MoveFileExW
CreateDirectoryW
CopyFileW
GetFileAttributesW
RemoveDirectoryW
FindResourceExW
FindResourceW
LoadResource
SetEvent
SizeofResource
GetExitCodeProcess
LockResource
CreateEventW
GlobalFindAtomW
GlobalAddAtomW
FlushInstructionCache
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
UnhandledExceptionFilter

user32

IntersectRect
MoveWindow
EndPaint
DestroyWindow
GetMessageW
SetCursor
UnregisterClassW
LoadCursorW
IsWindowEnabled
SetRectEmpty
BeginPaint
GetClassInfoExW
WaitMessage
GetDC
TranslateMessage
UnionRect
MonitorFromPoint
UpdateLayeredWindow
InflateRect
DrawTextW
FillRect
SetCapture
SendMessageW
IsWindowVisible
FindWindowW
PostMessageW
GetWindowThreadProcessId
MessageBoxW
IsWindow
ShowWindow
SetWindowPos
SetWindowLongW
SystemParametersInfoW
GetWindowLongW
PtInRect
GetClientRect
AnimateWindow
KillTimer
PostQuitMessage
ScreenToClient
SetTimer
PeekMessageW
ReleaseDC
GetMonitorInfoW
AllowSetForegroundWindow
MonitorFromWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
LoadImageW
IsIconic
GetWindowRect
wvsprintfW
LoadIconW
CharLowerBuffW
DispatchMessageW
IsRectEmpty
DefWindowProcW
ReleaseCapture
CreateWindowExW
GetCursorPos
RedrawWindow
RegisterClassExW

gdi32

BitBlt
DeleteDC
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
CreateFontW
CreateDIBSection
CreatePen
StretchBlt
MoveToEx
GetTextExtentPoint32W
LineTo
SetTextColor
SetBkMode
GetStockObject
GetObjectW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msimg32

AlphaBlend

ws2_32

WSACleanup
WSAStartup
getsockopt
closesocket
getsockname
WSASetLastError
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
socket
bind
recv
ntohs
setsockopt

wldap32

ord50
ord35
ord32
ord200
ord22
ord143
ord41
ord26
ord60
ord46
ord211
ord301
ord27
ord33
ord79
ord30

comctl32

_TrackMouseEvent

wininet

InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

advapi32

RegQueryValueExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExW
RegCloseKey
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
RegSetValueExW

shell32

Shell_NotifyIconW
SHGetFolderPathW
ShellExecuteExW
ShellExecuteW

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 635KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPCCenter.exe
.exe windows:5 windows x86 arch:x86

8eddd6f3c4ed69c763e6e3bbb13d7551

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper\bin\SGWPCCenter.pdb

Imports

imm32

ImmDisableIME

kernel32

InterlockedIncrement
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
OutputDebugStringW
WriteFile
FormatMessageW
CreateFileW
lstrlenW
GetLocalTime
lstrcatW
GetCurrentThreadId
lstrcpyW
GetSystemInfo
WaitForSingleObject
GetSystemDirectoryW
GetVersionExW
GetVersion
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
LocalFree
WideCharToMultiByte
MultiByteToWideChar
OpenMutexW
ReleaseMutex
UnmapViewOfFile
GetTempFileNameW
CreateDirectoryW
CopyFileW
FileTimeToSystemTime
RemoveDirectoryW
SetFileAttributesW
GetCurrentProcessId
GetTickCount
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RaiseException
RtlUnwind
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetTimeZoneInformation
GetFullPathNameW
GetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetDriveTypeA
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryW
InitializeCriticalSection
DeleteFileW
TerminateProcess
OpenProcess
MoveFileExW
CloseHandle
GetProcAddress
GetLastError
GetModuleHandleW
CreateMutexW
FlushInstructionCache

user32

GetCursorPos
SetWindowPos
RedrawWindow
SetWindowLongW
ReleaseDC
PeekMessageW
UnionRect
LoadIconW
RegisterClassExW
GetDC
GetClassInfoExW
BeginPaint
SetRectEmpty
GetClientRect
IsWindowEnabled
LoadCursorW
KillTimer
UnregisterClassW
SetCapture
ScreenToClient
SetTimer
DestroyWindow
EndPaint
MonitorFromPoint
UpdateLayeredWindow
IntersectRect
PtInRect
InflateRect
DrawTextW
CreateWindowExW
GetWindowLongW
ShowWindow
IsWindow
IsWindowVisible
GetMonitorInfoW
wvsprintfW
DefWindowProcW
IsRectEmpty
DispatchMessageW
TranslateMessage
GetMessageW
GetWindowThreadProcessId
FindWindowW
PostQuitMessage
GetWindowRect
IsIconic
ReleaseCapture
FillRect
SendMessageW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

gdi32

DeleteDC
CreateDIBSection
DeleteObject
GetStockObject
CreateCompatibleDC
GetTextExtentPoint32W
StretchBlt
SelectObject
SetBkMode
SetTextColor
BitBlt

advapi32

RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
SetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
GetSecurityDescriptorSacl
GetSidLengthRequired
SetEntriesInAclW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx

Sections

.text
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPDTStub.dll
.dll windows:5 windows x86 arch:x86

0f25773210b21604099c827c3096888e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\Bin\SGWPDTStub.pdb

Imports

kernel32

CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
SetEnvironmentVariableA
CreateFileA
GetDriveTypeA
FreeLibraryAndExitThread
Sleep
GetTickCount
SetEvent
CloseHandle
OpenEventW
CreateEventW
ResetEvent
WaitForSingleObject
GetLocalTime
LoadLibraryW
GetModuleHandleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetEndOfFile
SetStdHandle
FreeLibrary
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleHandleA
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
VirtualAlloc
WritePrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
InterlockedExchange
GetCurrentProcessId
InterlockedIncrement
CreateProcessW
GetCurrentProcess
OutputDebugStringW
WriteFile
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetCurrentThreadId
GetVersion
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
lstrcatW
lstrcpyW
CreateMutexW
OpenMutexW
ReleaseMutex
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
FindFirstFileW
FindClose
LocalAlloc
LocalFree
WideCharToMultiByte
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetLastError
SetLastError
CreateDirectoryW
GetFileAttributesW
FileTimeToSystemTime
FindResourceW
LoadResource
SizeofResource
ReadFile
LockResource
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
SetThreadPriority
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
IsBadReadPtr
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
CreateThread
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
ExitProcess
RtlUnwind
GetFileType
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedDecrement
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId
GetMessagePos
GetMessageTime
CheckMenuItem
DefWindowProcW
IsWindowEnabled
EnableWindow
FindWindowW
ClientToScreen
SetRectEmpty
GetDoubleClickTime
OffsetRect
IntersectRect
IsWindow
FindWindowExW
CallWindowProcW
GetSystemMetrics
IsRectEmpty
EndPaint
DestroyWindow
SetTimer
ScreenToClient
GetWindowRect
TrackPopupMenu
PostMessageW
KillTimer
GetParent
GetClientRect
DrawTextExW
BeginPaint
PtInRect
GetDC
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowLongW
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
CreateWindowExW
InsertMenuW
IsWindowVisible
wvsprintfW

gdi32

DeleteDC
SetTextColor
SetBkMode
BitBlt
CreateDIBSection
GetTextMetricsW
SetBkColor
DeleteObject
StretchBlt
GetObjectW
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx

shell32

ord68
SHGetFolderPathW
ShellExecuteW
SHAppBarMessage

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

Exports

Exports

CalendarStub_Install
CalendarStub_UnInstall
DTBKRenderStub_EnableDclHide
DTBKRenderStub_Install
DTBKRenderStub_SetExplorerHookNull
DTBKRenderStub_Uninstall

