66de12abfedd1bf355e2dfd718bc5e22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

66de12abfedd1bf355e2dfd718bc5e22_JaffaCakes118
Size

1.3MB
MD5

66de12abfedd1bf355e2dfd718bc5e22
SHA1

6b905932cf3089fe42702058408a7cd2eab66a6d
SHA256

35c2bac4a94576c1c01d5b1a2a5d83e19286a6920ac67043783572fe3d141c8d
SHA512

9abfdece6fe415134366087579ef1dec7d2d336c7abb1208d6f275e490179b76813a0c2c690a84999a4d57f71e3af84aaf4ef7b413f208a8baccb3e9264018af
SSDEEP

24576:vG2J+wG1HcxTc//7OmH/sQgc8K1jiAR8+QF/cDuqSxth:e2J+wWT3F/sQB8cmAR8rFgulx

Score

1^/10

Malware Config

Signatures

Files

66de12abfedd1bf355e2dfd718bc5e22_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a1:43:84:17:42:6f:db:2e:ce:15:38:84:1f:b8:81:24:00:01:b9:c5:d6:43:aa:c0:d3:38:69:bc:a2:c5:32:5e
Signer

Actual PE Digest

a1:43:84:17:42:6f:db:2e:ce:15:38:84:1f:b8:81:24:00:01:b9:c5:d6:43:aa:c0:d3:38:69:bc:a2:c5:32:5e

Digest Algorithm

sha256

PE Digest Matches

true

90:10:5c:3f:d8:6e:f7:52:fa:c0:27:46:de:15:c4:84:dc:9d:1e:0a
Signer

Actual PE Digest

90:10:5c:3f:d8:6e:f7:52:fa:c0:27:46:de:15:c4:84:dc:9d:1e:0a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 228KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

958fd0e15bfae528ef0e399f7f7f4cd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

38:6f:db:f2:46:fc:f6:12:55:6c:9b:ff:10:69:16:a5:ab:14:d5:f2:dd:ae:8f:ad:38:7e:63:a4:96:31:fa:14
Signer

Actual PE Digest

38:6f:db:f2:46:fc:f6:12:55:6c:9b:ff:10:69:16:a5:ab:14:d5:f2:dd:ae:8f:ad:38:7e:63:a4:96:31:fa:14

Digest Algorithm

sha256

PE Digest Matches

true

a7:7d:15:07:e5:f7:e3:49:00:02:72:34:d8:0e:ca:dd:df:0f:56:fe
Signer

Actual PE Digest

a7:7d:15:07:e5:f7:e3:49:00:02:72:34:d8:0e:ca:dd:df:0f:56:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\aaronymhe\TencentVideoWindows_Develop\Setup\PluginSource\InstallHelper\Release\InstallHelper.pdb

Imports

kernel32

DisconnectNamedPipe
WriteFile
InitializeCriticalSection
UnmapViewOfFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
OpenMutexW
CreateMutexW
MapViewOfFileEx
OpenFileMappingW
GetCPInfo
IsDBCSLeadByte
CreateDirectoryW
CreateFileW
GetCurrentThread
ExpandEnvironmentStringsW
LocalFree
GetFileSize
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LoadLibraryA
FreeLibrary
GetCurrentProcess
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleHandleExW
MapViewOfFile
GetLocalTime
CreateFileMappingW
ConnectNamedPipe
CreateNamedPipeW
GetDiskFreeSpaceExW
GetFileAttributesW
GetDriveTypeW
GetCurrentThreadId
CreateTimerQueueTimer
lstrcpyW
DeleteTimerQueueTimer
lstrcmpiW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
lstrcpynW
GetPrivateProfileIntW
Sleep
GlobalFree
GetCurrentProcessId
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
TerminateProcess
GetLastError
GetVersionExW
SetConsoleCtrlHandler
GetVersionExA
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

