SecuriteInfo[.]com[.]Trojan-PSW[.]MSIL[.]BlackGuard[.]c[.]4[.]3630[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.Trojan-PSW.MSIL.BlackGuard.c.4.3630.exe
Size

6.5MB
MD5

2b82b5601d49184917fb44181c63f594
SHA1

0a52dd49e721a5fe8c86a034c94a6348f1de952a
SHA256

3be37af297b190efb8db29422fb9f74e329db481d55065731a669834daa8a449
SHA512

24818cc1af978c7bb967a39210b544e565a7be5aaa7350793317a850ce4ed212828ae8a8c2482e1edf782d6d571e2f4117ceff93a93c9c12262832f9231ebbf8
SSDEEP

196608:k3Q9SA7QYtLXMnB4lT2MqJctbVNtCxZeSUgj:k3Q9SA8wO4lTYJc9VNtn2j

Score

3^/10

Malware Config

Signatures

Unsigned PE 12 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/components/IBitCometExtension.dll
unpack001/$PLUGINSDIR/BcNsisHelper.dll
unpack001/$PLUGINSDIR/CometBird_Downloader_win32.exe
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/InstallOptionsEx.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack003/components/IBitCometExtension.dll
unpack001/$PLUGINSDIR/nsisunz.dll
unpack001/$_6_/plugins/npBitCometAgent.dll
unpack001/dbghelp.dll
unpack001/tools/npBitCometAgent.dll

Files

SecuriteInfo.com.Trojan-PSW.MSIL.BlackGuard.c.4.3630.exe
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-12-2009 00:00

Not After

30-11-2012 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b0:4c:3e:e5:a4:ce:d4:96:83:f2:ce:a0:6b:19:37:72:b4:56:fe:e6
Signer

Actual PE Digest

b0:4c:3e:e5:a4:ce:d4:96:83:f2:ce:a0:6b:19:37:72:b4:56:fe:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 852KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/extensions/staged-xpis/{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}/bitcomet_extension_signed.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/content/bc_context_menu.js
.js
chrome/content/bc_context_menu.xul
.xml
chrome/content/bc_media_capture.js
.js
chrome/content/bc_media_capture.xul
.xml
chrome/content/unknownContentTypeSaveAs.js
.js
chrome/content/unknownContentTypeSaveAs.xul
chrome/locale/en-US/bc_context_menu.dtd
chrome/locale/en-US/bc_media_capture.dtd
chrome/locale/en-US/bc_media_capture.properties
chrome/locale/zh-CN/bc_context_menu.dtd
chrome/locale/zh-CN/bc_media_capture.dtd
chrome/locale/zh-CN/bc_media_capture.properties
chrome/skin/download_all.png
.png
chrome/skin/download_link.png
.png
chrome/skin/download_media.png
.png
chrome/skin/icon.png
.png
components/IBitCometExtension.dll
.dll windows:4 windows x86 arch:x86

5ed73059b1b5f0698edf1b5bc65ee434

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometExtension_Firefox\app\Release_unicode\BitCometExtension_Firefox.pdb

Imports

xpcom

NS_GetComponentManager
NS_Alloc
NS_GetServiceManager
NS_Free
NS_StringContainerInit
NS_CStringSetData
NS_CStringGetData
NS_StringContainerFinish
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringSetData

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

kernel32

GetFullPathNameA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
MultiByteToWideChar
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapSize
LoadLibraryA
GetLocaleInfoW
FreeLibrary
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
GetSystemTime
GetSystemInfo
WaitForSingleObject
GetVersion
GlobalMemoryStatus
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ExpandEnvironmentStringsW
ReleaseMutex
FormatMessageW
GetTempPathW
GetEnvironmentVariableW
GetModuleHandleW
SetEnvironmentVariableW
GetModuleFileNameW
GetDriveTypeW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
GetTempFileNameW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
ReadFile
GetDriveTypeA
GetCurrentDirectoryA
MoveFileW
GetFullPathNameW
DeleteFileW
CreateMutexA
lstrcpynW
lstrcpyW
SetEvent
CloseHandle
CreateEventA
FindFirstFileA
CreateFileA

user32

DdeFreeStringHandle
DdeQueryStringW
DdeUninitialize
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeGetLastError
DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
GetWindowTextW
EnumThreadWindows
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
DdePostAdvise
wsprintfW

advapi32

RegisterEventSourceA
RegQueryValueExW
DeregisterEventSource
ReportEventA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

NSGetModule

Sections

.text
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/IBitCometExtension.xpt
defaults/preferences/bc_context_menu.js
install.rdf
readme.txt
$PLUGINSDIR/BcNsisHelper.dll
.dll windows:4 windows x86 arch:x86

f5a0fe33f889c1e6367a9c81477d02f1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetConsoleCP
GetConsoleMode
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
CreateFileA
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileTime
GetDriveTypeA
FormatMessageA
GetCurrentDirectoryA
OutputDebugStringW
GetWindowsDirectoryW
SetCurrentDirectoryW
GetTempFileNameW
GetTempPathW
SetEnvironmentVariableW
GetEnvironmentVariableW
ExpandEnvironmentStringsW
InterlockedCompareExchange
GetFileAttributesW
FileTimeToLocalFileTime
GetTickCount
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DeleteFileW
MoveFileW
FileTimeToSystemTime
lstrlenA
GlobalFlags
GetModuleHandleA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetThreadLocale
FreeResource
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
InterlockedIncrement
InterlockedDecrement
RaiseException
GlobalFree
CopyFileW
FormatMessageW
LocalFree
MulDiv
GlobalUnlock
GetCurrentProcessId
GlobalGetAtomNameW
GlobalAddAtomW
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameW
GetVersion
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
lstrlenW
GetModuleHandleW
GetVersionExW
OpenProcess
GetCurrentProcess
GetPrivateProfileSectionNamesW
GetProcAddress
FreeLibrary
LoadLibraryW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
WritePrivateProfileStringW
CloseHandle
GetLastError
CreateMutexW
WaitForSingleObject
SetEnvironmentVariableA
WideCharToMultiByte

user32

MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatW
CharUpperW
LoadCursorW
GetSysColorBrush
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnregisterClassW
CharNextW
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
IsChild
GetClassLongW
SetPropW
GetPropW
RemovePropW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
RegisterWindowMessageW
IsWindow
FindWindowW
SendMessageW
GetWindowLongW
DdePostAdvise
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
PtInRect
DefWindowProcW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
SetCapture
InvalidateRgn
PostThreadMessageW
GetForegroundWindow
DdeConnect
DdeNameService
DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeInitializeW
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
UnregisterClassA
GetShellWindow
GetWindowThreadProcessId
EnableWindow
GetClientRect
PostQuitMessage
PostMessageW
TranslateAcceleratorW
ShowWindow
GetWindow
GetDesktopWindow
SetMenu
BringWindowToTop
GetLastActivePopup
CopyRect
SetRectEmpty
OffsetRect
GrayStringW
IntersectRect
GetClassInfoW
CreatePopupMenu
ReleaseDC
GetDC
GetWindowRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
MessageBoxW
UnhookWindowsHookEx
ShowOwnedPopups
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowTextW
MoveWindow
SetWindowTextW
IsDialogMessageW
SendDlgItemMessageW
GetClassNameW
GetSysColor
UnpackDDElParam
GetMenuItemCount
GetMenuItemID
GetSubMenu
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetWindowPos
SetFocus
GetActiveWindow
IsWindowEnabled
GetFocus
EqualRect
GetDlgItem
SetWindowLongW
GetKeyState
GetDlgCtrlID
GetMenu
LoadIconW
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
LoadAcceleratorsW
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
UpdateWindow
IsIconic
InsertMenuItemW