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sgcalend
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sgdtstub
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPDTStub64.dll
.dll windows:5 windows x64 arch:x64

5c2a43b20d842f85c905ababe2a46501

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\Bin\SGWPDTStub64.pdb

Imports

kernel32

CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
SetEnvironmentVariableA
CreateFileA
GetDriveTypeA
FreeLibraryAndExitThread
Sleep
GetTickCount
SetEvent
CloseHandle
OpenEventW
CreateEventW
ResetEvent
WaitForSingleObject
GetLocalTime
LoadLibraryW
GetModuleHandleW
WriteConsoleA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetEndOfFile
SetStdHandle
InitializeCriticalSectionAndSpinCount
FreeLibrary
GetModuleFileNameW
LoadLibraryA
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
IsValidCodePage
WritePrivateProfileStringW
InitializeCriticalSection
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
OutputDebugStringW
WriteFile
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetCurrentThreadId
GetVersion
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW
lstrcatW
lstrcpyW
CreateMutexW
OpenMutexW
ReleaseMutex
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
FindFirstFileW
FindClose
LocalAlloc
LocalFree
WideCharToMultiByte
MultiByteToWideChar
MapViewOfFile
UnmapViewOfFile
OpenFileMappingW
GetLastError
SetLastError
CreateDirectoryW
GetFileAttributesW
FileTimeToSystemTime
FindResourceW
LoadResource
SizeofResource
ReadFile
LockResource
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalHandle
SetThreadPriority
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
IsBadReadPtr
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
ExitProcess
RtlUnwindEx
GetFileType
RaiseException
RtlPcToFileHeader
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
GetWindowThreadProcessId
GetMessagePos
GetMessageTime
CheckMenuItem
DefWindowProcW
IsWindowEnabled
EnableWindow
FindWindowW
ClientToScreen
SetRectEmpty
GetDoubleClickTime
OffsetRect
IntersectRect
SetWindowLongW
IsWindow
FindWindowExW
CallWindowProcW
GetSystemMetrics
IsRectEmpty
EndPaint
DestroyWindow
SetTimer
ScreenToClient
GetWindowRect
TrackPopupMenu
PostMessageW
KillTimer
GetParent
GetClientRect
DrawTextExW
BeginPaint
PtInRect
GetDC
InvalidateRect
GetWindowLongW
ReleaseDC
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
CreateWindowExW
InsertMenuW
IsWindowVisible
SetWindowLongPtrW
wvsprintfW

gdi32

DeleteDC
SetTextColor
SetBkMode
BitBlt
CreateDIBSection
GetTextMetricsW
SetBkColor
DeleteObject
StretchBlt
GetObjectW
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
InitializeAcl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx

shell32

ord68
SHGetFolderPathW
ShellExecuteW
SHAppBarMessage

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msimg32

AlphaBlend

comctl32

_TrackMouseEvent

Exports

Exports

CalendarStub_Install
CalendarStub_UnInstall
DTBKRenderStub_EnableDclHide
DTBKRenderStub_Install
DTBKRenderStub_SetExplorerHookNull
DTBKRenderStub_Uninstall

Sections

.text
Size: 505KB - Virtual size: 504KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

sgcalend
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sgdtstub
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPDtSMan.exe
.exe windows:5 windows x86 arch:x86

fee628e5b5caca19262db5d7dd90c56e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_Game\bin\SGWPDtSMan.pdb

Imports

kernel32

GetStringTypeExW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
DebugBreak
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetLocalTime
CloseHandle
LockResource
GetProcAddress
GetLastError
lstrlenW
SizeofResource
Sleep
LoadResource
FreeLibrary
FindResourceW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
SetStdHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetDriveTypeW
FileTimeToLocalFileTime
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
FindResourceExW
CreateMutexW
InterlockedDecrement
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
SetThreadPriority
GlobalHandle
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetFileSizeEx
FlushInstructionCache
ResetEvent
GetTempPathW
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcessId
InterlockedIncrement
CreateProcessW
GetCurrentProcess
OutputDebugStringW
WriteFile
OpenProcess
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetSystemInfo
GetVersion
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrcatW
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSize
ReadFile
FlushFileBuffers
SetLastError
SetFileAttributesW
SetEndOfFile
MoveFileW
DosDateTimeToFileTime
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileType
FileTimeToSystemTime
GetFileInformationByHandle
SleepEx
GetVersionExA
GetTickCount
PeekNamedPipe
GetStdHandle
LoadLibraryA
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
MoveFileExW
CopyFileW
GetFileAttributesW
RemoveDirectoryW

user32

SetCapture
UnregisterClassW
SetRectEmpty
GetClassInfoExW
WaitMessage
TranslateMessage
LoadIconW
UnionRect
PeekMessageW
RedrawWindow
ReleaseCapture
DispatchMessageW
MonitorFromPoint
wvsprintfW
GetMessageW
ScreenToClient
DestroyWindow
SetCursor
FindWindowW
CharLowerBuffW
PostMessageW
GetSystemMetrics
SetTimer
DefWindowProcW
EnableWindow
ShowWindow
BeginPaint
IsWindowEnabled
CallWindowProcW
RegisterWindowMessageW
PostQuitMessage
EndPaint
IsRectEmpty
MoveWindow
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
FindWindowExW
IsWindow
GetCursorPos
OffsetRect
PtInRect
GetClientRect
GetWindowRect
UpdateLayeredWindow
CheckMenuItem
DestroyMenu
InsertMenuW
CreatePopupMenu
InflateRect
InsertMenuItemW
CreateMenu
SetForegroundWindow
TrackPopupMenu
ClientToScreen
ReleaseDC
IntersectRect
GetDC
SetWindowPos
SystemParametersInfoW
SendMessageW
SetFocus
DrawTextW
IsIconic
FillRect
KillTimer
CreateWindowExW
SetWindowLongW
RegisterClassExW
LoadCursorW
GetMonitorInfoW
AllowSetForegroundWindow
MonitorFromWindow
GetWindowLongW
GetForegroundWindow
AttachThreadInput

gdi32

StretchBlt
MoveToEx
GetTextExtentPoint32W
GetTextMetricsW
LineTo
SetTextColor
DeleteDC
GetStockObject
CreateSolidBrush
BitBlt
CreatePen
CreateCompatibleBitmap
GetObjectW
SetBkMode
CreateDIBSection
CreateFontW
CreateCompatibleDC
SelectObject
DeleteObject

shell32

SHAppBarMessage
SHGetFolderPathW
ShellExecuteW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW

winmm

PlaySoundW

ws2_32

socket
bind
recv
setsockopt
WSASetLastError
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
closesocket
getsockopt
WSAStartup
WSACleanup
getsockname

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord22
ord35
ord32
ord200
ord50

comctl32

_TrackMouseEvent

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

advapi32

CryptSetKeyParam
GetTokenInformation
RegQueryValueExW
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
OpenProcessToken
CryptAcquireContextW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl

ole32

CoTaskMemFree

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPDtSMan64.exe
.exe windows:5 windows x64 arch:x64