IsWindow
PostMessageW
MoveWindow
SetFocus
DestroyWindow
GetClientRect
GetCapture
SetWindowPos
GetCursorPos
InvalidateRect
TrackMouseEvent
CreateWindowExW
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow
GetWindowRect
ReleaseCapture
MapWindowPoints
SendMessageW
GetWindow
GetParent
GetWindowLongW
wsprintfW
ClientToScreen
PostThreadMessageW
GetAncestor
IsZoomed
SetWindowsHookExW
GetFocus
CallNextHookEx
EnumThreadWindows
UnhookWindowsHookEx
GetSystemMetrics
LoadCursorW
RegisterClassExW
UpdateLayeredWindow
SetCursor
IsWindowVisible
UnregisterClassA
MessageBoxW
SetTimer
EndPaint
BeginPaint
GetWindowTextW
GetClassNameW
GetDlgItemTextW
ScreenToClient
FillRect
SetScrollPos
GetWindowDC
PtInRect
GetDlgItem
ReleaseDC
GetDC
SetWindowTextW
IsIconic
UpdateWindow
IsWindowEnabled
KillTimer
EnableWindow
DrawTextW
DefWindowProcW
CallWindowProcW
SetWindowLongW
ShowWindow

gdi32

GetDeviceCaps
CombineRgn
SetStretchBltMode
GetStretchBltMode
TextOutW
Rectangle
SetDCPenColor
GetStockObject
ExtSelectClipRgn
GetTextMetricsW
CreateFontW
CreatePatternBrush
SetTextColor
SetBkMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
CreateRectRgnIndirect

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
GetTokenInformation
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsTextUnicode
RegCreateKeyExW
RegOpenKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
OpenProcessToken

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW

oleaut32

SysFreeString

shlwapi

PathFileExistsW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipFree
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageWidth

msimg32

AlphaBlend

psapi

GetModuleBaseNameW

Exports

Exports

CheckClickFastInstall
CreateCustomPage
CreateFinishPage
CreateInstallPage
CreateWelcomePage
DestroyWnd
GetCheck
GetFileVersion
GetFinishPageClick
GetOSVersionStringInfo
GetParentProcessName
InitSkin
InitSystemBootStartValue
IsFinishPageBindSoftware
Log
MoveWindowRect
MyReleaseCapture
NeedBindSoftAfterInstall
NeedRunAfterInstall
NeedRunOnStartup
SetCheck
SetFocusWnd
SetInstallDir
SkipFinishPage
UIUpdateInstallProgress
UIUpdateInstallStatus
UnInitSkin

Sections

.text
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ProcDll.dll
.dll windows:4 windows x86 arch:x86

eafd69dcf4113dfd376ee9950d275970

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:65:d2:7b:4c:ea:97:cd:93:de:15:9d:0e:cc:11:a2:e4:31:8d:52:06:97:a4:df:f0:c9:25:af:69:2a:af:54
Signer

Actual PE Digest

4e:65:d2:7b:4c:ea:97:cd:93:de:15:9d:0e:cc:11:a2:e4:31:8d:52:06:97:a4:df:f0:c9:25:af:69:2a:af:54

Digest Algorithm

sha256

PE Digest Matches

true

8f:c6:a0:e4:fe:67:2d:03:06:13:66:c7:ce:c1:da:b3:44:1c:b4:46
Signer

Actual PE Digest

8f:c6:a0:e4:fe:67:2d:03:06:13:66:c7:ce:c1:da:b3:44:1c:b4:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\aaronymhe\mygit\TencentVideoWindows_develop\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb

Imports

kernel32

lstrlenW
GetPrivateProfileStringW
GetModuleHandleW
GetSystemDirectoryW
GlobalFree
lstrcpyW
GlobalAlloc
GetCurrentThreadId
lstrcatW
QueryDosDeviceW
GetLogicalDriveStringsW
GetTickCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
SetFileAttributesW
CopyFileW
LocalFree
TerminateProcess
DuplicateHandle
TerminateThread
VirtualFree
VirtualAlloc
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetLongPathNameW
GetPrivateProfileIntW
OutputDebugStringW
GlobalSize
GlobalUnlock
GlobalLock
GetTempPathW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
SetFilePointer
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetEndOfFile
GetDiskFreeSpaceW
UnlockFile
DeleteFileA
LockFileEx
AreFileApisANSI
WritePrivateProfileStringW
GetSystemInfo
GetTempPathA
GetFullPathNameW
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
FormatMessageA
GetExitCodeProcess
CreateMutexW
OutputDebugStringA
UnlockFileEx
FormatMessageW
CreateFileMappingA
WaitForSingleObjectEx
GetFileAttributesExW
LockFile
FlushViewOfFile
GetThreadLocale
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
MoveFileW
Sleep
MoveFileExW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetFileSize
ReadFile
GetFullPathNameA
ExpandEnvironmentStringsW
FreeLibrary
WriteFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
DeviceIoControl
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
LoadLibraryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
GetVersionExW
CreateFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcpynW
OpenProcess
lstrcmpiW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetVersionExA
GetCommandLineA
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
HeapCompact