gdi32

CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
GetMapMode
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
SetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
CreateCompatibleBitmap
CreateCompatibleDC
CreateBitmap
GetDeviceCaps
CreateRectRgnIndirect
GetRgnBox
GetClipBox
SetTextColor
SetBkColor
GetObjectW
GetStockObject
GetBkColor
GetTextColor
SaveDC
RestoreDC
SetBkMode
SetMapMode
DeleteObject
ScaleViewportExtEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
LookupAccountSidW
GetTokenInformation
RegSetValueExW
RegCloseKey
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

DragQueryFileW
DragFinish
SHGetFolderPathW
SHCreateDirectoryExW
ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

shlwapi

PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CoRevokeClassObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize
CoRegisterMessageFilter
OleFlushClipboard

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate

userenv

UnloadUserProfile
LoadUserProfileW

Exports

Exports

AddToWindowsFirewall
ExecElevatedAndWait
ExecNonElevated
FixInstallerCompatibleWarning
GetBrowserPath
GetCurrentDateString
GetElevationInfo
GetEmuleConfigPath
GetFirefoxCurrentProfilePath
GetUserLanguagePath
IsDateLaterThanSomeMonths
IsHomePageAlreadySet
IsRunningElevated
IsSystemVista
NavigateInBrowser
NavigateWebPageHide
SendBCCloseMessage
SetBrowserHomePage
UpgradeFirefoxPlugin
WriteMaxthonINI

Sections

.text
Size: 516KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BitComet_stats.exe
.exe windows:4 windows x86 arch:x86

85c5153892863e50749ae0b816c52411

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2007 00:00

Not After

12-11-2009 23:59

Subject

CN=Comet Network Technology Co Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comet Network Technology Co Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1
Signer

Actual PE Digest

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalHandle
LockResource
LoadResource
MultiByteToWideChar
lstrlenA
FreeLibrary
SizeofResource
LoadLibraryExW
GetModuleHandleW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GlobalFree
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
lstrcmpiW
FindResourceW
DebugBreak
GetModuleHandleA
HeapReAlloc
GetStartupInfoW
ExitProcess
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetLastError
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
MulDiv
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
HeapSize
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
RaiseException

user32

GetWindow
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
FillRect
ReleaseCapture
GetClassNameW
GetParent
IsChild
GetFocus
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
SetWindowPos
MoveWindow
CharNextW
GetSysColor
RegisterWindowMessageW
IsWindow
CreateAcceleratorTableW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CreateDialogIndirectParamW
MapDialogRect
MessageBoxExW
SetWindowContextHelpId
SetCapture
SendDlgItemMessageW
GetClassInfoExW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DefWindowProcW
SendMessageW
IsDialogMessageW
GetDlgItem
KillTimer
SetTimer
GetWindowLongW
SetWindowLongW
DestroyWindow
PostQuitMessage
CreateWindowExW
UnregisterClassA

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject

advapi32

RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SysAllocString
SysAllocStringLen
VariantClear
VariantInit
SysFreeString
SysStringLen
DispCallFunc

comctl32

InitCommonControlsEx

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/CometBird_Downloader_win32.exe
.exe windows:4 windows x86 arch:x86

fe5c24bef0fcbf33f0f0520235fef274

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
GetLocaleInfoW
FreeLibrary
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleW
GetSystemInfo
WaitForSingleObject
GlobalMemoryStatus
GetVersionExW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
GetSystemTime
CreateFileW
ReadFile
SetEndOfFile
GetFileSize
GetLocalTime
SetThreadPriority
lstrcatW
lstrlenW
CreateProcessW
OutputDebugStringW
FileTimeToLocalFileTime
FileTimeToDosDateTime
VirtualQuery
lstrcpyW
GetVersion
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
ReleaseMutex
CreateMutexA
ResetEvent
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
ExitThread
GetProcAddress
LoadLibraryW
GetLastError
CreateMutexW
GetSystemDefaultLangID
GetCommandLineW
SetEvent
CloseHandle
GetCurrentProcessId
CreateEventA
GetFileAttributesExW
CreateThread

user32

DestroyWindow
TranslateMessage
GetMessageW
LoadIconW
KillTimer
SetTimer
MessageBoxExW
PostMessageW
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW
wvsprintfW
DispatchMessageW
LoadCursorW
RegisterClassExW
CreateWindowExW
DefWindowProcW
RegisterWindowMessageW
MessageBoxW
ShowWindow

shell32

ShellExecuteExW
Shell_NotifyIconW

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
GetUserNameW
AdjustTokenPrivileges
OpenProcessToken

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

Sections

.text
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 327KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GoogleToolbarInstaller_download_signed.exe
.exe windows:4 windows x86 arch:x86

e98766cda304a4f46c928a931a1c8967

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-06-2007 00:00

Not After

18-06-2010 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:6e:26:b6:b7:8d:a1:49:b2:ba:56:d1:b5:a1:bd:9f:1f:a0:28:ec
Signer

Actual PE Digest

fa:6e:26:b6:b7:8d:a1:49:b2:ba:56:d1:b5:a1:bd:9f:1f:a0:28:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

EndDialog

crypt32

CertFreeCertificateChain

urlmon

RegisterBindStatusCallback

version

VerQueryValueW

wintrust

WinVerifyTrust

wininet

InternetOpenUrlW

advapi32

GetAce

ole32

CoUninitialize

shell32

ShellExecuteExW

oleaut32

VarUI4FromStr

shlwapi

SHSetValueW

gdi32

CreateRectRgn

userenv

UnloadUserProfile

msi

ord238

Sections

.text
Size: 147KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptionsEx.dll
.dll windows:4 windows x86 arch:x86