56907b155fb998aba8bd539a1bead35a

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\SGWallPaper_2.5.2_Game\bin\SGWPDtSMan64.pdb

Imports

kernel32

GetStringTypeExW
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
DebugBreak
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetLocalTime
CloseHandle
LockResource
GetProcAddress
GetLastError
lstrlenW
SizeofResource
Sleep
LoadResource
FreeLibrary
FindResourceW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetFullPathNameA
GetConsoleMode
GetConsoleCP
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
HeapCreate
HeapSetInformation
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetModuleFileNameA
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
GetCPInfo
RtlPcToFileHeader
RtlUnwindEx
ExitProcess
FindFirstFileA
GetDriveTypeA
GetDriveTypeW
FileTimeToLocalFileTime
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
GetSystemTimeAsFileTime
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
FindResourceExW
CreateMutexW
InterlockedPushEntrySList
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
SetThreadPriority
GlobalHandle
GlobalFree
GlobalUnlock
InitializeCriticalSection
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
CreateEventW
GetCurrentProcessId
CreateProcessW
GetCurrentProcess
OutputDebugStringW
WriteFile
OpenProcess
GetSystemDirectoryW
GetVersionExW
CreateFileW
GetSystemInfo
GetVersion
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrcatW
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
LocalFree
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetFileSize
ReadFile
FlushFileBuffers
SetLastError
SetFileAttributesW
SetEndOfFile
MoveFileW
DosDateTimeToFileTime
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileType
FileTimeToSystemTime
GetFileInformationByHandle
SleepEx
GetVersionExA
GetTickCount
PeekNamedPipe
GetStdHandle
LoadLibraryA
WaitForMultipleObjects
ExpandEnvironmentStringsA
FormatMessageA
MoveFileExW
CopyFileW
GetFileAttributesW
RemoveDirectoryW
GetTempPathW
ResetEvent
FlushInstructionCache
GetFileSizeEx
GlobalLock
GlobalAlloc

user32

SetCapture
UnregisterClassW
GetWindowLongPtrW
SetRectEmpty
GetClassInfoExW
WaitMessage
TranslateMessage
UnionRect
PeekMessageW
RedrawWindow
ReleaseCapture
DispatchMessageW
MonitorFromPoint
GetMessageW
ScreenToClient
DestroyWindow
SetCursor
FindWindowW
CharLowerBuffW
PostMessageW
GetSystemMetrics
SetTimer
DefWindowProcW
EnableWindow
ShowWindow
BeginPaint
IsWindowEnabled
CallWindowProcW
RegisterWindowMessageW
PostQuitMessage
EndPaint
IsRectEmpty
MoveWindow
GetWindowThreadProcessId
IsWindowVisible
MessageBoxW
FindWindowExW
IsWindow
GetCursorPos
OffsetRect
PtInRect
GetClientRect
GetWindowRect
UpdateLayeredWindow
CheckMenuItem
DestroyMenu
InsertMenuW
CreatePopupMenu
InflateRect
InsertMenuItemW
CreateMenu
SetForegroundWindow
TrackPopupMenu
ClientToScreen
ReleaseDC
IntersectRect
GetDC
SetWindowPos
SystemParametersInfoW
SendMessageW
SetFocus
DrawTextW
wvsprintfW
IsIconic
FillRect
KillTimer
SetWindowLongPtrW
CreateWindowExW
RegisterClassExW
LoadCursorW
GetMonitorInfoW
AllowSetForegroundWindow
MonitorFromWindow
GetForegroundWindow
AttachThreadInput

gdi32

StretchBlt
MoveToEx
GetTextExtentPoint32W
GetTextMetricsW
LineTo
SetTextColor
DeleteDC
GetStockObject
CreateSolidBrush
BitBlt
CreatePen
CreateCompatibleBitmap
GetObjectW
SetBkMode
CreateDIBSection
CreateFontW
CreateCompatibleDC
SelectObject
DeleteObject

shell32

SHAppBarMessage
SHGetFolderPathW
ShellExecuteW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathFileExistsW

winmm

PlaySoundW

ws2_32

socket
bind
recv
setsockopt
WSASetLastError
ntohs
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
closesocket
getsockopt
WSAStartup
WSACleanup
getsockname

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord22
ord35
ord32
ord200
ord50

comctl32

_TrackMouseEvent

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle

advapi32

CryptSetKeyParam
GetTokenInformation
RegQueryValueExW
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
RegOpenKeyExW
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptDecrypt
CryptDestroyKey
CryptEncrypt
CryptImportKey
CryptReleaseContext
OpenProcessToken
CryptAcquireContextW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl

ole32

CoTaskMemFree

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 338KB - Virtual size: 338KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPSheStub32.dll
.dll windows:5 windows x86 arch:x86

970fbd27ebb4cd26180f80e1a988863e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\SGWPSheStub32.pdb

Imports

kernel32

CopyFileW
GetLocalTime
SetEnvironmentVariableA
lstrlenW
lstrcpynW
WideCharToMultiByte
lstrcpynA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
RtlUnwind
LoadLibraryA
FreeLibrary
GetCurrentProcess
OutputDebugStringW
GetModuleHandleW
WriteFile
LoadLibraryW
GetVersionExW
GetProcAddress
GetCurrentThreadId
CloseHandle
GetVersion
MultiByteToWideChar
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetCommandLineA
HeapFree
HeapAlloc
GetFileAttributesW
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetStdHandle
GetModuleFileNameA
RaiseException
GetFullPathNameW
GetCurrentDirectoryA
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

InsertMenuItemW
GetMenuItemCount
SendMessageW
RemoveMenu
InsertMenuW
CreateMenu
LoadBitmapW
GetMenuStringW
SetMenuItemBitmaps
GetSubMenu
PostMessageW
DestroyMenu
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
LoadImageW
MessageBoxW

gdi32

GetObjectW
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW

Exports

Exports

CreateMyShellContextMenuEx
DestroyMyShellContextMenuEx

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPSheStub64.dll
.dll windows:5 windows x64 arch:x64

768460667214f0ea3778f35dfaea474c

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\SGWPSheStub64.pdb

Imports

kernel32

CopyFileW
GetLocalTime
SetEnvironmentVariableA
lstrlenW
lstrcpynW
WideCharToMultiByte
lstrcpynA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
LoadLibraryA
GetLocaleInfoA
FreeLibrary
GetCurrentProcess
OutputDebugStringW
GetModuleHandleW
WriteFile
LoadLibraryW
GetVersionExW
GetProcAddress
GetCurrentThreadId
CloseHandle
GetVersion
MultiByteToWideChar
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
FlsSetValue
GetCommandLineA
HeapFree
HeapAlloc
GetFileAttributesW
GetSystemTimeAsFileTime
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
GetFullPathNameW
GetCurrentDirectoryA
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection

user32

InsertMenuItemW
GetMenuItemCount
SendMessageW
RemoveMenu
InsertMenuW
CreateMenu
LoadBitmapW
GetMenuStringW
SetMenuItemBitmaps
GetSubMenu
PostMessageW
DestroyMenu
FindWindowW
GetWindowThreadProcessId
AllowSetForegroundWindow
IsWindow
GetForegroundWindow
AttachThreadInput
SetForegroundWindow
LoadImageW
MessageBoxW

gdi32

GetObjectW
DeleteObject

comdlg32

GetSaveFileNameW

advapi32

RegCloseKey
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFolderPathW

Exports

Exports

CreateMyShellContextMenuEx
DestroyMyShellContextMenuEx

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWPThemeMall.exe
.exe windows:5 windows x86 arch:x86