user32

EndPaint
GetClientRect
BeginPaint
CallWindowProcW
SendMessageW
RedrawWindow
SetWindowPos
SetWindowLongW
PostMessageW
IsWindow
DestroyWindow
DispatchMessageW
TranslateMessage
WaitForInputIdle
GetDesktopWindow
EnumChildWindows
GetWindowLongW
FindWindowW
GetWindowThreadProcessId
UnregisterClassA
wsprintfW
GetDC
EnumDisplayDevicesW
AllowSetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
LoadImageW
DialogBoxParamW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDlgItem
UpdateWindow
LoadStringW
ScreenToClient
MoveWindow
SetTimer
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
EndDialog
KillTimer
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
SendMessageTimeoutW
ClientToScreen
OffsetRect
FindWindowExW
EnumWindows
GetWindowTextW
CharNextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
GetMessageW
IsDialogMessageW

gdi32

GetStockObject
CreateSolidBrush
SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
GetDeviceCaps

advapi32

AdjustTokenPrivileges
OpenProcessToken
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
DeleteService
OpenSCManagerW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueW

shell32

SHGetSpecialFolderLocation
SHGetFolderPathW
SHFileOperationW
SHCreateDirectoryExW
SHChangeNotify
SHGetPathFromIDListW
ShellExecuteW

ole32

CoSetProxyBlanket
CoTaskMemAlloc
CoCreateGuid
CoCreateInstance
CLSIDFromString
StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoInitializeEx
CoTaskMemRealloc
CoLoadLibrary
CoFreeLibrary

oleaut32

SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocString
VariantClear
VariantInit
SysFreeString
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo
VarUI4FromStr

shlwapi

PathFindFileNameW
PathFileExistsW
PathStripPathW
PathIsDirectoryEmptyW
PathRemoveFileSpecW
ord176
PathAppendW
wnsprintfW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

psapi

GetModuleFileNameExW
GetModuleBaseNameW
GetProcessImageFileNameW
EnumProcessModules

wininet

InternetGetCookieExW
InternetGetCookieW
InternetSetCookieW
InternetSetCookieExW

urlmon

URLDownloadToFileW

Exports

Exports

AddToFirewall
AsynDownload
AsynGetAndWriteHardwareInfo
AsynIPControlDownload
ChangeCacheACL
CheckAndRenameFiles
CheckDeleteUserDataFlag
CheckDownload
CheckExclude360
CheckExcludeProcess
CheckIPControlDownload
CheckInstallPath
CheckInstallType
CheckIsWindows10OrGreater
CheckIsWindows7OrGreater
CheckModuleUsing
CheckRunUIFlag
ClearP2PCache
ClearSSOConfig
CreateBitmapCtrl
CreateDiskShortCut
CreatePath
DeleteConnectTypeFile
DeleteDiskShortCut
DeleteInstalledToBrowserCookie
DeleteOldDirectory
DeleteTencentVideoLibraryShortcut
DeleteUserDesktopIcon
Destroy
ExcuteAsExplorer
ExcuteAsParent
ExitQQLiveServiceProcess
FindProcessByName
GetChannelFormIECookie
GetCheckBoxStatus
GetClipboard
GetCommentsInfo
GetFileVersion
GetGrandParentName
GetOSVersion
GetOriginalFilenameInfo
GetParentProcName
GetProtocalVersion
GetQNASCustomFlag
GetQNFCustomFlag
GetQSCMCustomFlag
GetShortCutOfApplicationInDirectory
GetUrlEncode
GetUserGUID
GetUserGUID2
HasUserAborted
InitFirewallInterface
InvokeShellVerb
IsProcRunning
JoinExCommandLine
KillProcByID
KillProcByName
KillProcByNameAndWait
KillProcByNameAndWait2
KillProcByPath
KillProcByPathAndWait
LockIEMainPage
ModifyDirPage
OpenFirewall
OpenFirewallWithoutInit
OpenUrlByDefaultBrowser
ParseCmdLine
PinOrUnpinStartMenuIcon
PinOrUnpinStartScreenIcon
PinOrUnpinTaskBarIcon
PopupTipBesideShortcut
RegMultiSzEdit
RegisterQQLiveProtocal
RemoveFirewall
RemoveFirewallWithoutInit
RemoveFromFirewall
SetCompletionRate
SetCtrlFontTitle
SetIEMainPage
SetInstallPath
SetInstallProgress
Show
ShowMsgBox
SvcUninstall
UnRegisterQQLiveProtocal
UnRegisterQQLiveService
UninitFirewallInterface
UnloadMatrixDriver
Update
UpdateAppData
WordFindHelper
WriteBootAutoRun
WriteConnectTypeFile
WriteHardInfoInRegForCheck
WriteInstalledToBrowserCookie
WriteQEACFlag
WriteQNASCustomFlag
WriteQNFCustomFlag
WriteQNMNFlag
WriteQNPSFlag
WriteQSCMCustomFlag
WriteUnistFlag
WriteVerInfo
free_instfilespage_bitmap
getWindow
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 800KB - Virtual size: 799KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Statistics.exe
.exe windows:4 windows x86 arch:x86