091449c4933dca32efa12a1bac258dc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy

shlwapi

PathFileExistsW
PathFindExtensionW

kernel32

GetSystemTime
FindFirstFileW
WritePrivateProfileStringW
lstrcatW
lstrcpyW
GlobalUnlock
GlobalLock
lstrcpynW
SetCurrentDirectoryW
GetTimeFormatW
HeapSize
CreateFileA
SetEndOfFile
LoadLibraryA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
FlushFileBuffers
SetStdHandle
HeapReAlloc
VirtualAlloc
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
Sleep
ExitProcess
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
WriteFile
RtlUnwind
MultiByteToWideChar
lstrlenW
lstrcmpW
GetPrivateProfileStringW
CloseHandle
LoadLibraryW
GetTickCount
GlobalFree
GetModuleHandleW
SetErrorMode
GetFileSize
CreateFileW
GlobalAlloc
ReadFile
GetDateFormatW
GetCurrentDirectoryW
MulDiv
SetFilePointer
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetLastError
SetLastError
TlsFree
TlsSetValue
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc

user32

CreateDialogParamW
UpdateWindow
GetWindowRect
SetWindowLongW
GetDlgItem
EnableWindow
TranslateMessage
GetDlgCtrlID
MapDialogRect
wsprintfW
DestroyCursor
SetWindowTextW
GetMessageW
DispatchMessageW
CharNextW
CopyImage
GetWindowLongW
DestroyIcon
CreateWindowExW
GetDC
GetSysColor
DestroyWindow
ScreenToClient
DrawFocusRect
SetWindowPos
MessageBoxW
LoadCursorW
SetCursor
GetCursorPos
GetWindowTextLengthW
GetWindowTextW
LoadImageW
CallWindowProcW
IsWindowEnabled
ReleaseDC
PostMessageW
IsDialogMessageW
EnableMenuItem
ShowWindow
SetWindowRgn
DrawTextW
SendMessageW
GetSystemMenu
KillTimer
SetTimer
GetKeyState
GetClientRect
MapWindowPoints

gdi32

CreateSolidBrush
PatBlt
SetBkMode
CombineRgn
CreateRectRgn
DeleteObject
SetTextColor
GetBkColor
CreateBrushIndirect
GetBkMode
SelectObject
CreateFontIndirectW
GetDeviceCaps
GetDIBits
SetBkColor
GetTextColor
GetObjectW
CreateCompatibleDC

comdlg32

CommDlgExtendedError
ChooseFontW
GetOpenFileNameW
ChooseColorW
GetSaveFileNameW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ExtractIconExW
SHGetDesktopFolder

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

Exports

Exports

dialog
initDialog
setFocus
show

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SetHomePage.ini
$PLUGINSDIR/SetHomePage_cn.gif
.gif
$PLUGINSDIR/SetHomePage_en.gif
.gif
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bitcomet_extension_signed.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/content/bc_context_menu.js
.js
chrome/content/bc_context_menu.xul
.xml
chrome/content/bc_media_capture.js
.js
chrome/content/bc_media_capture.xul
.xml
chrome/content/unknownContentTypeSaveAs.js
.js
chrome/content/unknownContentTypeSaveAs.xul
chrome/locale/en-US/bc_context_menu.dtd
chrome/locale/en-US/bc_media_capture.dtd
chrome/locale/en-US/bc_media_capture.properties
chrome/locale/zh-CN/bc_context_menu.dtd
chrome/locale/zh-CN/bc_media_capture.dtd
chrome/locale/zh-CN/bc_media_capture.properties
chrome/skin/download_all.png
.png
chrome/skin/download_link.png
.png
chrome/skin/download_media.png
.png
chrome/skin/icon.png
.png
components/IBitCometExtension.dll
.dll windows:4 windows x86 arch:x86

5ed73059b1b5f0698edf1b5bc65ee434

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometExtension_Firefox\app\Release_unicode\BitCometExtension_Firefox.pdb

Imports

xpcom

NS_GetComponentManager
NS_Alloc
NS_GetServiceManager
NS_Free
NS_StringContainerInit
NS_CStringSetData
NS_CStringGetData
NS_StringContainerFinish
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit
NS_StringSetData

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

kernel32

GetFullPathNameA
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedCompareExchange
MultiByteToWideChar
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
HeapSize
LoadLibraryA
GetLocaleInfoW
FreeLibrary
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
GetSystemTime
GetSystemInfo
WaitForSingleObject
GetVersion
GlobalMemoryStatus
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ResetEvent
ExpandEnvironmentStringsW
ReleaseMutex
FormatMessageW
GetTempPathW
GetEnvironmentVariableW
GetModuleHandleW
SetEnvironmentVariableW
GetModuleFileNameW
GetDriveTypeW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
GetTempFileNameW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
ReadFile
GetDriveTypeA
GetCurrentDirectoryA
MoveFileW
GetFullPathNameW
DeleteFileW
CreateMutexA
lstrcpynW
lstrcpyW
SetEvent
CloseHandle
CreateEventA
FindFirstFileA
CreateFileA

user32

DdeFreeStringHandle
DdeQueryStringW
DdeUninitialize
DdeFreeDataHandle
DdeGetData
DdeCreateDataHandle
DdeGetLastError
DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
GetWindowTextW
EnumThreadWindows
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
DdePostAdvise
wsprintfW

advapi32

RegisterEventSourceA
RegQueryValueExW
DeregisterEventSource
ReportEventA
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExW

ole32

CoCreateInstance
CoCreateGuid

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

NSGetModule

Sections

.text
Size: 660KB - Virtual size: 658KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components/IBitCometExtension.xpt
defaults/preferences/bc_context_menu.js
install.rdf
readme.txt
$PLUGINSDIR/firefoxextension.ini
$PLUGINSDIR/gtapi.dll
.dll windows:4 windows x86 arch:x86

a1cddef184beba696e690091795eacfd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19-06-2007 00:00

Not After

18-06-2010 23:59

Subject

CN=Google Inc,OU=Digital ID Class 3 - Netscape Object Signing,O=Google Inc,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:d4:89:1c:dc:a0:67:a5:0d:5f:31:70:c9:f5:1a:18:ad:f2:70:25
Signer

Actual PE Digest

5a:d4:89:1c:dc:a0:67:a5:0d:5f:31:70:c9:f5:1a:18:ad:f2:70:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gtapi.pdb

Imports

kernel32

GetCurrentProcessId
GetModuleHandleW
LocalFree
OpenProcess
lstrcmpA
GetLocalTime
LoadLibraryW
LoadLibraryA
LocalAlloc
lstrlenA
FreeLibrary
GetFileAttributesW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetVersion
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetProcAddress
lstrcmpiA
CloseHandle
SetLastError
GetLastError
GetVersionExA
TerminateProcess
OutputDebugStringA

user32

CharUpperA
CharNextA

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteValueA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

CancelToolbarInstall
GetToolbarInstallerProgress
ToolbarCompatibilityCheck

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/gtbinstallcomplete.ini
$PLUGINSDIR/installgtb.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisunz.dll
.dll windows:4 windows x86 arch:x86

eea3804a9b79d8100e104a2b59ee9f5f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InitializeCriticalSection
CreateDirectoryA
lstrcpyA
GetVersion
lstrlenA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
lstrcpynA
lstrcmpiA
lstrcmpW
lstrcmpiW
lstrcpyW
GlobalFree
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetSystemInfo
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
GetLastError
CloseHandle
WriteFile
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
HeapReAlloc
SetStdHandle
FlushFileBuffers
RtlUnwind
InterlockedExchange
VirtualQuery
CreateFileA
GetACP
GetOEMCP
GetCPInfo
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetEndOfFile
HeapSize
GetLocaleInfoA

user32

MessageBoxW
CharPrevA
PeekMessageW
DispatchMessageW
TranslateMessage
FindWindowExA
GetDlgItem
SendMessageW
wsprintfA