9074e23c8602faf081ad309f0e7ee2f6

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper\bin\SGWPThemeMall.pdb

Imports

kernel32

FreeLibrary
GetModuleHandleW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
LoadLibraryW
WaitForSingleObject
SetEvent
CreateEventW
InterlockedIncrement
InterlockedDecrement
Sleep
WaitForMultipleObjects
WritePrivateProfileStringW
GetTickCount
GetCurrentThreadId
DebugBreak
GetProcAddress
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
GetFullPathNameA
SetStdHandle
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapCreate
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetModuleFileNameA
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
RaiseException
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetDriveTypeW
FileTimeToLocalFileTime
HeapReAlloc
GetStartupInfoW
CreateThread
GetLastError
CreateMutexW
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GlobalHandle
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
GetModuleFileNameW
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcessId
WideCharToMultiByte
SetFilePointer
VirtualQuery
CreateProcessW
SetUnhandledExceptionFilter
GetCurrentProcess
OutputDebugStringW
WriteFile
FormatMessageW
TerminateProcess
CreateFileW
lstrlenW
GetLocalTime
lstrcatW
lstrcpyW
GetSystemDirectoryW
GetVersionExW
GetSystemInfo
GetVersion
DeleteFileW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
FindFirstFileW
FindClose
LocalAlloc
FindNextFileW
LocalFree
MultiByteToWideChar
OpenMutexW
ReleaseMutex
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
FlushFileBuffers
SetLastError
SetFileAttributesW
SetEndOfFile
MoveFileW
DosDateTimeToFileTime
SystemTimeToFileTime
CreateDirectoryW
SetFileTime
GetFileType
FileTimeToSystemTime
GetFileInformationByHandle
SleepEx
GetVersionExA
PeekNamedPipe
GetStdHandle
LoadLibraryA
ExpandEnvironmentStringsA
FormatMessageA
MoveFileExW
CopyFileW
GetFileAttributesW
RemoveDirectoryW
FlushInstructionCache
FindResourceW
LoadResource
SizeofResource
GetFileSizeEx
LockResource

user32

TranslateMessage
RegisterClassExW
LoadIconW
UnionRect
PeekMessageW
SetWindowLongW
RedrawWindow
CreateWindowExW
ReleaseCapture
SendMessageW
EnableWindow
DefWindowProcW
IsRectEmpty
WaitMessage
GetClassInfoExW
BeginPaint
SetRectEmpty
IsWindowEnabled
UpdateWindow
ShowWindow
FindWindowW
LoadCursorW
PostMessageW
IsWindow
MoveWindow
GetWindowThreadProcessId
GetSystemMetrics
MessageBoxW
SetWindowPos
SetFocus
GetClientRect
AnimateWindow
KillTimer
PostQuitMessage
GetWindowRect
SetTimer
ClientToScreen
PtInRect
ScreenToClient
GetCursorPos
ReleaseDC
GetDC
FillRect
DispatchMessageW
UpdateLayeredWindow
MonitorFromPoint
DrawTextW
UnregisterClassW
SetCapture
GetMessageW
DestroyWindow
EndPaint
IntersectRect
SetCursor
InflateRect
SystemParametersInfoW
IsIconic
wvsprintfW
GetMonitorInfoW
AllowSetForegroundWindow
IsWindowVisible
MonitorFromWindow
GetWindowLongW
GetForegroundWindow
AttachThreadInput
GetParent
SetForegroundWindow

gdi32

GetObjectW
CreateDIBSection
StretchBlt
CreateFontW
DeleteObject
CreatePen
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteDC
BitBlt
CreateSolidBrush
GetStockObject
SetBkMode
SetTextColor
LineTo
GetTextExtentPoint32W
MoveToEx

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
AddAccessAllowedAceEx
InitializeSecurityDescriptor
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptGetHashParam
CryptReleaseContext
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
GetSidLengthRequired
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeAcl
SetSecurityDescriptorDacl

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

shlwapi

PathAddBackslashW
SHDeleteKeyW
PathRemoveFileSpecW
StrCmpW

ws2_32

socket
bind
recv
setsockopt
getsockname
WSASetLastError
htons
WSAGetLastError
connect
WSAIoctl
getpeername
__WSAFDIsSet
closesocket
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
getsockopt
WSAStartup
WSACleanup
ntohs
select

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord35
ord32
ord200
ord50
ord22

comctl32

_TrackMouseEvent

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetCloseHandle

shell32

SHGetFolderPathW
ShellExecuteW

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 863KB - Virtual size: 863KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 651KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWallPaper.exe
.exe windows:5 windows x86 arch:x86

818b751afc61af0077900ed9f663d1a4

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_Game\bin\SGWallPaper.pdb

Imports

wininet

InternetSetOptionW
InternetErrorDlg
InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
HttpOpenRequestW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetQueryOptionW

kernel32

LocalFree
GetFileSize
GetTempPathW
LoadLibraryW
FreeLibrary
GetLastError
CreateMutexW
GetCurrentThread
GetDiskFreeSpaceExW
RemoveDirectoryW
GetProcAddress
ResetEvent
GetLocalTime
InterlockedCompareExchange
GetLongPathNameW
CreateFileW
WriteFile
WaitForMultipleObjects
Sleep
GetTickCount
OpenFileMappingW
CreateFileMappingW
IsBadWritePtr
UnmapViewOfFile
MapViewOfFile
FindNextFileW
FindClose
FindFirstFileW
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
CreateEventW
SetEvent
GetSystemInfo
InterlockedDecrement
InterlockedIncrement
CloseHandle
WaitForSingleObject
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetComputerNameW
DebugBreak
DeleteFileW
GetCurrentThreadId
GetModuleHandleW
ReadFile
FlushFileBuffers
SetLastError
VirtualProtect
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LocalAlloc
MoveFileW
GetStringTypeA
GetModuleHandleA
GetFullPathNameA
SetStdHandle
SetEndOfFile
lstrcpyW
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
SetHandleCount
HeapCreate
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
CompareStringW
CompareStringA
LCMapStringW
GetCPInfo
RaiseException
RtlUnwind
FindFirstFileA
GetDriveTypeA
GetStartupInfoW
ExitProcess
GetDriveTypeW
FileTimeToLocalFileTime
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
SetThreadPriority
GlobalHandle
GlobalFree
GlobalUnlock
GlobalAlloc
GlobalLock
LockResource
GetFileSizeEx
SizeofResource
LoadResource
FindResourceW
FlushInstructionCache
InterlockedExchange
GetFileAttributesW
CopyFileW
CreateDirectoryW
MoveFileExW
FormatMessageA
SetFileAttributesW
GetModuleFileNameW
ExpandEnvironmentStringsA
LoadLibraryA
GetStdHandle
PeekNamedPipe
GetVersionExA
SleepEx
GetSystemTime
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
SystemTimeToFileTime
lstrcatW
WritePrivateProfileStringW
WideCharToMultiByte
MultiByteToWideChar
CreateProcessW
GetCurrentProcess
OutputDebugStringW
GetSystemDirectoryW
GetVersionExW
GetVersion
OpenMutexW
ReleaseMutex
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
SetFilePointer
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
TerminateProcess
lstrlenW