a7085fa0cd258025616ce75726437c0e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:e8:9c:46:c3:53:9a:d7:e6:54:41:01:ae:79:db:83:5a:fe:3e:2b:e7:4f:d7:07:1d:e8:ba:35:41:9c:c5:3c
Signer

Actual PE Digest

30:e8:9c:46:c3:53:9a:d7:e6:54:41:01:ae:79:db:83:5a:fe:3e:2b:e7:4f:d7:07:1d:e8:ba:35:41:9c:c5:3c

Digest Algorithm

sha256

PE Digest Matches

true

c1:34:36:39:55:df:0e:23:50:6b:7f:b3:28:2e:2c:59:b2:9d:39:8e
Signer

Actual PE Digest

c1:34:36:39:55:df:0e:23:50:6b:7f:b3:28:2e:2c:59:b2:9d:39:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\aaronymhe\mygit\TencentVideoWindows_develop\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetVersionExW
GetSystemDirectoryW
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
GetCurrentThreadId
GlobalMemoryStatus
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
FlushConsoleInputBuffer
GetLastError
SizeofResource
LockResource
LoadResource
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
OutputDebugStringW
GetProcAddress
FreeLibrary
CopyFileW
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetFilePointer
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
FindResourceW
FindResourceExW
GetFileAttributesW
GetFileAttributesExW
WideCharToMultiByte
lstrlenW
lstrlenA
GetTimeFormatA
ReadFile
GetConsoleCP
GetModuleFileNameA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
InterlockedExchange
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
MultiByteToWideChar

user32

MessageBoxA
UnregisterClassA
GetDC
GetUserObjectInformationW
SendMessageTimeoutW
LoadStringW
ReleaseDC
EnumDisplayDevicesW
GetProcessWindowStation

gdi32

GetDeviceCaps
AddFontResourceW
GetDIBits
GetObjectA
DeleteObject
CreateCompatibleBitmap
RemoveFontResourceW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringByteLen
GetErrorInfo
VariantChangeType
VariantClear
SysStringLen
SysFreeString
VariantInit
SetErrorInfo
CreateErrorInfo

shlwapi

PathRemoveFileSpecW
PathFileExistsW
StrToIntW
PathAppendW

ws2_32

htonl
ntohl
WSAGetLastError
WSACleanup
inet_ntoa
gethostbyname
ntohs
recvfrom
__WSAFDIsSet
select
closesocket
htons
inet_addr
socket
sendto
WSAStartup

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW
InternetSetCookieExW
InternetSetCookieW
InternetSetOptionW
HttpSendRequestW
InternetWriteFile
DeleteUrlCacheEntryW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW
CryptQueryObject

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 896KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab
Signer

Actual PE Digest

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab

Digest Algorithm

sha256

PE Digest Matches

true

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0
Signer

Actual PE Digest

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioC.ini
$TEMP/Statistics.exe
.exe windows:4 windows x86 arch:x86

a7085fa0cd258025616ce75726437c0e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11/10/2018, 00:00

Not After

02/02/2020, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

30:e8:9c:46:c3:53:9a:d7:e6:54:41:01:ae:79:db:83:5a:fe:3e:2b:e7:4f:d7:07:1d:e8:ba:35:41:9c:c5:3c
Signer

Actual PE Digest

30:e8:9c:46:c3:53:9a:d7:e6:54:41:01:ae:79:db:83:5a:fe:3e:2b:e7:4f:d7:07:1d:e8:ba:35:41:9c:c5:3c