Exports

Exports

Unzip
UnzipToLog
UnzipToStack
extract_RunDLL

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/toolbarinstalled_cn.gif
.gif
$PLUGINSDIR/toolbarinstalled_en.gif
.gif
$PLUGINSDIR/toolbarpreview_cn.gif
.gif
$PLUGINSDIR/toolbarpreview_en.gif
.gif
$_6_/components/nsIBitCometAgent.xpt
$_6_/plugins/npBitCometAgent.dll
.dll windows:4 windows x86 arch:x86

b236c7ac3af8a8f3fb1acff9b6a5980c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_FireFox\app\Release_unicode\BitCometAgent_FirefoxPlugin.pdb

Imports

xpcom

NS_CStringGetData
NS_StringSetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit

kernel32

lstrcpyW
lstrcpynW
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapSize
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
FreeLibrary
InterlockedExchange
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryW
OutputDebugStringW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
ExpandEnvironmentStringsW
GetSystemInfo
ReleaseMutex
FormatMessageW
GetTempPathW
GetEnvironmentVariableW
GetModuleHandleW
SetEnvironmentVariableW
GetModuleFileNameW
GetDriveTypeW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
GetTempFileNameW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
ReadFile
GetSystemTime
SetEndOfFile
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
MoveFileW
GetFullPathNameW
DeleteFileW
CreateMutexA
InterlockedCompareExchange
SetEvent
CloseHandle
CreateEventA
FindFirstFileA
GetTimeZoneInformation

user32

DdeGetLastError
DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
DdeCreateDataHandle
DdePostAdvise
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
EnumThreadWindows
GetWindowTextW
DdeGetData
wsprintfW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoCreateInstance

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BitComet.exe
.exe windows:4 windows x86 arch:x86

1ef7522013b5542bc30353cdfb97e032

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-12-2009 00:00

Not After

30-11-2012 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:51:54:7c:98:22:d5:93:34:13:86:a2:9e:ff:ae:6f:6d:60:e6:99
Signer

Actual PE Digest

bb:51:54:7c:98:22:d5:93:34:13:86:a2:9e:ff:ae:6f:6d:60:e6:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

user32

GetWindowDC

gdi32

GetViewportExtEx

comdlg32

PageSetupDlgW

winspool.drv

OpenPrinterW

advapi32

RegCloseKey

shell32

DragQueryPoint

comctl32

_TrackMouseEvent

shlwapi

AssocQueryStringW

oledlg

OleUIBusyW

ole32

RevokeDragDrop

oleaut32

VariantCopy

ws2_32

socket

mswsock

GetAcceptExSockaddrs

winmm

sndPlaySoundW

iphlpapi

GetAdaptersInfo

version

VerQueryValueW

Sections

.text
Size: 2.6MB - Virtual size: 10.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 322KB - Virtual size: 324KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ChangeLog.txt
ChangeLog_Chinese.txt
CrashReport.exe
.exe windows:4 windows x86 arch:x86

32144870df8ee586454e3a0c903cbcd3

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-12-2009 00:00

Not After

30-11-2012 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

89:84:8f:09:cc:3c:71:7b:ab:01:22:ce:9f:ef:45:f4:9c:8c:49:3e
Signer

Actual PE Digest

89:84:8f:09:cc:3c:71:7b:ab:01:22:ce:9f:ef:45:f4:9c:8c:49:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop_1\CrashReport\CrashReport\src\CrashReport\app\release\CrashReport.pdb

Imports

kernel32

TlsFree
WritePrivateProfileStringA
GetCurrentDirectoryA
GlobalFlags
InterlockedIncrement
GetFileAttributesA
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
GetTickCount
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
HeapReAlloc
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitThread
CreateThread
LocalReAlloc
GetStdHandle
IsValidCodePage
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetThreadLocale
FindFirstFileA
FileTimeToLocalFileTime
FindNextFileA
FindClose
GlobalUnlock
GlobalAddAtomA
FreeResource
GlobalFree
GetCurrentProcessId
SetLastError
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalLock
lstrcmpA
GlobalAlloc
GetModuleHandleA
GetProcAddress
SuspendThread
GetCurrentThreadId
ResumeThread
SetThreadPriority
SystemTimeToFileTime
GetLocalTime
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
FileTimeToDosDateTime
SetFilePointer
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
GetFileSize
ReadFile
WriteFile
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CloseHandle
WaitForMultipleObjects
CreateEventA
LeaveCriticalSection
EnterCriticalSection
SetEvent
RaiseException
GetVersionExA
lstrlenA
MultiByteToWideChar
GetVersion
InterlockedExchange
CompareStringW
GetLastError
CompareStringA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
MulDiv
CopyFileA
WideCharToMultiByte
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
CreateProcessA
GetACP
GetUserDefaultLangID
HeapSize
GetModuleFileNameA

user32

ReleaseCapture
GetNextDlgGroupItem
GetSysColorBrush
UnregisterClassA
RegisterClipboardFormatA
PostThreadMessageA
MoveWindow
SetWindowTextA
IsDialogMessageA
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetCapture
SetForegroundWindow
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
FillRect
PostMessageA
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
WindowFromPoint
ShowWindow
LoadCursorA
InflateRect
ReleaseDC
MessageBeep
GetDC
GetSysColor
IsWindow
RedrawWindow
GetParent
GetWindowRect
SetCursor
SetWindowLongA
InvalidateRect
CopyIcon
PtInRect
ScreenToClient
GetMessagePos
SendMessageA
AppendMenuA
KillTimer
EnableWindow
DrawIcon
GetClientRect
GetSystemMenu
GetSystemMetrics
IsIconic
DispatchMessageA
TranslateMessage
SetTimer
LoadIconA
PostQuitMessage
PeekMessageA

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetWindowExtEx
ExtSelectClipRgn
CreateSolidBrush
GetBkColor
GetTextColor
GetRgnBox
GetMapMode
GetViewportExtEx
DeleteObject
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
CreateFontIndirectA
GetObjectA
GetStockObject
DeleteDC
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

ws2_32

WSAStartup
WSASetLastError
WSACleanup

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetAttemptConnect
InternetConnectA
InternetOpenA
InternetReadFile
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
InternetSetCookieA
HttpAddRequestHeadersA
HttpOpenRequestA

Sections

.text
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
License.txt
License_Chinese.txt
ReadMe.txt
ReadMe_Chinese.txt
dbghelp.dll
.dll windows:5 windows x86 arch:x86