user32

TranslateMessage
PeekMessageW
DispatchMessageW
SetCursor
RedrawWindow
wvsprintfW
LoadIconW
AttachThreadInput
GetWindowThreadProcessId
MessageBoxW
SetRectEmpty
UnregisterClassW
SetCapture
IsWindow
PtInRect
KillTimer
GetMessageW
EndPaint
PostMessageW
SetTimer
SendMessageW
GetCursorPos
FindWindowW
IsWindowEnabled
ScreenToClient
ReleaseDC
GetDC
FillRect
ShowWindow
WaitMessage
GetWindowRect
CallWindowProcW
ClientToScreen
IsWindowVisible
SetWindowPos
SetFocus
IsRectEmpty
GetSystemMetrics
DestroyIcon
DrawIconEx
LoadImageW
FindWindowExW
MoveWindow
DefWindowProcW
PostThreadMessageW
CreateWindowExW
SetWindowLongW
SystemParametersInfoW
GetWindowLongW
RegisterClassExW
GetClassInfoExW
LoadCursorW
GetParent
AnimateWindow
SetForegroundWindow
IsIconic
RegisterWindowMessageW
PostQuitMessage
LockWorkStation
DestroyWindow
IntersectRect
GetKeyState
GetMonitorInfoW
ReleaseCapture
UnionRect
GetClientRect
BeginPaint
GetForegroundWindow
MonitorFromWindow
AllowSetForegroundWindow
GetWindow
EnableWindow
MonitorFromPoint
UpdateWindow
EnumThreadWindows
GetClassNameW
OffsetRect
InflateRect
DrawTextW
UpdateLayeredWindow
WindowFromPoint
EnumDisplayMonitors
WaitForInputIdle
GetDesktopWindow

gdi32

GetTextMetricsW
LineTo
SetTextColor
SetBkMode
GetStockObject
GetDIBits
CreateSolidBrush
GetTextExtentPoint32W
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
BitBlt
CreateDIBSection
CreatePen
CreateFontW
GetObjectW
MoveToEx
StretchBlt
CreateCompatibleBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

SetSecurityInfo
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetEntriesInAclW
GetSidLengthRequired
GetSecurityDescriptorSacl
BuildExplicitAccessWithNameW
SetSecurityDescriptorSacl
CryptAcquireContextW
CryptSetKeyParam
CryptReleaseContext
CryptImportKey
CryptEncrypt
CryptDestroyKey
CryptDecrypt
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
InitializeAcl
GetNamedSecurityInfoW
SetNamedSecurityInfoW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAceEx
RegSetValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
ord68
SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteExW
SHBrowseForFolderW
SHChangeNotify
ShellExecuteW
Shell_NotifyIconW

ole32

OleCreate
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
StgCreateDocfile
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msimg32

AlphaBlend

shlwapi

PathFileExistsW
SHGetValueW

ws2_32

WSAIoctl
getpeername
__WSAFDIsSet
select
send
sendto
recvfrom
accept
listen
ioctlsocket
freeaddrinfo
getaddrinfo
gethostname
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord32
ord200

gdiplus

GdipCloneImage
GdipBitmapLockBits
GdipFree
GdipCreateBitmapFromScan0
GdipBitmapUnlockBits
GdipAlloc
GdipGetImageEncodersSize
GdipDisposeImage
GdipSaveImageToFile
GdiplusStartup
GdipGetImageEncoders

winhttp

WinHttpOpenRequest
WinHttpOpen
WinHttpQueryHeaders
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpReceiveResponse
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpConnect
WinHttpCloseHandle

comctl32

_TrackMouseEvent

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWallPaperDT.exe
.exe windows:5 windows x86 arch:x86

1f5cc2ae4172f976440d8fa4b058e59e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper\Bin\SGWallPaperDT.pdb

Imports

kernel32

CloseHandle
CreateMutexW
GetModuleHandleW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
IsBadReadPtr
CreateEventW
OpenFileMappingW
GetQueuedCompletionStatus
GetCurrentProcess
ReadDirectoryChangesW
CreateFileW
GetSystemInfo
CreateIoCompletionPort
GetFileAttributesW
ResetEvent
GetWindowsDirectoryW
CreateFileA
GetDriveTypeA
FindNextFileW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetTimeZoneInformation
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
GetModuleHandleA
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetTickCount
GetModuleFileNameA
GetStdHandle
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCurrentDirectoryA
GetFullPathNameW
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
LCMapStringA
CompareStringW
InitializeCriticalSection
FindClose
GetModuleFileNameW
GlobalSize
FindFirstFileW
GetProcAddress
LoadLibraryW
CreateDirectoryW
FreeLibrary
WritePrivateProfileStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
DeleteFileW
LockResource
GlobalFree
GlobalUnlock
SizeofResource
Sleep
GlobalAlloc
GlobalLock
CompareStringA
LCMapStringW
GetCPInfo
GetFileType
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
LoadResource
FindResourceW
FindResourceExW
lstrcmpiW
SetLastError
GetLastError
DebugBreak
HeapDestroy
FileTimeToSystemTime
GetTempPathW
SetFileAttributesW
FlushFileBuffers
LocalFree
LocalAlloc
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
lstrcpyW
GetCurrentProcessId
IsDebuggerPresent
lstrcatW
GetLocalTime
FormatMessageW
SetUnhandledExceptionFilter
VirtualQuery
SetFilePointer
ReleaseMutex
OpenMutexW
WaitForMultipleObjects
MultiByteToWideChar
GetStringTypeExW
WideCharToMultiByte
GetVersion
GetVersionExW
GetSystemDirectoryW
OpenProcess
WriteFile
CreateProcessW
GlobalHandle
GetFileSizeEx
ReadFile
InterlockedDecrement
InterlockedIncrement
FlushInstructionCache
GetCurrentThreadId
lstrlenW

user32

GetSystemMetrics
OpenClipboard
SetClipboardData
LoadImageW
FillRect
SetCursor
MonitorFromPoint
LoadCursorW
TrackPopupMenu
DrawTextW
InflateRect
GetMenuState
GetCursorPos
ShowWindow
CreatePopupMenu
GetMonitorInfoW
ScreenToClient
IsMenu
SetMenuItemBitmaps
GetMenuStringW
CreateMenu
InsertMenuItemW
GetWindowLongW
EnableMenuItem
GetMenuItemCount
InsertMenuW
SendMessageW
DestroyMenu
CheckMenuItem
wvsprintfW
GetKeyState
CharLowerBuffW
IntersectRect
UnionRect
ClientToScreen
SetFocus
PtInRect
DrawFocusRect
OffsetRect
IsWindow
MessageBoxW
GetWindowThreadProcessId
PostThreadMessageW
GetSysColor
SendInput
DrawIconEx
GetIconInfo
GetForegroundWindow
GetClassNameW
FindWindowExW
RegisterClipboardFormatW
DestroyIcon
GetMessageW
TranslateMessage
IsRectEmpty
DispatchMessageW
DestroyWindow
SetActiveWindow
SetForegroundWindow
FindWindowW
SetRectEmpty
RegisterClassExW
SystemParametersInfoW
SetWindowLongW
CreateWindowExW
EqualRect
DefWindowProcW
PostQuitMessage
RegisterWindowMessageW
ChangeClipboardChain
SetClipboardViewer
EndPaint
BeginPaint
GetDC
ReleaseDC
MoveWindow
UpdateLayeredWindow
SetTimer
GetWindowRect
KillTimer
GetClientRect
SetWindowPos
CloseClipboard
PostMessageW
GetSubMenu
GetFocus
GetDoubleClickTime
EmptyClipboard
RemoveMenu
GetActiveWindow
RedrawWindow
InvalidateRect
CallWindowProcW
EnableWindow
GetClassInfoExW
IsWindowVisible
ReleaseCapture
PeekMessageW
LoadIconW
WaitMessage
IsWindowEnabled
GetParent
UnregisterClassW
SetCapture
SetMenuDefaultItem