Digest Algorithm

sha256

PE Digest Matches

true

c1:34:36:39:55:df:0e:23:50:6b:7f:b3:28:2e:2c:59:b2:9d:39:8e
Signer

Actual PE Digest

c1:34:36:39:55:df:0e:23:50:6b:7f:b3:28:2e:2c:59:b2:9d:39:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\aaronymhe\mygit\TencentVideoWindows_develop\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetVersionExW
GetSystemDirectoryW
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
GetCurrentThreadId
GlobalMemoryStatus
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
FlushConsoleInputBuffer
GetLastError
SizeofResource
LockResource
LoadResource
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
OutputDebugStringW
GetProcAddress
FreeLibrary
CopyFileW
GetTickCount
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetFilePointer
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
FindResourceW
FindResourceExW
GetFileAttributesW
GetFileAttributesExW
WideCharToMultiByte
lstrlenW
lstrlenA
GetTimeFormatA
ReadFile
GetConsoleCP
GetModuleFileNameA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
InterlockedExchange
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
MultiByteToWideChar

user32

MessageBoxA
UnregisterClassA
GetDC
GetUserObjectInformationW
SendMessageTimeoutW
LoadStringW
ReleaseDC
EnumDisplayDevicesW
GetProcessWindowStation

gdi32

GetDeviceCaps
AddFontResourceW
GetDIBits
GetObjectA
DeleteObject
CreateCompatibleBitmap
RemoveFontResourceW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderLocation
CommandLineToArgvW
ord680
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysAllocString
SysStringByteLen
GetErrorInfo
VariantChangeType
VariantClear
SysStringLen
SysFreeString
VariantInit
SetErrorInfo
CreateErrorInfo

shlwapi

PathRemoveFileSpecW
PathFileExistsW
StrToIntW
PathAppendW

ws2_32

htonl
ntohl
WSAGetLastError
WSACleanup
inet_ntoa
gethostbyname
ntohs
recvfrom
__WSAFDIsSet
select
closesocket
htons
inet_addr
socket
sendto
WSAStartup

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW
InternetSetCookieExW
InternetSetCookieW
InternetSetOptionW
HttpSendRequestW
InternetWriteFile
DeleteUrlCacheEntryW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CryptMsgGetParam
CertCloseStore
CryptMsgClose
CertFreeCertificateContext
CertCreateCertificateContext
CertGetNameStringW
CryptQueryObject

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 896KB - Virtual size: 892KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

a1:43:84:17:42:6f:db:2e:ce:15:38:84:1f:b8:81:24:00:01:b9:c5:d6:43:aa:c0:d3:38:69:bc:a2:c5:32:5eSigner

90:10:5c:3f:d8:6e:f7:52:fa:c0:27:46:de:15:c4:84:dc:9d:1e:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 228KB

.rsrc Size: 287KB - Virtual size: 286KB

958fd0e15bfae528ef0e399f7f7f4cd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

38:6f:db:f2:46:fc:f6:12:55:6c:9b:ff:10:69:16:a5:ab:14:d5:f2:dd:ae:8f:ad:38:7e:63:a4:96:31:fa:14Signer

a7:7d:15:07:e5:f7:e3:49:00:02:72:34:d8:0e:ca:dd:df:0f:56:feSigner

Headers

File Characteristics

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

a1:43:84:17:42:6f:db:2e:ce:15:38:84:1f:b8:81:24:00:01:b9:c5:d6:43:aa:c0:d3:38:69:bc:a2:c5:32:5e
Signer

90:10:5c:3f:d8:6e:f7:52:fa:c0:27:46:de:15:c4:84:dc:9d:1e:0a
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 228KB

.rsrc
Size: 287KB - Virtual size: 286KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

38:6f:db:f2:46:fc:f6:12:55:6c:9b:ff:10:69:16:a5:ab:14:d5:f2:dd:ae:8f:ad:38:7e:63:a4:96:31:fa:14
Signer

a7:7d:15:07:e5:f7:e3:49:00:02:72:34:d8:0e:ca:dd:df:0f:56:fe
Signer

.text
Size: 260KB - Virtual size: 257KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 884B

.reloc
Size: 16KB - Virtual size: 12KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

4e:65:d2:7b:4c:ea:97:cd:93:de:15:9d:0e:cc:11:a2:e4:31:8d:52:06:97:a4:df:f0:c9:25:af:69:2a:af:54
Signer

8f:c6:a0:e4:fe:67:2d:03:06:13:66:c7:ce:c1:da:b3:44:1c:b4:46
Signer