1e7ff3adf3b8cd2d63666cfe63301b74

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

kernel32

GetEnvironmentVariableW
GetProcAddress
DeleteFileW
CreateFileW
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
UnmapViewOfFile
GetFullPathNameW
GetFileAttributesW
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringW
ReadProcessMemory
WriteFile
SetErrorMode
GetFileAttributesA
DebugBreak
GetSystemDirectoryW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
OutputDebugStringA
IsDBCSLeadByte
HeapFree
HeapAlloc
HeapReAlloc
TlsFree
LocalFree
TlsAlloc
GetVersionExA
VirtualQueryEx
GetPriorityClass
FlushViewOfFile
MapViewOfFileEx
GetFileType
CreateFileMappingW
DeviceIoControl
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
CopyFileA
SetFileAttributesA
CopyFileW
SetFileAttributesW
InterlockedIncrement
InterlockedDecrement
Sleep
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
DeleteFileA
FormatMessageW
FormatMessageA
GetThreadSelectorEntry
CreateThread
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetVersionExW
GetSystemInfo
InitializeCriticalSection
HeapCreate
DeleteCriticalSection
HeapDestroy
TlsGetValue
TlsSetValue
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SetLastError
FindFirstFileW
FindNextFileW
FreeLibrary
LoadLibraryA
TerminateThread

msvcrt

_onexit
__dllonexit
_adjust_fdiv
_initterm
realloc
sprintf
iswprint
memmove
iswspace
calloc
wcsncat
strncat
_itoa
_write
strncpy
strchr
_wcsicmp
towlower
tolower
_wcslwr
_close
_wopen
time
wcsncpy
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
_vsnprintf
isspace
ctime
malloc
atol
__CxxFrameHandler
fclose
__unDName
_CxxThrowException
bsearch
_snwprintf
fread
fseek
_wfopen
fopen
_osver
_snprintf
wcstol
wcsrchr
_wmakepath
_winminor
_winmajor
_fullpath
_wfullpath
_mbsicmp
_splitpath
_access
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_open_osfhandle
_wsopen
_sopen
ftell
_wgetenv
_mbscmp
_memicmp
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_strlwr
free
strstr
_vsnwprintf
_except_handler3
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
??3@YAXPAX@Z
_wsplitpath
??2@YAPAXI@Z

advapi32

RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCloseKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
DirTree
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
dbghelp
dh
fptr
lmi
lminfo
omap
srcfiles
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 803KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fav/HowTo-AddYourSite.txt
fav/download-complete.wav
fav/fav_bg.xml
.xml
fav/fav_ca.xml
.xml
fav/fav_de.xml
.xml
fav/fav_el.xml
.xml
fav/fav_en_us.xml
.xml
fav/fav_es.xml
.xml
fav/fav_fi.xml
.xml
fav/fav_he.xml
.xml
fav/fav_hu.xml
.xml
fav/fav_it.xml
.xml
fav/fav_ja.xml
.xml
fav/fav_ko.xml
.xml
fav/fav_lv.xml
.xml
fav/fav_nl.xml
.xml
fav/fav_pl.xml
.xml
fav/fav_pt.xml
.xml
fav/fav_pt_br.xml
.xml
fav/fav_ru.xml
.xml
fav/fav_sl.xml
.xml
fav/fav_th.xml
.xml
fav/fav_uk.xml
.xml
fav/fav_vi.xml
.xml
fav/fav_zh_cn.xml
fav/fav_zh_tw.xml
.xml
fav/passport_info_en_us.mht
.eml .js polyglot
- http://blog.bitcomet.com/?login
- http://blog.bitcomet.com/bcmedia/albums/?login
- http://blog.bitcomet.com/bcslist/
- http://soft.bitcomet.com/?login
- http://v.mcomet.com/?login
- http://www.mcomet.com/?login
- http://www.playcomet.com/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
fav/passport_info_zh_cn.mht
.eml .js polyglot
- http://blog.mdbchina.com/?login
- http://blog.mdbchina.com/bcslist/
- http://game.didai.com/?login
- http://m.didai.com/?login
- http://mp3.didai.com/?login
- http://my.mdbchina.com/?login
- http://my.mdbchina.com/tieba/%e6%af%94%e7%89%b9%e5%bd%97%e6%98%9f/
- http://www.mdbchina.cn/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
fav/passport_info_zh_tw.mht
.eml .js polyglot
- http://blog.mdbchina.com/?login
- http://blog.mdbchina.com/bcslist/
- http://game.didai.com/?login
- http://m.didai.com/?login
- http://mp3.didai.com/?login
- http://my.mdbchina.com/?login
- http://my.mdbchina.com/tieba/%e6%af%94%e7%89%b9%e5%bd%97%e6%98%9f/
- http://www.mdbchina.cn/?login
attachment-10
.gif
attachment-11
.gif
attachment-12
.gif
attachment-13
.gif
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
attachment-8
.gif
attachment-9
.gif
email-html-1.txt
.js
fav/passport_login_en_us.mht
.eml
- http://blog.bitcomet.com/?login
- http://blog.bitcomet.com/bcmedia/albums/?login
- http://blog.bitcomet.com/post/355/?login
- http://passport.bitcomet.com/client/register/?login
- http://soft.bitcomet.com/?login
- http://v.mcomet.com/?login
- http://www.mcomet.com/?login
- http://www.playcomet.com/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
fav/passport_login_zh_cn.mht
.eml
- http://blog.mdbchina.com/?login
- http://game.didai.com/?login
- http://m.didai.com/?login
- http://mp3.didai.com/?login
- http://my.mdbchina.com/?login
- http://my.mdbchina.com/register.aspx?login
- http://my.mdbchina.com/tie/1178541/?login
- http://www.mdbchina.cn/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
fav/passport_login_zh_tw.mht
.eml
- http://blog.mdbchina.com/?login
- http://game.didai.com/?login
- http://m.didai.com/?login
- http://mp3.didai.com/?login
- http://my.mdbchina.com/?login
- http://my.mdbchina.com/register.aspx?login
- http://my.mdbchina.com/tie/1178541/?login
- http://www.mdbchina.cn/?login
attachment-2
.gif
attachment-3
.gif
attachment-4
.gif
attachment-5
.gif
attachment-6
.gif
attachment-7
.gif
email-html-1.txt
lang/HowTo-Translate.txt
lang/bitcomet-ar.mo
lang/bitcomet-bg.mo
lang/bitcomet-bs.mo
lang/bitcomet-ca.mo
lang/bitcomet-cs.mo
lang/bitcomet-da.mo
lang/bitcomet-de.mo
lang/bitcomet-el.mo
lang/bitcomet-en_US.mo
.eml
lang/bitcomet-es.mo
lang/bitcomet-et.mo
lang/bitcomet-eu.mo
lang/bitcomet-fa.mo
lang/bitcomet-fi.mo
lang/bitcomet-fr.mo
lang/bitcomet-gl.mo
lang/bitcomet-he.mo
lang/bitcomet-hr.mo
lang/bitcomet-hu.mo
lang/bitcomet-hy.mo
lang/bitcomet-id.mo
lang/bitcomet-it.mo
lang/bitcomet-ja.mo
lang/bitcomet-kk.mo
lang/bitcomet-kn.mo
lang/bitcomet-ko.mo
lang/bitcomet-lt.mo
lang/bitcomet-lv.mo
lang/bitcomet-mk.mo
lang/bitcomet-ms.mo
lang/bitcomet-nb.mo
lang/bitcomet-ne.mo
lang/bitcomet-nl.mo
lang/bitcomet-pl.mo
lang/bitcomet-pt.mo
lang/bitcomet-pt_BR.mo
lang/bitcomet-ro.mo
lang/bitcomet-ru.mo
lang/bitcomet-sk.mo
lang/bitcomet-sl.mo
lang/bitcomet-sq.mo
lang/bitcomet-sr.mo
lang/bitcomet-sv.mo
lang/bitcomet-ta.mo
lang/bitcomet-th.mo
lang/bitcomet-tr.mo
lang/bitcomet-ug.mo
lang/bitcomet-uk.mo
lang/bitcomet-ur.mo
lang/bitcomet-vi.mo
lang/bitcomet-zh_CN.mo
lang/bitcomet-zh_TW.mo
rules/tracker.dat
scripts/cookie.lua
scripts/mp3_baidu.lua
scripts/mp3_didai.lua
scripts/mp3_iask.lua
scripts/mp3_qihoo.lua
scripts/mp3_sogou.lua
scripts/mp3_sogua.lua
scripts/mp3_yahoo.lua
scripts/mp3_zhongsou.lua
scripts/refer_crsky.lua
scripts/refer_newhua.lua
scripts/refer_pchome.lua
scripts/refer_skycn.lua
scripts/refer_sourceforge.lua
scripts/soft_21cn.lua
scripts/soft_crsky.lua
scripts/soft_ddooo.lua
scripts/soft_duote.lua
scripts/soft_it_com_cn.lua
scripts/soft_mydown.lua
scripts/soft_mydrivers.lua
scripts/soft_newhua.lua
scripts/soft_pchome.lua
scripts/soft_pconline.lua
scripts/soft_sina.lua
scripts/soft_skycn.lua
scripts/soft_sohu.lua
scripts/soft_zol.lua
tools/BitCometAgent_1.4.1.27.dll
.dll regsvr32 windows:4 windows x86 arch:x86

20d951fbe3edfbf1702d904c94fc1ecc

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-12-2009 00:00

Not After

30-11-2012 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8a:a0:7f:40:47:67:a1:a9:4b:18:85:93:69:93:68:29:7f:da:6b:01
Signer

Actual PE Digest

8a:a0:7f:40:47:67:a1:a9:4b:18:85:93:69:93:68:29:7f:da:6b:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_ActiveX\app\Release\BitCometAgent_ActiveX.pdb

Imports

oleaut32

VariantInit
VariantCopy
SafeArrayGetVartype
VarUI4FromStr
VariantClear
VariantChangeType
LoadRegTypeLi
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayUnaccessData
LoadTypeLi
SysAllocString
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
SysStringLen
SysFreeString
UnRegisterTypeLi
RegisterTypeLi

kernel32

GetFullPathNameW
FindResourceA
GetLastError
IsDBCSLeadByte
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
GetModuleFileNameA
lstrlenA
EnterCriticalSection
lstrcmpiA
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LoadResource
LoadLibraryExA
InterlockedDecrement
FreeLibrary
SizeofResource
RaiseException
SetEvent
CloseHandle
CreateEventA
SetThreadLocale
GetThreadLocale
HeapFree
GetProcessHeap
FindFirstFileW
InterlockedCompareExchange
lstrcpynA
GetEnvironmentVariableA
GetCurrentProcessId
GetVersionExA
Sleep
GetCPInfo
IsValidCodePage
GetProcAddress
SetEnvironmentVariableA
GetCurrentProcess
WaitForSingleObject
TerminateProcess
LocalFree
FormatMessageA
ExpandEnvironmentStringsA
ReadFile
WriteFile
CreateProcessA
GetFileType
GetFileAttributesA
CopyFileA
SetCurrentDirectoryA
GetWindowsDirectoryA
CreateFileA
GetCurrentThreadId
GetSystemInfo
LoadLibraryA
lstrcpyA
ReleaseMutex
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
ExitProcess
GetACP
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoA
GetTempPathA
GetStdHandle
OutputDebugStringA
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
GetTempFileNameA
InterlockedExchange
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
GetDriveTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
SetStdHandle
DeleteFileA
GetDriveTypeA
GetFullPathNameA
MoveFileA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetLastError
HeapDestroy
HeapCreate
VirtualFree
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetOEMCP
LCMapStringA
LCMapStringW
GetCurrentDirectoryA
EnumSystemLocalesA
GetStringTypeA
GetStringTypeW
CreateFileW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEndOfFile
GetSystemTime
CreateToolhelp32Snapshot
Process32First
Process32Next
Thread32First
Thread32Next
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
ResetEvent
CreateMutexA
HeapAlloc

user32

EnumThreadWindows
GetWindowTextA
wsprintfA
UnregisterClassA
DdePostAdvise
DdeConnect
DdeNameService
CharNextA
DdeCreateStringHandleA
DdeClientTransaction
DdeDisconnect
DdeInitializeA
DdeGetLastError
DdeCreateDataHandle
DdeGetData
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringA
DdeFreeStringHandle

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
ShellExecuteExA

ole32

StringFromGUID2
CoTaskMemAlloc
CoCreateGuid
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/BitCometBHO_1.4.1.27.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b8c64947f0ea40fe6b035b6d6510f887

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17-05-2005 00:00

Not After

16-05-2010 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

01-12-2009 00:00

Not After

30-11-2012 23:59

Subject

CN=Shanghai Comet Network Technology,O=Shanghai Comet Network Technology,POSTALCODE=200050,STREET=4 Floor\, No. 1118 Yu Yuan Road,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

95:76:9b:08:f1:29:4a:64:dc:50:55:23:f1:8a:ce:2f:e3:77:fc:64
Signer

Actual PE Digest

95:76:9b:08:f1:29:4a:64:dc:50:55:23:f1:8a:ce:2f:e3:77:fc:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
GetACP
GetModuleFileNameW
DeleteCriticalSection
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
SetEvent
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
Thread32First
Thread32Next
GetTickCount
Sleep
ResetEvent
CreateEventW
CreateProcessW
WaitForSingleObject
FlushInstructionCache
CreateEventA
lstrcpynW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LeaveCriticalSection
GetConsoleCP
GetDriveTypeW
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
TlsFree
FindFirstFileA
FindFirstFileW
GetFullPathNameA
GetThreadLocale
TlsSetValue
EnterCriticalSection
GetConsoleMode
TlsGetValue
TlsAlloc
SetThreadLocale
GetModuleHandleW
GetLastError
RaiseException
LoadLibraryExW
InterlockedDecrement
lstrcmpiW
InterlockedIncrement
FindResourceW
lstrlenW
SizeofResource
GetFullPathNameW
FindClose
GetCurrentDirectoryA
CreateFileA
CreateMutexA
GetSystemInfo
SetEndOfFile
MultiByteToWideChar
LoadResource
FreeLibrary
LoadLibraryW
GetProcAddress
SetFilePointer
FlushFileBuffers
ReadFile
CreateFileW
lstrcpyW
GetSystemTime
InterlockedCompareExchange
InterlockedExchange
WideCharToMultiByte
LocalFree
FormatMessageA
GetLocaleInfoA
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
ReleaseMutex
GetFileAttributesW
SetStdHandle

user32

GetWindowTextW
IsWindow
CallWindowProcW
CharNextW
SetWindowLongW
EnableMenuItem
LoadBitmapW
wsprintfW
EnumThreadWindows
GetMenuItemCount
GetMenuItemInfoW
SetMenuItemInfoW
DeleteMenu
InsertMenuItemW
CreatePopupMenu
SetMenuInfo
AppendMenuW
FillRect
GetWindowThreadProcessId
UnregisterClassA
ReleaseDC
GetSysColor
GetDC
GetCursorPos
CallNextHookEx
ScreenToClient
SetRect
GetSystemMetrics
DrawTextW
SetWindowsHookExW
UnhookWindowsHookEx
PostMessageW

gdi32

SetTextColor
DeleteObject
CreateSolidBrush
SetBkMode

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CLSIDFromString

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi

shlwapi

SHDeleteKeyW

comctl32

ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
ImageList_DrawEx

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 488KB - Virtual size: 485KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/UPNP.exe
.exe windows:4 windows x86 arch:x86

5056ac97ed837319137f03ec281bcc42

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2007 00:00

Not After

12-11-2009 23:59

Subject

CN=Comet Network Technology Co Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comet Network Technology Co Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:e3:d0:e8:de:b0:2e:f6:65:d2:04:ba:ee:ed:de:94:29:f8:c5:ef
Signer

Actual PE Digest

62:e3:d0:e8:de:b0:2e:f6:65:d2:04:ba:ee:ed:de:94:29:f8:c5:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop\UPnp\app\Release\GUI_UPNP.pdb

Imports

kernel32

GetOEMCP
FileTimeToSystemTime
SystemTimeToFileTime
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
ExitThread
CreateThread
HeapSize
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetCPInfo
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
CreateFileMappingA
CreateFileA
OpenEventA
TerminateThread
MapViewOfFile
UnmapViewOfFile
FileTimeToDosDateTime
CreateProcessA
lstrcatA
OutputDebugStringA
GlobalMemoryStatus
lstrcpyA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResetEvent
ReleaseMutex
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetCurrentProcessId
GlobalAddAtomA
FreeResource
ResumeThread
SetThreadPriority
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
SetLastError
Sleep
GetModuleHandleA
GetProcAddress
ReleaseSemaphore
GetCurrentProcess
DuplicateHandle
GetCurrentThreadId
WaitForSingleObject
GetTickCount
GetSystemTimeAsFileTime
SetEvent
GetSystemTime
CreateSemaphoreA
HeapFree
GetProcessHeap
HeapAlloc
CreateEventA
FindResourceA
LoadResource
LockResource
SizeofResource
CloseHandle
GetACP
GetUserDefaultLangID
CreateMutexA
GetVersion
CompareStringA
CompareStringW
GetLastError
WideCharToMultiByte
lstrlenA
InterlockedExchange
OpenFileMappingA
MultiByteToWideChar
QueryPerformanceCounter

user32

EndPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
CharUpperA
BeginPaint
wsprintfA
wvsprintfA
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
PostThreadMessageA
GetMenuItemID
AdjustWindowRectEx
RegisterClipboardFormatA
MessageBoxA
RegisterWindowMessageA
LoadIconA
IsIconic
SendMessageA
GetSystemMetrics
EnableWindow
GetClientRect
GetWindowTextA
PostMessageA
GetSubMenu
GetMenuItemCount
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DefWindowProcA
DestroyMenu

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ScaleWindowExtEx
GetDeviceCaps

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

GetUserNameA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CoRevokeClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CoFreeUnusedLibraries
CoInitializeSecurity
CoUninitialize
CoInitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateGuid
CreateILockBytesOnHGlobal

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
SysAllocStringByteLen
VariantChangeType
SafeArrayGetElement
SafeArrayDestroy
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString
VariantCopy

ws2_32

inet_addr
gethostname

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/VideoSnapshot.exe
.exe windows:4 windows x86 arch:x86

423eb8d8d0339083afce774d26ca5096

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

24-09-2007 00:00

Not After

12-11-2009 23:59

Subject

CN=Comet Network Technology Co Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Comet Network Technology Co Ltd.,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:f9:38:0c:fd:15:3a:7f:59:3b:68:b8:c8:ee:d6:d1:c5:26:b5:de
Signer

Actual PE Digest

fa:f9:38:0c:fd:15:3a:7f:59:3b:68:b8:c8:ee:d6:d1:c5:26:b5:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Develop\MediaInfo\app\Release_unicode\VideoSnapshot.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
lstrlenA
GetThreadLocale
FileTimeToSystemTime
InterlockedIncrement
GlobalFlags
GetModuleHandleA
GetStringTypeExW
lstrcmpiW
LockFile
UnlockFile
FindClose
FindFirstFileW
GetVolumeInformationW
SetErrorMode
GetStartupInfoW
UnhandledExceptionFilter
RtlUnwind
HeapReAlloc
ExitProcess
ExitThread
CreateThread
HeapSize
VirtualProtect
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
SetEnvironmentVariableA
LeaveCriticalSection
LocalAlloc
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
InterlockedDecrement
FreeResource
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
GetVersion
GlobalGetAtomNameW
GlobalAddAtomW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
VirtualQuery
GetFileTime
FileTimeToLocalFileTime
InterlockedCompareExchange
GetFileAttributesExW
GetCurrentDirectoryA
CreateDirectoryW
GetFullPathNameA
FindNextFileW
FindFirstFileA
FormatMessageA
ReleaseMutex
CreateMutexA
GetDriveTypeA
GetDriveTypeW
RaiseException
lstrlenW
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
DuplicateHandle
Sleep
GetCurrentThread
GetCurrentProcessId
GetTickCount
GetLocalTime
lstrcpyW
lstrcpynW
GetFileSize
SetEndOfFile
SetFilePointer
FlushFileBuffers
WriteFile
ReadFile
VirtualFree
GetCurrentProcess
VirtualAlloc
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
CreateEventA
SetEvent
HeapFree
GetSystemTime
GetProcessHeap
SetLastError
GetLastError
WideCharToMultiByte
FormatMessageW
LocalFree
GlobalMemoryStatus
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetVersionExW
GetCommandLineW
WaitForSingleObject
MulDiv
GetModuleHandleW
MultiByteToWideChar
GetModuleFileNameW
GetFullPathNameW
GetFileAttributesW
CloseHandle
UnmapViewOfFile
SetCurrentDirectoryW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
CreateFileW
GetACP
HeapDestroy

user32

UnregisterClassW
DeleteMenu
IsRectEmpty
SystemParametersInfoW
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
ClientToScreen
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SendDlgItemMessageA
IsChild
SetWindowsHookExW
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
TrackPopupMenu
GetClientRect
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
DeferWindowPos
PtInRect
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindowTextW
MoveWindow
SetWindowTextW
IsDialogMessageW
CharUpperW
PostThreadMessageW
CharNextW
CopyAcceleratorTableW
SetRect
InvalidateRgn
SetCapture
GetNextDlgGroupItem
MessageBeep
CallNextHookEx
SendDlgItemMessageW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
RegisterWindowMessageW
GetClassNameW
GetSysColor
UnpackDDElParam
ReuseDDElParam
LoadMenuW
DestroyMenu
WinHelpW
SetWindowPos
SetFocus
GetWindowThreadProcessId
GetActiveWindow
IsWindowEnabled
GetFocus
EqualRect
GetDlgItem
SetWindowLongW
GetKeyState
GetDlgCtrlID
GetMenu
SetCursor
PeekMessageW
GetCapture
ReleaseCapture
LoadAcceleratorsW
GetParent
SetActiveWindow
IsWindowVisible
InvalidateRect
IsIconic
InsertMenuItemW
CreatePopupMenu
GetClassInfoW
IntersectRect
OffsetRect
SetRectEmpty
CopyRect
GetLastActivePopup
BringWindowToTop
SetMenu
GetDesktopWindow
GetWindow
ShowWindow
GetWindowLongW
IsWindow
TranslateAcceleratorW
GetMenuState
GetMenuStringW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
wsprintfW
SetForegroundWindow
UpdateWindow
EnableWindow
SendMessageW
PostMessageW
LoadIconW
DefWindowProcW
MessageBoxW

gdi32

CreatePatternBrush
GetStockObject
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
DeleteDC
GetMapMode
GetBkColor
RectVisible
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
CreateCompatibleBitmap
CreateRectRgnIndirect
CreateCompatibleDC
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
SetMapMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
TextOutW

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegisterEventSourceA
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
ReportEventA
RegQueryValueExW
RegOpenKeyW
RegCloseKey
DeregisterEventSource

shell32

DragFinish
DragQueryFileW
SHGetFileInfoW

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameW
PathStripToRootW
PathFindExtensionW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleIsCurrentClipboard
OleUninitialize
CoTaskMemAlloc
CoRevokeClassObject
CoTaskMemFree
CoCreateInstance
OleFlushClipboard
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoFreeUnusedLibraries

oleaut32

VariantClear
SysStringLen
SysFreeString
VariantChangeType
VariantInit
SysAllocStringLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

wininet

HttpQueryInfoA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetReadFile
HttpSendRequestA

Sections

.text
Size: 750KB - Virtual size: 750KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/bitcomet_extension_signed.xpi
.zip
tools/npBitCometAgent.dll
.dll windows:4 windows x86 arch:x86

b236c7ac3af8a8f3fb1acff9b6a5980c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Develop_Server\BitCometAgent_FireFox\app\Release_unicode\BitCometAgent_FirefoxPlugin.pdb

Imports

xpcom

NS_CStringGetData
NS_StringSetData
NS_UTF16ToCString
NS_CStringContainerFinish
NS_CStringContainerInit

kernel32

lstrcpyW
lstrcpynW
LocalFree
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
RaiseException
RtlUnwind
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
HeapSize
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
FreeLibrary
InterlockedExchange
InitializeCriticalSection
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetVersionExW
LoadLibraryW
OutputDebugStringW
Thread32First
Thread32Next
CreateEventW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
ExpandEnvironmentStringsW
GetSystemInfo
ReleaseMutex
FormatMessageW
GetTempPathW
GetEnvironmentVariableW
GetModuleHandleW
SetEnvironmentVariableW
GetModuleFileNameW
GetDriveTypeW
CreateFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
GetTempFileNameW
GetFileAttributesW
CopyFileW
SetCurrentDirectoryW
GetWindowsDirectoryW
ReadFile
GetSystemTime
SetEndOfFile
GetFullPathNameA
GetDriveTypeA
GetCurrentDirectoryA
MoveFileW
GetFullPathNameW
DeleteFileW
CreateMutexA
InterlockedCompareExchange
SetEvent
CloseHandle
CreateEventA
FindFirstFileA
GetTimeZoneInformation

user32

DdeGetLastError
DdeInitializeW
DdeDisconnect
DdeClientTransaction
DdeCreateStringHandleW
DdeNameService
DdeConnect
DdeCreateDataHandle
DdePostAdvise
DdeFreeDataHandle
DdeUninitialize
DdeQueryStringW
DdeFreeStringHandle
EnumThreadWindows
GetWindowTextW
DdeGetData
wsprintfW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteExW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation

ole32

CoCreateGuid
CoCreateInstance

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 512KB - Virtual size: 509KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tools/nsIBitCometAgent.xpt
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:dbCertificate

Extended Key Usages

Key Usages

b0:4c:3e:e5:a4:ce:d4:96:83:f2:ce:a0:6b:19:37:72:b4:56:fe:e6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 852KB

.rsrc Size: 37KB - Virtual size: 36KB

5ed73059b1b5f0698edf1b5bc65ee434

Headers

File Characteristics

PDB Paths

Imports

xpcom

nspr4

kernel32

user32

advapi32

shell32

ole32

version

Exports

Exports

Sections

.text Size: 660KB - Virtual size: 658KB

.rdata Size: 168KB - Virtual size: 165KB

.data Size: 60KB - Virtual size: 78KB

.tls Size: 4KB - Virtual size: 2B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 112KB - Virtual size: 109KB

f5a0fe33f889c1e6367a9c81477d02f1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

userenv

Exports

Exports

Sections

.text Size: 516KB - Virtual size: 512KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 20KB - Virtual size: 46KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 64KB - Virtual size: 62KB

85c5153892863e50749ae0b816c52411

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

2e:5c:c2:39:2a:49:c3:02:34:13:cc:ae:a5:4d:9c:db
Certificate

b0:4c:3e:e5:a4:ce:d4:96:83:f2:ce:a0:6b:19:37:72:b4:56:fe:e6
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 852KB

.rsrc
Size: 37KB - Virtual size: 36KB

.text
Size: 660KB - Virtual size: 658KB

.rdata
Size: 168KB - Virtual size: 165KB

.data
Size: 60KB - Virtual size: 78KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 112KB - Virtual size: 109KB

.text
Size: 516KB - Virtual size: 512KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 20KB - Virtual size: 46KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 64KB - Virtual size: 62KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

75:b6:d3:9b:ba:c2:eb:6f:38:1d:43:f8:7a:70:8f:f0
Certificate

c5:1e:ac:27:23:77:fb:dd:f8:7f:07:6e:2e:03:1b:7a:69:37:b2:b1
Signer

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 6KB

.text
Size: 496KB - Virtual size: 494KB

.rdata
Size: 132KB - Virtual size: 130KB

.data
Size: 60KB - Virtual size: 327KB

.tls
Size: 4KB - Virtual size: 2B

.rsrc
Size: 52KB - Virtual size: 50KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

31:44:c0:6a:6c:fb:50:76:c1:5d:39:95:72:c6:94:21
Certificate

fa:6e:26:b6:b7:8d:a1:49:b2:ba:56:d1:b5:a1:bd:9f:1f:a0:28:ec
Signer