gdi32

CreateCompatibleDC
StretchBlt
GetBitmapBits
GetDeviceCaps
CreateFontIndirectW
GetObjectA
BitBlt
GetObjectW
CreateDIBSection
CreateFontW
DeleteDC
DeleteObject
SelectObject
CreateRectRgn
CombineRgn
RectInRegion
SelectClipRgn
CreatePen
GetStockObject
CreateCompatibleBitmap
SetBkMode
SetTextColor
LineTo
GetTextMetricsW
GetTextExtentPoint32W
MoveToEx

advapi32

InitializeAcl
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSidLengthRequired
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCreateKeyExW
RegNotifyChangeKeyValue
AddAccessAllowedAceEx

shell32

ord165
SHGetSpecialFolderPathW
ord644
ord4
ord645
ord2
DragQueryFileW
SHGetFolderLocation
SHAppBarMessage
SHCreateShellItem
SHFileOperationW
SHChangeNotify
ShellExecuteExW
ord43
ord25
ShellExecuteW
ord18
ord88
ord68
SHGetDesktopFolder
ord90
SHGetFileInfoW
SHGetFolderPathW
ord190
SHBindToParent

ole32

OleSetClipboard
CoCreateInstance
ReleaseStgMedium
CoInitialize
OleUninitialize
OleInitialize
CoUninitialize
OleGetClipboard
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoInitializeEx

oleaut32

SysFreeString
SysStringLen

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrRetToBufW
PathFileExistsW
PathIsDirectoryW

gdiplus

GdipSetStringFormatLineAlign
GdipDeleteFont
GdipGetFamily
GdipDeleteFontFamily
GdipGetFontSize
GdipGetEmHeight
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFromDC
GdiplusStartup
GdipCreateFontFromLogfontA
GdiplusShutdown
GdipDrawRectangleI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipCreateFromHDC
GdipAlloc
GdipCreateSolidFill
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdipDeleteBrush
GdipGetLineSpacing
GdipSetStringFormatAlign

comctl32

DrawShadowText
_TrackMouseEvent

oleacc

AccessibleChildren
AccessibleObjectFromWindow

wininet

InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 844KB - Virtual size: 843KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/SGWallPaperDT64.exe
.exe windows:5 windows x64 arch:x64

b0c492377e6947eac5381805d63bb5aa

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

e:\SGWallPaper\Bin\SGWallPaperDT64.pdb

Imports

kernel32

CloseHandle
CreateMutexW
GetModuleHandleW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
SetEvent
IsBadReadPtr
CreateEventW
OpenFileMappingW
GetQueuedCompletionStatus
GetCurrentProcess
ReadDirectoryChangesW
CreateFileW
GetSystemInfo
CreateIoCompletionPort
GetFileAttributesW
ResetEvent
GetWindowsDirectoryW
CreateFileA
GetDriveTypeA
FindNextFileW
GetConsoleOutputCP
WriteConsoleA
SetEnvironmentVariableA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeA
GetTimeZoneInformation
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetTickCount
GetStdHandle
HeapCreate
HeapSetInformation
IsValidCodePage
GetOEMCP
GetACP
GetCurrentDirectoryA
GetFullPathNameW
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
FindClose
GetModuleFileNameW
InitializeCriticalSection
GlobalSize
FindFirstFileW
GetProcAddress
LoadLibraryW
CreateDirectoryW
FreeLibrary
WritePrivateProfileStringW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
DeleteFileW
LockResource
GlobalFree
GlobalUnlock
SizeofResource
Sleep
GlobalAlloc
GlobalLock
EncodePointer
GetStringTypeW
LCMapStringA
CompareStringW
CompareStringA
LCMapStringW
GetCPInfo
RtlPcToFileHeader
GetFileType
RtlUnwindEx
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
GetSystemTimeAsFileTime
GetDriveTypeW
FileTimeToLocalFileTime
UnhandledExceptionFilter
TerminateProcess
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
RaiseException
GetProcessHeap
HeapSize
LoadResource
FindResourceW
FindResourceExW
lstrcmpiW
SetLastError
GetLastError
DebugBreak
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FileTimeToSystemTime
GetTempPathW
SetFileAttributesW
FlushFileBuffers
LocalFree
LocalAlloc
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
lstrcpyW
GetCurrentProcessId
IsDebuggerPresent
lstrcatW
GetLocalTime
RtlLookupFunctionEntry
FormatMessageW
RtlVirtualUnwind
SetUnhandledExceptionFilter
VirtualQuery
RtlCaptureContext
SetFilePointer
GetStringTypeExW
ReleaseMutex
OpenMutexW
WaitForMultipleObjects
MultiByteToWideChar
WideCharToMultiByte
GetVersion
GetVersionExW
GetSystemDirectoryW
OpenProcess
WriteFile
CreateProcessW
GlobalHandle
GetFileSizeEx
ReadFile
GetCurrentThreadId
lstrlenW
GetModuleFileNameA
FlushInstructionCache

user32

GetSystemMetrics
OpenClipboard
SetClipboardData
LoadCursorW
LoadImageW
SetCursor
MonitorFromPoint
TrackPopupMenu
FillRect
DrawTextW
GetCursorPos
ShowWindow
CreatePopupMenu
GetMonitorInfoW
ScreenToClient
IsMenu
SetMenuItemBitmaps
GetMenuStringW
GetWindowLongPtrW
CreateMenu
InsertMenuItemW
EnableMenuItem
GetMenuItemCount
InsertMenuW
SendMessageW
DestroyMenu
CheckMenuItem
wvsprintfW
GetKeyState
CharLowerBuffW
IntersectRect
UnionRect
ClientToScreen
SetFocus
PtInRect
DrawFocusRect
OffsetRect
IsWindow
MessageBoxW
GetWindowThreadProcessId
IsRectEmpty
GetSysColor
SendInput
DrawIconEx
GetIconInfo
GetForegroundWindow
GetClassNameW
FindWindowExW
RegisterClipboardFormatW
DestroyIcon
GetMessageW
TranslateMessage
PostThreadMessageW
DispatchMessageW
DestroyWindow
SetActiveWindow
SetForegroundWindow
FindWindowW
SetRectEmpty
RegisterClassExW
SystemParametersInfoW
CreateWindowExW
EqualRect
SetWindowLongPtrW
DefWindowProcW
PostQuitMessage
RegisterWindowMessageW
ChangeClipboardChain
SetClipboardViewer
EndPaint
BeginPaint
GetDC
ReleaseDC
MoveWindow
UpdateLayeredWindow
SetTimer
GetWindowRect
KillTimer
GetClientRect
SetWindowPos
CloseClipboard
PostMessageW
GetSubMenu
GetFocus
GetDoubleClickTime
EmptyClipboard
RemoveMenu
GetActiveWindow
RedrawWindow
InvalidateRect
CallWindowProcW
EnableWindow
GetClassInfoExW
IsWindowVisible
ReleaseCapture
PeekMessageW
LoadIconW
WaitMessage
IsWindowEnabled
GetParent
UnregisterClassW
SetCapture
SetMenuDefaultItem
GetMenuState

gdi32

DeleteObject
StretchBlt
GetBitmapBits
GetDeviceCaps
CreateFontIndirectW
GetObjectA
BitBlt
GetObjectW
CreateDIBSection
CreateFontW
DeleteDC
SelectObject
CreateCompatibleDC
CreateRectRgn
CombineRgn
RectInRegion
SelectClipRgn
CreatePen
GetStockObject
CreateCompatibleBitmap
SetBkMode
SetTextColor
LineTo
GetTextMetricsW
GetTextExtentPoint32W
MoveToEx

advapi32

InitializeAcl
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
GetSidLengthRequired
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
InitializeSecurityDescriptor
GetTokenInformation
DuplicateTokenEx
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
RegCreateKeyExW
RegNotifyChangeKeyValue
AddAccessAllowedAceEx

shell32

SHGetSpecialFolderPathW
ord644
ord4
ord645
ord2
DragQueryFileW
SHGetFolderPathW
SHAppBarMessage
SHGetDesktopFolder
ord165
SHFileOperationW
SHChangeNotify
ShellExecuteExW
ord43
ord25
ShellExecuteW
ord18
ord88
SHGetFolderLocation
ord68
SHCreateShellItem
SHGetFileInfoW
SHBindToParent
ord90
ord190

ole32

OleSetClipboard
CoCreateInstance
ReleaseStgMedium
CoInitialize
OleUninitialize
OleInitialize
CoUninitialize
OleGetClipboard
CoTaskMemFree
RevokeDragDrop
RegisterDragDrop
CoInitializeEx

oleaut32

SysStringLen
SysFreeString

msimg32

AlphaBlend

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

StrRetToBufW
PathFileExistsW
PathIsDirectoryW

gdiplus

GdipSetStringFormatLineAlign
GdipDeleteFont
GdipSetStringFormatAlign
GdipGetFamily
GdipDeleteFontFamily
GdipGetLineSpacing
GdipCreateStringFormat
GdipGetEmHeight
GdipCreateFontFromDC
GdiplusStartup
GdipCreateFontFromLogfontA
GdiplusShutdown
GdipDrawRectangleI
GdipCreatePen1
GdipDrawLineI
GdipFillRectangleI
GdipCreateFromHDC
GdipAlloc
GdipCreateSolidFill
GdipDeleteGraphics
GdipCloneBrush
GdipDeletePen
GdipFree
GdipDeleteBrush
GdipDeleteStringFormat
GdipGetFontSize

comctl32

DrawShadowText
_TrackMouseEvent

oleacc

AccessibleChildren
AccessibleObjectFromWindow

wininet

InternetOpenUrlW
InternetSetOptionW
InternetCloseHandle
InternetOpenW

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/ZipLib.dll
.dll windows:5 windows x86 arch:x86

3a66351d63cefec54e84e7d49764aa2e

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileW
GetTempPathA
DeleteFileA
CreateFileA
lstrcpynA
HeapAlloc
GetCurrentProcess
HeapFree
WaitForSingleObject
GetProcessHeap
GetDriveTypeA
InitializeCriticalSection
GetVolumeInformationA
LeaveCriticalSection
InterlockedExchange
EnterCriticalSection
CreateMutexA
ReleaseMutex
CloseHandle
GetFullPathNameA
GetFileAttributesA
FileTimeToSystemTime
FindFirstFileA
GetFileType
RemoveDirectoryW
FileTimeToLocalFileTime
GetVersion
FindNextFileA
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
lstrlenA
lstrcmpiA
DosDateTimeToFileTime
SetVolumeLabelA
SetFilePointer
GetLocaleInfoA
SetEndOfFile
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
GetLocalTime
LocalFileTimeToFileTime
lstrcpyA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FindClose
GetLastError
GetTempPathW
MultiByteToWideChar
CopyFileW
WideCharToMultiByte
CreateDirectoryW
MoveFileExW
FindFirstFileW
RemoveDirectoryA
CreateDirectoryA
GetFileTime
TerminateProcess
SetEnvironmentVariableW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
MoveFileA
SetStdHandle
GetFileInformationByHandle
PeekNamedPipe
HeapReAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
RaiseException
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
VirtualAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
ReadFile
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LoadLibraryA
HeapSize
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW

user32

OemToCharA
CharToOemA

advapi32

GetSecurityDescriptorGroup
IsValidSecurityDescriptor
GetSecurityDescriptorSacl
IsValidSid
GetSecurityDescriptorOwner
SetKernelObjectSecurity
GetSecurityDescriptorControl
IsValidAcl
AdjustTokenPrivileges
GetSecurityDescriptorLength
LookupPrivilegeValueA
GetKernelObjectSecurity
OpenProcessToken
GetSecurityDescriptorDacl

Exports

Exports

FreeUnzipBuf
GetDllVersionA
PrepareUnzipFile
SetZipLevel
UnZip
UnZip2
UnZipEx
UnZipEx2
UnZipFile
ZipFolder
ZipFolderEx

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 325KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
2.5.2.2509/crashrpt.exe
.exe windows:5 windows x86 arch:x86

fcb24bb508c40bd5463bcf94fe49dd24

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\code\SGWPTool\SGWPCrashRpt\bin\crashrpt.pdb

Imports

kernel32

GetLastError
CreateMutexW
CloseHandle
CreateFileW
GetModuleFileNameW
ReadFile
Sleep
GetFileSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
GetProcessHeap
SetEndOfFile
FileTimeToDosDateTime
FindFirstFileW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SystemTimeToFileTime
GetCurrentProcess
WriteFile
WideCharToMultiByte
FileTimeToSystemTime
FindClose
GetLocalTime
GetFileType
CreateFileMappingW
FindNextFileW
GetFileInformationByHandle
GetSystemTime
FreeLibrary
LoadLibraryW
GetProcAddress
MultiByteToWideChar
GetModuleHandleW
GetSystemInfo
GetSystemDirectoryW
GetVersionExW
CreateDirectoryW
CopyFileW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
HeapFree
HeapAlloc
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetConsoleCP
GetConsoleMode
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

HttpQueryInfoW
InternetSetOptionW
InternetSetOptionA
HttpOpenRequestA
InternetOpenUrlW
InternetConnectA
InternetOpenW
HttpEndRequestA
HttpAddRequestHeadersA
InternetOpenA
HttpSendRequestA
InternetCloseHandle
InternetReadFile

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SGWPBoot.exe
.exe windows:5 windows x86 arch:x86

699b10a17b447a68ffe65f81ba480dd1

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SGWallPaper_2.5.2_GW\bin\SGWPBoot.pdb

Imports

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

kernel32

GetCurrentProcess
OutputDebugStringW
WriteFile
LoadLibraryW
GetModuleFileNameW
GetCurrentThreadId
CloseHandle
FindFirstFileW
GetFileAttributesW
FileTimeToSystemTime
GetLastError
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetStartupInfoW
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
RaiseException
GetFullPathNameW
GetCurrentDirectoryA
LCMapStringA
LCMapStringW
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileA
FlushFileBuffers
FreeLibrary
GetSystemInfo
GetProcAddress
GetModuleHandleW
ExitProcess

shell32

ShellExecuteW

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 756KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/HWSignature.dll
.dll windows:5 windows x86 arch:x86

02a9058c889f86b891a63b683ab98a79

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\HWSignature.pdb

Imports

ws2_32

WSAStartup

kernel32

DeleteCriticalSection
CreateFileA
HeapAlloc
HeapFree
GetProcessHeap
GetSystemDirectoryA
lstrcatA
CopyFileA
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
GlobalAlloc
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryA
LocalAlloc
GetVersionExA
LocalFree
HeapReAlloc
GetTickCount
SetLastError
GlobalFree
FlushFileBuffers
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

wsprintfA
IsCharAlphaNumericA

Exports

Exports

DLLGenHWID
GenHWID

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupLib.dll
.dll windows:5 windows x86 arch:x86

10a4a1e2cb0e3bd7ed25c98676561f36

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

25/06/2012, 00:00

Not After

24/08/2015, 23:59

Subject

CN=Sogou.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Desktop,O=Sogou.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SGWallPaper\bin\SetupLib.pdb

Imports

shlwapi

PathFileExistsW
StrToIntW
PathIsDirectoryW
SHGetValueW
StrStrIW

kernel32

ReadFile
FlushFileBuffers
SetFileAttributesW
lstrcpyW
InitializeCriticalSectionAndSpinCount
Sleep
DebugBreak
GetCurrentProcessId
DeleteFileW
CloseHandle
GetDiskFreeSpaceExW
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
DeviceIoControl
Process32FirstW
GlobalFree
EnterCriticalSection
GetProcAddress
SetLastError
GetLastError
RaiseException
FlushInstructionCache
lstrlenW
MultiByteToWideChar
CreateFileW
LeaveCriticalSection
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
OpenProcess
WriteFile
OutputDebugStringW
WaitForSingleObject
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetDriveTypeW
lstrlenA
SetEndOfFile
SetFilePointer
SuspendThread
GetThreadContext
SetThreadContext
ResumeThread
VirtualProtect
SetEnvironmentVariableA
LocalFree
FindNextFileW
CompareStringW
CompareStringA
CreateFileA
WriteConsoleW
FindClose
FindFirstFileW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
SetStdHandle
GetFullPathNameA
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetModuleFileNameA
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
CreateThread
ExitThread
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
InterlockedExchange
RemoveDirectoryW
GetFileAttributesW
CreateDirectoryW
FormatMessageA
ExpandEnvironmentStringsA
WaitForMultipleObjects
LoadLibraryA
GetStdHandle
PeekNamedPipe
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
SleepEx
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
GetModuleHandleW
GetCurrentThread
GetTickCount
GetVersionExW
TerminateProcess
GetModuleFileNameW
CreateProcessW
GetSystemDirectoryW
GetSystemInfo
lstrcatW
VirtualQuery
SetUnhandledExceptionFilter
FormatMessageW
GetLocalTime

user32

CreateWindowExW
FindWindowExW
IsWindow
LoadStringW
SetWindowLongW
GetDlgItem
ReleaseDC
GetWindowLongW
RegisterClassExW
GetDC
GetClassInfoExW
FindWindowW
LoadCursorW
wvsprintfW
CharNextW
DestroyWindow
MoveWindow
SetWindowTextW
EnableWindow
GetDlgItemTextW
SetWindowPos
GetWindowTextW
GetParent
KillTimer
PostMessageW
GetWindowRect
SetTimer
GetWindowTextLengthW
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
GetSystemMenu
GetDlgCtrlID
MessageBoxW
GetCursorPos
SetClassLongW
InvalidateRect
OffsetRect
PtInRect
GetClientRect
TrackMouseEvent
ScreenToClient
IsWindowVisible
UnregisterClassA
RemovePropW
MonitorFromPoint
IntersectRect
UnionRect
GetSystemMetrics
GetWindowThreadProcessId
UpdateLayeredWindow
GetFocus
DrawTextW
GetDesktopWindow
ClientToScreen
SetCursor
PostQuitMessage
IsIconic
SetCapture
GetKeyState
SetDlgItemTextW
SendMessageW
SetPropW
ReleaseCapture
GetPropW
EndPaint
FillRect
LoadImageW
BeginPaint
CallWindowProcW
DefWindowProcW
GetSysColorBrush
MessageBoxIndirectW
ShowWindow
LoadIconW
SetFocus
SetParent
SetForegroundWindow
SystemParametersInfoW
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
TranslateMessage
GetMessageW
IsWindowEnabled
CopyRect

gdi32

GetFontData
CreateDIBSection
BitBlt
SetViewportOrgEx
DeleteDC
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
CreatePen
GetObjectW
GetTextExtentExPointW
SelectObject
DeleteObject
SetBkMode
SetBkColor
CreateFontIndirectW
SetTextColor
LineTo
MoveToEx

advapi32

RegCloseKey
GetLengthSid
RegOpenKeyExW
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserW
OpenProcessToken
BuildExplicitAccessWithNameW
CryptReleaseContext
CryptGetHashParam
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
CryptHashData
SetEntriesInAclW
RegQueryValueExW
GetTokenInformation
AllocateAndInitializeSid
FreeSid
CheckTokenMembership
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
OleDraw
CoInitialize
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysStringLen
GetErrorInfo

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

AlphaBlend

psapi

GetModuleBaseNameW

ws2_32

gethostname
getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
recvfrom
sendto
send
select
__WSAFDIsSet
getpeername
WSAIoctl
connect
WSAGetLastError
htons
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
WSAStartup
WSACleanup

wldap32

ord46
ord211
ord301
ord27
ord33
ord79
ord30
ord60
ord26
ord41
ord143
ord50
ord22
ord35
ord200
ord32

wininet

InternetOpenUrlW
InternetOpenW
InternetSetOptionW
InternetCloseHandle

Exports

Exports

AddAccess
AddAppToFireWall
AttachProgressBar
CheckAccess
CheckMainWndVisible
CreateCheckBox
CreateStatic
CreateStaticLink
ExecMedium
ExecShellWait
ExitAllProcess
GetAssignedFormatID
GetAssignedWideID
GetAutoKey
GetAutoValue
GetBtnClicked
GetCheckBoxState
GetFeedBackContact
GetFeedBackReason
GetHWID
GetInstallPath
GetMyPixel
GetPPName
GetRealSize
GuiInitAndAttach
HideChildWindows
InitInstallPath
InitResource
LoadAutoKeyValueFromFile
ModifyInstDir
MonitorCheckBox
MonitorSize
MonitorUninstallCompleted
OnAbort
OnPageLeave
OnPagePre
OnPageShow
Ping
PingBackAnotherThread
RemoveFireWall
RunAsMedium
SaveAutoKeyValueToFile
SetCheckBoxState
SetEditToMultiLine
SetReadSecond
SetReadSecondSimple
URLEncode
UnGuiInitAndAttach
UnPinQuickLauch
UpdateUserRcmd
curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape

Sections

.text
Size: 764KB - Virtual size: 764KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetupUI.cupf
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 996KB

.rsrc Size: 35KB - Virtual size: 34KB

2b6a9512f2a7a723c41306b2f3e550f8

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9dCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 58KB - Virtual size: 57KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 7KB

804fa8851d4abfd302d5f3c7aeccb16b

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 996KB

.rsrc
Size: 35KB - Virtual size: 34KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 58KB - Virtual size: 57KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 7KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

59:b9:5d:55:8c:2d:cc:52:35:72:e3:f8:f9:a5:f7:9d
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB