6bbf8fb5f4beebeae4bb38b6391b5765_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6bbf8fb5f4beebeae4bb38b6391b5765_JaffaCakes118
Size

10.5MB
MD5

6bbf8fb5f4beebeae4bb38b6391b5765
SHA1

15b4bd2d69d58284a20cb209c7d5e4536e740ba1
SHA256

aa6ba88663d7ef7f4089beae13e9eccb9d1f750df2f39f9b8335bb0c2c7ba791
SHA512

d1c7628755ffa6d44de8cfd10ee3a96c3d501a85915cb818db5e061f741cdc84a290be019a75a7533d94b0fdf4127463100eb5710c56077aa4c55e35f60802e1
SSDEEP

196608:GFGA2JPv9MPWA6LRDDyNRzeHcugpOILYVBIhNzacpVM0Zr:lPv46LoBju/ILYVWhfPMar

Score

3^/10

Malware Config

Signatures

Unsigned PE 50 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/StdUtils.dll
unpack002/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/FindProcDLL.dll
unpack003/$PLUGINSDIR/KillProcDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/inetc.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack001/CfgDown.dll
unpack001/ClearEnv.exe
unpack001/IconFile.exe
unpack001/Middleware.dll
unpack001/ResourceTopology.dll
unpack001/SafeLoad.exe
unpack001/XHTMLAI.dll
unpack001/asdll.dll
unpack001/boxReport.dll
unpack001/charging.exe
unpack001/checkReport.dll
unpack001/dropreport.dll
unpack001/gamebox.exe
unpack001/hotpatch.exe
unpack001/icoProxy.exe
unpack001/mkbrowserpreload.exe
unpack001/repage36.exe
unpack001/svrReport.exe
unpack001/wzBussInject.exe
unpack001/wzHardReport.dll
unpack001/wzIex64.dll
unpack001/wzIex86.dll
unpack001/wzPlatformReport.dll
unpack001/wzReportx64.dll
unpack001/wzReportx86.dll
unpack001/wzSearchEngines.dll
unpack001/wzSysMonDll.dll
unpack001/wzconhost.exe
unpack001/wzdesk.exe
unpack001/wzdesktop.dll
unpack001/xypreloadgame.dll
unpack004/$PLUGINSDIR/FindProcDLL.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/KillProcDLL.dll
unpack004/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/FindProcDLL.dll
unpack005/$PLUGINSDIR/KillProcDLL.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/inetc.dll
unpack005/$PLUGINSDIR/nsDialogs.dll

NSIS installer 8 IoCs

installer

resource	yara_rule
static1/unpack001/3Dbt.exe	nsis_installer_1
static1/unpack001/3Dbt.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2
static1/unpack001/zhmq.exe	nsis_installer_1
static1/unpack001/zhmq.exe	nsis_installer_2
static1/unpack004/uninst.exe	nsis_installer_1
static1/unpack004/uninst.exe	nsis_installer_2

Files

6bbf8fb5f4beebeae4bb38b6391b5765_JaffaCakes118
.7z
3Dbc.exe
.exe windows:5 windows x86 arch:x86

068e086290d4b3725133232c84864d94

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

17/04/2018, 08:20

Not After

18/05/2027, 08:20

Subject

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:c4:e0:08:96:39:83:54:98:19:7c:ba:61:7a:41:15
Certificate

Issuer

CN=WoTrus Code Signing CA,O=WoTrus CA Limited,C=CN

Not Before

19/12/2018, 13:11

Not After

18/12/2021, 13:11

Subject

CN=重庆宅启科技有限公司,O=重庆宅启科技有限公司,L=重庆市,ST=重庆市,C=CN,1.2.840.113549.1.9.1=#0c147a687563686531323334406b646c36382e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:cb:4b:72:41:95:ba:53:51:af:3b:3b:88:a5:78:26:7b:3c:6f:a1:4a:77:31:6c:34:cc:32:0d:cd:92:32:9d
Signer

Actual PE Digest

ab:cb:4b:72:41:95:ba:53:51:af:3b:3b:88:a5:78:26:7b:3c:6f:a1:4a:77:31:6c:34:cc:32:0d:cd:92:32:9d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
CreateProcessW
GetCurrentDirectoryW
Sleep
lstrcmpiW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
MoveFileW
CreateMutexW
SetEvent
WaitForSingleObject
OutputDebugStringW
WideCharToMultiByte
GetTickCount
GetProcAddress
LoadLibraryW
TerminateProcess
FreeResource
LockResource
QueryPerformanceCounter
QueryPerformanceFrequency
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCurrentProcessId
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
lstrcatW
GetModuleHandleA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
ReadFile
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetModuleFileNameA
GetStdHandle
HeapCreate
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
GetStartupInfoW
ExitProcess
HeapReAlloc
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
CreateThread
ExitThread
RtlUnwind
VirtualQuery
GetSystemInfo
VirtualProtect
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
SetThreadPriority
SetLastError
GetCurrentThreadId
InterlockedIncrement
GetModuleFileNameW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetLastError
DeleteCriticalSection
InitializeCriticalSection
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
DeleteFileW
FindNextFileW
FindClose
GetFileSize
SetFilePointer
MultiByteToWideChar
lstrlenA
MulDiv
GlobalAlloc
GlobalLock
CreateFileW
WriteFile
GlobalUnlock
GlobalFree
CloseHandle
lstrlenW
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetTimeZoneInformation

user32

GetDC
GetKeyState
InvalidateRect
ShowWindow
PostMessageW
SendMessageW
CreateWindowExW
GetWindowLongW
SetWindowLongW
GetClientRect
GetWindowRect
MoveWindow
IsWindowVisible
SetWindowTextW
EndDialog
SetWindowsHookExW
ScreenToClient
CallNextHookEx
AdjustWindowRect
UpdateLayeredWindow
AdjustWindowRectEx
UpdateWindow
GetDlgItem
MessageBoxW
IsDialogMessageW
SetWindowPos
MapWindowPoints
GetMonitorInfoW
MonitorFromWindow
GetWindow
GetParent
ReleaseDC
SetCursor
LoadCursorW
UnregisterHotKey
DestroyWindow
LoadMenuW
DestroyMenu
MonitorFromPoint
LoadImageW
GetForegroundWindow
TrackPopupMenu
GetSubMenu
DefWindowProcW
FillRect
GetActiveWindow
SetForegroundWindow
SetMenuDefaultItem
GetCursorPos
BeginPaint
EndPaint
GetSystemMetrics
IsWindowEnabled
GetMenu
TranslateMessage
DispatchMessageW
GetMessageW
LoadStringW
DialogBoxParamW
CreateDialogParamW
UnhookWindowsHookEx
SystemParametersInfoW
RegisterHotKey
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
PostQuitMessage
CreateAcceleratorTableW
RegisterClassExW
GetClassInfoExW
IsWindow
GetFocus
SetFocus
DestroyAcceleratorTable
GetDesktopWindow
CallWindowProcW
ReleaseCapture
GetClassNameW
IsChild
SetCapture
RedrawWindow
InvalidateRgn
ClientToScreen
CharNextW
GetSysColor
UnregisterClassA

gdi32

SetBkMode
SetTextColor
ExtTextOutW
CreateFontIndirectW
SelectObject
StretchBlt
CreateDCW
GetDeviceCaps
DeleteDC
GetObjectW
SelectPalette
RealizePalette
GetDIBits
GetStockObject
DeleteObject
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
GetTextMetricsW
CreateBitmap
CreateCompatibleDC
DPtoLP

advapi32

RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

Shell_NotifyIconW
SHChangeNotify
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocString
VariantClear
SysFreeString
SysStringLen
VarUI4FromStr

comctl32

InitCommonControlsEx
_TrackMouseEvent

msimg32

TransparentBlt

wininet

InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetGetConnectedState
InternetOpenW
InternetOpenUrlW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW

Sections

.text
Size: 330KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
3Dbt.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/01/2019, 00:00

Not After

02/02/2020, 23:59

Subject

CN=淮安涂呦呦信息科技有限公司,OU=IT DEPT,O=淮安涂呦呦信息科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:6d:50:46:d5:c3:5c:fe:0e:37:c0:13:78:fe:92:ca:14:b5:fb:f6
Signer

Actual PE Digest

25:6d:50:46:d5:c3:5c:fe:0e:37:c0:13:78:fe:92:ca:14:b5:fb:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

ea9b3ea5cd9e2014ad3724e31f62cf5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

isspace
_msize
??2@YAPAXI@Z
iscntrl
isalpha
sscanf
abort
_beginthreadex
time
srand
rand
strncpy
isalnum
strchr
__getmainargs
_strnicmp
_stricmp
??3@YAXPAX@Z
calloc
free
_wcsicmp
_snprintf
memset
memcpy

shlwapi

ord176

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersion
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
DeleteCriticalSection
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetCommandLineA
GetVersionExA
GetFileAttributesA
LoadLibraryW
GetModuleHandleW
FreeLibrary
CloseHandle
GetFileSizeEx
ReadFile
WriteFile
GlobalAlloc
lstrcpynA
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetLastError
LocalAlloc
LocalFree
CreateFileA
SetFilePointerEx
MultiByteToWideChar

user32

MessageBoxW
RegisterClassA
DispatchMessageA
UnregisterClassA
AllowSetForegroundWindow
SetTimer
DestroyWindow
wsprintfA
GetWindowThreadProcessId
LoadStringW
MessageBoxA
MsgWaitForMultipleObjects
KillTimer
PeekMessageA
CreateWindowExA

shell32

ShellExecuteExA
SHFileOperationA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

Exports

Exports

AppendToFile
DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
ParameterCnt
ParameterStr
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
config.dll
.dll windows:5 windows x86 arch:x86

ec04767df02d0f5e543bd9bd399afce1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/01/2019, 00:00

Not After

02/02/2020, 23:59

Subject

CN=淮安涂呦呦信息科技有限公司,OU=IT DEPT,O=淮安涂呦呦信息科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:4c:a7:b4:28:81:8a:91:ba:50:2b:26:23:e0:68:f0:54:76:a3:53
Signer

Actual PE Digest

1e:4c:a7:b4:28:81:8a:91:ba:50:2b:26:23:e0:68:f0:54:76:a3:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\37Work\pc_code\lander_dll\wulin\04代码\bin\config.pdb

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
WideCharToMultiByte
OutputDebugStringW
InterlockedExchange
FreeResource
GlobalFree
Sleep
CreateEventW
SetEvent
CreateFileW
WriteFile
DeleteFileW
GetTickCount
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
CreateDirectoryW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LockResource
FindResourceExW
GetCommandLineW
CreateProcessW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
ResumeThread
TerminateThread
GetExitCodeThread
CloseHandle
WaitForSingleObject
IsBadWritePtr
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
Process32NextW
InitializeCriticalSection

user32

PtInRect
GetClientRect
ShowWindow
DefWindowProcW
UpdateWindow
ClientToScreen
IsChild
MessageBoxW
GetWindowRect
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
RegisterClassExW
LoadCursorW
LoadIconW
DestroyWindow
CharNextW
LoadMenuW
GetSubMenu
RemoveMenu
DestroyMenu
TrackPopupMenu
GetCursorPos
PostMessageW
GetAsyncKeyState
MoveWindow
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
ScreenToClient
GetParent
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
PostQuitMessage
GetKeyState
LoadStringW
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetForegroundWindow
IsWindowVisible
LoadImageW
UnregisterClassA
SetCursor
OffsetRect
DrawTextW
InflateRect
IsIconic
SetWindowRgn
SystemParametersInfoW

gdi32

StretchBlt
CreateRoundRectRgn
CreateFontW
SetTextColor
SetBkMode
SetDIBColorTable
CreateDIBSection
SelectObject
CreateSolidBrush
GetStockObject
GetDeviceCaps
GetObjectW
BitBlt
RestoreDC
CreateCompatibleBitmap
SetBkColor
DeleteDC
DeleteObject
CreateCompatibleDC
SaveDC

advapi32

RegCreateKeyExW
RegQueryValueExW
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData

shlwapi

PathFileExistsW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

msvcp90

?uncaught_exception@std@@YA_NXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdiplusShutdown
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipDrawImageI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdiplusStartup

msvcr90

??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
_itoa
free
malloc
memcpy_s
_recalloc
wcsncpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_beginthreadex
swprintf_s
_vscwprintf
vswprintf_s
_localtime64_s
_time64
wcsftime
_purecall
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_resetstkoflw
_unlock
_CxxThrowException
__CxxFrameHandler3
memset
strpbrk
sprintf_s
sscanf
isalnum
wcscpy_s
wcscat_s
_wcsicmp
_wcslwr_s
_snwprintf_s
memmove
atoi
??3@YAXPAX@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo

Exports

Exports

StartLander

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 468KB - Virtual size: 467KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
dwqjh_wqed.exe
.exe windows:5 windows x86 arch:x86

2ce3a028f67b8cd50455db6ac7115c66

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/01/2019, 00:00

Not After

02/02/2020, 23:59

Subject

CN=淮安涂呦呦信息科技有限公司,OU=IT DEPT,O=淮安涂呦呦信息科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:95:05:81:77:6b:49:f5:3a:ef:e5:22:42:9a:d1:ef:44:d1:e2:d1
Signer

Actual PE Digest

d9:95:05:81:77:6b:49:f5:3a:ef:e5:22:42:9a:d1:ef:44:d1:e2:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\37Work\pc_code\lander_dll\wulin\04代码\bin\lander.pdb

Imports

kernel32

GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

DialogBoxParamW
EndDialog
EndPaint
BeginPaint
DefWindowProcW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
PostQuitMessage
LoadStringW
DestroyWindow

msvcr90

?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_onexit
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_initterm_e
_unlock
__dllonexit
_lock

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fancysetup.exe
.exe windows:5 windows x86 arch:x86

2bca1372d9ae6e1c5ddad358699a3352

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:3f:8e:47:81:65:ff:55:34:17:b8:d7:5a:f4:77:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/04/2015, 00:00

Not After

14/05/2017, 23:59

Subject

CN=Hongfeng Hengyu (Beijing) Tech Ltd.,OU=Technical Department,O=Hongfeng Hengyu (Beijing) Tech Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:3f:8e:47:81:65:ff:55:34:17:b8:d7:5a:f4:77:88
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

15/04/2015, 00:00

Not After

14/05/2017, 23:59

Subject

CN=Hongfeng Hengyu (Beijing) Tech Ltd.,OU=Technical Department,O=Hongfeng Hengyu (Beijing) Tech Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d1:67:b5:bf:c1:c9:34:ed:7b:17:16:37:e1:4e:71:01:cf:fc:2e:24:bb:86:a9:d4:eb:97:73:6d:81:03:44:e1
Signer

Actual PE Digest

d1:67:b5:bf:c1:c9:34:ed:7b:17:16:37:e1:4e:71:01:cf:fc:2e:24:bb:86:a9:d4:eb:97:73:6d:81:03:44:e1

Digest Algorithm

sha256

PE Digest Matches

true

86:8e:38:62:7f:f7:66:81:30:87:2d:c6:92:5b:0f:97:af:62:e0:4f
Signer

Actual PE Digest

86:8e:38:62:7f:f7:66:81:30:87:2d:c6:92:5b:0f:97:af:62:e0:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\fancy-3d\Output\Fancy3DSetup.pdb

Imports

kernel32

IsDebuggerPresent
GetLocalTime
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeCriticalSection
ReleaseSemaphore
GetLastError
ResetEvent
CreateSemaphoreW
CreateEventW
CloseHandle
GetFileAttributesW
SetFileAttributesW
CreateDirectoryW
GetUserDefaultUILanguage
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetProcessHeap
CreateFileW
SetEndOfFile
GetFileSizeEx
SetFilePointerEx
ReadFile
WriteFile
FlushFileBuffers
LoadLibraryA
HeapReAlloc
OutputDebugStringW
GetCommandLineA
GetStartupInfoA
GetSystemTimeAsFileTime
ExitThread
CreateThread
SetUnhandledExceptionFilter
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
GetTickCount
RaiseException
TerminateProcess
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
DuplicateHandle
HeapFree
GetProcAddress
GetModuleHandleW
CreateProcessA
GetCurrentProcess

user32

MessageBoxW

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

b76363e9cb88bf9390860da8e50999d2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

03/01/2019, 00:00

Not After

02/02/2020, 23:59

Subject

CN=淮安涂呦呦信息科技有限公司,OU=IT DEPT,O=淮安涂呦呦信息科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:a4:53:53:7e:92:2a:fd:c0:a2:8e:05:c0:1b:57:cb:07:11:d1:04
Signer

Actual PE Digest

09:a4:53:53:7e:92:2a:fd:c0:a2:8e:05:c0:1b:57:cb:07:11:d1:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
Sleep
lstrcmpiA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
lstrlenA
GetCommandLineA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WizModernImage.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

f03b2bab186574d8892d3d73fa9fd3fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
lstrcpyA
GetCurrentDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
GetProcessHeap

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
MapWindowPoints
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
RemovePropA
DrawFocusRect
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CfgDown.dll
.dll windows:6 windows x86 arch:x86

7316b1fea4626d4301893ae379ec618d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\Visual Studio 2013\Projects\CfgDown\Release\CfgDown.pdb

Imports

kernel32

GlobalFindAtomW
OpenFileMappingW
MapViewOfFile
OutputDebugStringA
UnmapViewOfFile
CloseHandle
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
LoadLibraryA
CreateThread
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
InitializeCriticalSectionEx
RaiseException
GetLastError
LockResource
DecodePointer
OpenFileMappingA
GetModuleFileNameA
CreateFileA
WriteFile
IsDebuggerPresent
OutputDebugStringW
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
CompareStringW
GetStringTypeW
SetFilePointerEx
EncodePointer
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
GetModuleFileNameW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA

ws2_32

WSAStartup
recv
WSAGetLastError
WSACleanup
connect
htons
socket
inet_addr
send

Sections

.text
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ClearEnv.exe
.exe windows:6 windows x86 arch:x86

66c190594f351f6bfe8e831cff9c3223

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkCore\zhangbin\VC\ClearEnv\trunk\Release\ClearEnv.pdb

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
ExpandEnvironmentStringsA
FindNextFileA
FindClose
GetCurrentProcessId
CreateJobObjectA
AssignProcessToJobObject
SetInformationJobObject
Sleep
LoadLibraryA
CopyFileA
SetErrorMode
ExitProcess
LocalFree
WriteFile
GetCurrentProcess
CreateProcessA
UnmapViewOfFile
OutputDebugStringA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetModuleHandleA
GetProcAddress
HeapSize
HeapReAlloc
HeapDestroy
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
FormatMessageA
LocalAlloc
VirtualProtectEx
TerminateProcess
GetExitCodeThread
SetLastError
ReadProcessMemory
WriteProcessMemory
ResumeThread
WaitForSingleObject
DuplicateHandle
GetTickCount
lstrcpyW
lstrlenW
GetModuleFileNameW
CreateProcessW
GetSystemDirectoryW
GetCurrentDirectoryW
GetFileAttributesW
lstrcmpiA
GetWindowsDirectoryW
GetVersion
GetModuleHandleW
VirtualAlloc
VirtualFree
lstrcpyA
lstrcatA
lstrlenA
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
CreateFileMappingW
OpenFileMappingW
VirtualQuery
GetModuleFileNameA
CreateFileW
VirtualProtect
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
CreateRemoteThread
GetCurrentThread
GetCurrentThreadId
LoadLibraryW
DeviceIoControl
InterlockedIncrement
FlushInstructionCache
ExitThread
InitializeCriticalSection
ReleaseMutex
GetThreadContext
GetSystemTimeAsFileTime
AreFileApisANSI
GetCommandLineA
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetModuleHandleExW
GetStdHandle
GetFileType
MoveFileExW
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FlushFileBuffers
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
ReadConsoleW
SetStdHandle
WriteConsoleW
SetEndOfFile
FindFirstFileA
DeleteFileA
CreateFileA
DecodePointer
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
WideCharToMultiByte
GetVersionExW
MultiByteToWideChar

user32

GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationA

advapi32

StartServiceW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
RegSetValueExW
ChangeServiceConfigW
CloseServiceHandle
ControlService
RegOpenKeyExW
CreateServiceW
DeleteService
OpenSCManagerW
OpenServiceW
RegOpenKeyA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
RegSetValueExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
QueryServiceConfigW
QueryServiceStatus

ole32

CoInitialize
CoUninitialize
CoCreateInstance

Sections

.text
Size: 334KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IconFile.exe
.exe windows:5 windows x86 arch:x86

a48060abd21decaef520b237107d8f66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hangzhou\desktopFile\trunk\Release\desktopFile.pdb

Imports

kernel32

WaitForSingleObjectEx
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
CloseHandle
DecodePointer
SetEvent
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
Sleep
CreateEventA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetSystemInfo
GlobalAddAtomA
WriteConsoleW
SetStdHandle
FlushFileBuffers
GetStringTypeW
LCMapStringW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetCPInfo
GetOEMCP
GetACP
LocalFree
FormatMessageA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
RtlUnwind
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
SetLastError
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
CreateFileW

user32

GetSystemMetrics
LoadStringA

shell32

ShellExecuteA

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

htons
inet_addr
WSAStartup
ntohl
htonl
sendto
socket

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KDConfig.ini
Middleware.dll
.dll windows:6 windows x86 arch:x86

8ba9e11736b6fe2e872508104652d462

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\users\administrator\documents\visual studio 2013\Projects\Middleware\Release\Middleware.pdb

Imports

kernel32

Sleep
HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
OutputDebugStringA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
GetModuleFileNameA
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
TryEnterCriticalSection
CreateSemaphoreW
CloseHandle
WaitForSingleObjectEx
ReleaseSemaphore
InterlockedIncrement
InterlockedDecrement
SetEndOfFile
CreateFileW
VirtualQuery
SetStdHandle
FreeLibrary
CreateDirectoryW
OutputDebugStringW
LoadLibraryExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
WriteFile
FlushFileBuffers
GetCurrentDirectoryW
SetFilePointerEx
EncodePointer
MultiByteToWideChar
GetStringTypeW
ReadFile
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
GetCurrentThreadId
RtlUnwind
GetStdHandle
GetFileType
GetModuleFileNameW
GetModuleHandleExW
WriteConsoleW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsDebuggerPresent
ExitProcess
AreFileApisANSI
GetConsoleMode
ReadConsoleW

xhtmlai

ord5
ord22
ord20
ord25
ord7
ord8
ord6
ord1
ord11
ord2
ord10
ord3
ord23
ord4
ord24
ord17
ord19
ord14
ord21
ord15
ord16
ord9

Exports

Exports

asAcquireExclusiveLock
asAcquireSharedLock
asAllocMem
asAtomicDec
asAtomicInc
asCreateLockableSharedBool
asCreateScriptEngine
asFreeMem
asGetActiveContext
asGetLibraryOptions
asGetLibraryVersion
asGetThreadManager
asPrepareMultithread
asReleaseExclusiveLock
asReleaseSharedLock
asResetGlobalMemoryFunctions
asSetGlobalMemoryFunctions
asThreadCleanup
asUnprepareMultithread

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 530KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ResourceTopology.dll
.dll windows:6 windows x86 arch:x86

b23c68bb7790e9f2ea14b498fc8b57e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Documents\Visual Studio 2013\Projects\ResourceTopology\Release\ResourceTopology.pdb

Imports

kernel32

HeapAlloc
GetProcessHeap
Sleep
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
GetLastError
GetProcAddress
CreateFileA
InitializeCriticalSectionEx
RaiseException
DecodePointer
CloseHandle
HeapFree
CreateDirectoryA
OutputDebugStringA
SetFilePointer
WriteFile
MapViewOfFile
UnmapViewOfFile
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
MultiByteToWideChar
OpenFileMappingA
SetEvent
CreateEventA
CreateSemaphoreA
CreateThread
SetThreadPriority
ReleaseSemaphore
WaitForMultipleObjects
GetTickCount
IsDebuggerPresent
OutputDebugStringW
CreateFileW
FlushFileBuffers
HeapReAlloc
HeapSize
HeapDestroy
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
GetModuleFileNameA
LocalAlloc
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
CompareStringW
SetEnvironmentVariableA
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
GetStdHandle
GetTimeZoneInformation
GetCPInfo
EncodePointer
ExitThread
ResumeThread
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsValidCodePage
GetACP
GetOEMCP

crypt32

CertCloseStore
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertFreeCertificateContext
CryptDecodeObject
CertGetNameStringA
CryptMsgClose

ws2_32

send
connect
inet_addr
accept
ntohl
listen
sendto
bind
htonl
setsockopt
htons
WSAGetLastError
socket
WSACleanup
closesocket
WSAStartup
inet_ntoa
recv
recvfrom

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

rpcrt4

UuidCreate

netapi32

Netbios

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SafeLoad.exe
.exe windows:6 windows x86 arch:x86

7865bde2fef5afebf030f64daad33afb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Desktop\下载包\wzFlowSafeLoad2019_3_2\Release\wzFlowSafeLoad.pdb

Imports

advapi32

CloseServiceHandle
OpenSCManagerW
CreateServiceA
StartServiceA
OpenServiceA

kernel32

CreateFileA
DeviceIoControl
CloseHandle
FindResourceA
LoadResource
SizeofResource
WriteFile
OutputDebugStringA
GetFileSize
ReadFile
GetModuleFileNameA
GetTempPathA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
RaiseException
RtlUnwind
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapSize
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XHTMLAI.dll
.dll windows:5 windows x86 arch:x86

b1367580764db3634c98ce7001ac68f0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\test\HttpTest\Release\XHTMLAI.pdb

Imports

kernel32

DeviceIoControl
GetLastError
Sleep
OutputDebugStringA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetSystemInfo
GetVersionExA
FreeResource
CloseHandle
WriteFile
CreateFileA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FindResourceExA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetSystemTimeAsFileTime
WideCharToMultiByte

advapi32

StartServiceA
CreateServiceA
CloseServiceHandle
OpenServiceA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
OpenSCManagerA

msvcr90

__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_vsnprintf
_malloc_crt
_encoded_null
_initterm
_unlock
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
memset
?what@exception@std@@UBEPBDXZ
free
printf
_initterm_e
??0exception@std@@QAE@ABV01@@Z
_mbsinc
_invalid_parameter_noinfo
_mbslwr_s
_mbschr
_mbsstr
sprintf
??_V@YAXPAX@Z
??_U@YAPAXI@Z
strchr
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove_s
memcpy_s
??3@YAXPAX@Z
_ismbcspace
__CxxFrameHandler3
_CxxThrowException
memcpy

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CertAddCertificateContextToStore
CertOpenStore
CertCloseStore

Exports

Exports

AddBlackProc
AddKey
AddProc
AddReply
AddUrlRule
AddWhiteDomain
AddWriteProc
Cleanup
Clear
ClearDomain
ClearGlobalProc
ClearProcess
ClearRecord
ClearRule
ClearUrlRule
DeleteAContext
DeleteContext
DeleteKey
DeleteValue
GetRecord
InsertContext
SSLTrunOff
SSLTurnOn
Startup
TurnOnOffRecord

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
asdll.dll
.dll windows:5 windows x86 arch:x86

61340176e952c82c683e2e52167be45c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Project\Visual Studio 2013\asdll\Release\asdll.pdb

Imports

kernel32

SizeofResource
HeapFree
GetCurrentProcess
WriteFile
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
UnmapViewOfFile
HeapSize
Sleep
GetLastError
CreateFileA
SetEvent
LoadLibraryA
LockResource
DeleteFileA
HeapReAlloc
CloseHandle
ReadFile
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
GetFileSize
DeleteCriticalSection
GetProcessHeap
OpenFileMappingA
CreateProcessA
CreateEventA
MapViewOfFile
SetEndOfFile
WriteConsoleW
AreFileApisANSI
WideCharToMultiByte
RaiseException
CreateFileW
SetStdHandle
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
ReleaseSemaphore
OpenEventA
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
SetLastError
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
CreateThread
ExitThread
FreeLibraryAndExitThread
LCMapStringW
GetStdHandle
GetFileType
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
CreateDirectoryW
GetFileAttributesExW
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage

advapi32

LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges

ws2_32

gethostbyname
shutdown
WSAStartup
inet_addr
closesocket
socket
connect
recv
htons
send

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
boxReport.dll
.dll windows:6 windows x86 arch:x86

9101da38b4277fff69678bf0a9c19d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\WorkCore\zhangbin\VC\clReport\trunk\Release\commonReport.pdb

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GlobalFindAtomA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
WaitForSingleObjectEx
CreateEventA
SetEvent
GetLastError
LockResource
GetProcAddress
GetModuleHandleA
GetSystemInfo
LoadLibraryA
FormatMessageA
LocalFree
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
Sleep
RaiseException
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
SetStdHandle

user32

GetSystemMetrics

rpcrt4

UuidCreate

ws2_32

ntohl
WSAStartup
inet_addr
socket
htons
sendto
htonl

netapi32

Netbios

iphlpapi

GetAdaptersAddresses

Exports

Exports

Init
ReportData
ReportData2
dReportData

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
business.ini
charging.exe
.exe windows:5 windows x86 arch:x86

a8236c06b02543277168b9352930d252

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\WCLoad\trunk\Release\XCKillLoad.pdb

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteFileA
InitializeCriticalSection
FindResourceA
LoadResource
SizeofResource
WriteFile
GetTempPathA
CloseHandle
GetLastError
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

advapi32

CloseServiceHandle
OpenServiceA
CreateServiceA
OpenSCManagerW
StartServiceA

msvcp90

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr90

rand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
_time64
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_except_handler4_common
_invoke_watson
_controlfp_s
srand
??2@YAPAXI@Z
??3@YAXPAX@Z
__wgetmainargs
__CxxFrameHandler3
memset

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
checkReport.dll
.dll windows:6 windows x86 arch:x86

db084c7e1130d1d46386681e33aa0b32

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\WorkCore\zhangbin\VC\clReport\trunk\Release\commonReport.pdb

Imports

kernel32

UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
WaitForSingleObjectEx
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
SetEvent
Sleep
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
DecodePointer
DeleteCriticalSection
MapViewOfFile
OpenFileMappingA
GetProcAddress
GetModuleHandleA
GetSystemInfo
LoadLibraryA
CreateThread
FormatMessageA
LocalFree
ResumeThread
ResetEvent
ReleaseSemaphore
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
CloseHandle
HeapReAlloc
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
OutputDebugStringW
GetStringTypeW
SetStdHandle
ExitThread

user32

GetSystemMetrics

rpcrt4

UuidCreate

ws2_32

ntohl
WSAStartup
inet_addr
socket
htons
sendto
htonl

netapi32

Netbios

iphlpapi

GetAdaptersAddresses

Exports

Exports

Init
ReportData
ReportData2
dReportData

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dropreport.dll
.dll windows:6 windows x64 arch:x64

32a0a13653913150c119c4a2a80a2e4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\WorkCore\Business\hookCreateProcess\x64\Release\DesktopICORehook.pdb

Imports

kernel32

SetEvent
Sleep
HeapDestroy
InitializeCriticalSectionEx
RaiseException
SetCurrentDirectoryA
GetLastError
HeapSize
LockResource
DecodePointer
GetModuleFileNameA
lstrcatW
DeleteCriticalSection
CloseHandle
HeapFree
CreateEventA
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
RtlUnwindEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetProcAddress
RtlPcToFileHeader
GetStdHandle
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
HeapAlloc
LoadLibraryExW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CreateFileW
OpenEventA
GetModuleHandleA
WaitForSingleObjectEx
ReleaseSemaphore
ResetEvent
ResumeThread
LocalFree
FormatMessageA
GetVersion
LocalAlloc
InitializeCriticalSection
ExitThread
FlushInstructionCache
VirtualFree
MapViewOfFile
UnmapViewOfFile
lstrlenW
CreateFileMappingA
VirtualQuery
ReadProcessMemory
CreateFileMappingW
DuplicateHandle
WaitForSingleObject
CreateRemoteThread
OpenThread
TerminateThread
GetExitCodeThread
GetThreadContext
SetThreadContext
OpenProcess
VirtualProtect
VirtualAllocEx
VirtualFreeEx
VirtualProtectEx
VirtualQueryEx
WriteProcessMemory
LoadLibraryW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
ReleaseMutex
CreateMutexW
OpenMutexW
OpenEventW
GetVersionExW
VirtualAlloc
OpenFileMappingW
lstrcpyA
lstrcatA
lstrlenA
GetWindowsDirectoryW
lstrcpyW
GetProcessHeap
SizeofResource
WideCharToMultiByte
OutputDebugStringW
LoadResource
FindResourceW
FindResourceExW
HeapReAlloc
CreateThread

user32

CloseDesktop
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA

advapi32

AllocateAndInitializeSid
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
FreeSid
GetKernelObjectSecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
GetLengthSid

Exports

Exports

TestFuction

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
gamebox.exe
.exe windows:5 windows x86 arch:x86

aae58c3eb2874b838e007f0fdeac52bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkCore\zhangbin\VC\preloadgame\tag_gamebox\Release\preloadgame.pdb

Imports

kernel32

WideCharToMultiByte
AreFileApisANSI
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetProcAddress
CloseHandle
GetModuleFileNameA
OutputDebugStringA
OpenFileMappingA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
CreateProcessA
SetCurrentDirectoryA
LoadLibraryA
Sleep
EnterCriticalSection
LeaveCriticalSection
EncodePointer
MultiByteToWideChar
GetStringTypeW
ReadFile
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentThreadId
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesExW
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hotpatch.exe
.exe windows:6 windows x86 arch:x86

4655c4cc4e3a300d155c9c13b72e8955

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\SafeAdLanuch\trunk\Release\SafeADLanuch.pdb

Imports

kernel32

GetProcessHeap
WideCharToMultiByte
Sleep
MultiByteToWideChar
GetLastError
ReadProcessMemory
OutputDebugStringA
WriteProcessMemory
K32EnumProcessModules
K32GetModuleFileNameExA
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
OutputDebugStringW
Process32NextW
CreateThread
WaitForSingleObject
InitializeCriticalSectionEx
RaiseException
HeapAlloc
IsDebuggerPresent
WriteConsoleW
SetStdHandle
FlushFileBuffers
SetFilePointerEx
HeapFree
HeapReAlloc
HeapSize
WriteFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetConsoleMode
GetConsoleCP
LCMapStringW
CreateFileW
GetStringTypeW
LoadLibraryExW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
DeleteCriticalSection
DecodePointer
InitializeCriticalSection
GetCommandLineW
IsProcessorFeaturePresent
EncodePointer
GetSystemTimeAsFileTime
RtlUnwind
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW

user32

wsprintfW

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icoProxy.exe
.exe windows:5 windows x86 arch:x86

30f30b62cde830a4ce287ebf621dfcf3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkCore\zhangbin\VC\icoProxy\trunk\Release\icoProxy.pdb

Imports

kernel32

InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
CloseHandle
DecodePointer
SetEvent
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetLastError
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
CreateProcessA
GlobalAddAtomA
CreateEventA
GetProcAddress
GetModuleHandleA
LoadLibraryA
GetSystemInfo
GetCurrentThreadId
WriteFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
RaiseException
WideCharToMultiByte
OpenFileMappingA
WaitForSingleObjectEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LoadLibraryExW
GetStringTypeW
LCMapStringW
GetModuleHandleW
CreateFileW
TlsFree
LocalFree
FormatMessageA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
SetLastError
ExitProcess
GetModuleHandleExW
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue

user32

GetSystemMetrics

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

socket
ntohl
htonl
htons
WSAStartup
inet_addr
sendto

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mkbrowserpreload.exe
.exe windows:5 windows x86 arch:x86

8752e91c43adeddafef271bd213070b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkCore\zhangbin\VC\preloadgame\tag_browser\Release\mkbrowserpreload.pdb

Imports

kernel32

LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
MultiByteToWideChar
GetProcAddress
CloseHandle
GetModuleFileNameA
OutputDebugStringA
OpenFileMappingA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
CreateProcessA
CreateDirectoryA
CopyFileA
SetCurrentDirectoryA
Sleep
LoadLibraryA
GlobalAddAtomA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
ReadFile
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
LoadResource
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentThreadId
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
CreateDirectoryW
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesExW
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
LocalFree
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
AreFileApisANSI
WideCharToMultiByte
TlsSetValue
lstrlenA

advapi32

RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantClear

shlwapi

PathFileExistsA

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
prepatch.exe
.exe windows:6 windows x86 arch:x86

16180e7d58c8af25470993014fcc6f13

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c3:f4:50:bb:75:fe:b9:a5:42:72:c9:f7:6c:a6:fd:4d:1d:18:bf:f7:33:39:1c:07:44:45:83:03:14:6c:3b:cf
Signer

Actual PE Digest

c3:f4:50:bb:75:fe:b9:a5:42:72:c9:f7:6c:a6:fd:4d:1d:18:bf:f7:33:39:1c:07:44:45:83:03:14:6c:3b:cf

Digest Algorithm

sha256

PE Digest Matches

true

9b:e7:04:fc:ae:ec:e4:d4:b7:c5:8d:31:e5:64:bd:e4:04:ec:48:0b
Signer

Actual PE Digest

9b:e7:04:fc:ae:ec:e4:d4:b7:c5:8d:31:e5:64:bd:e4:04:ec:48:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Administrator\Documents\Visual Studio 2013\Projects\prepatch\trunk\Release\prepatch.pdb

Imports

kernel32

OutputDebugStringA
GetModuleFileNameA
LoadLibraryA
CreateFileA
GetFileSize
CloseHandle
ReadFile
WaitForSingleObject
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
GetCommandLineW
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetLastError
SetLastError
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapSize
LoadLibraryExW
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
repage36.exe
.exe windows:6 windows x86 arch:x86

221450efada90b95ad3354cbd80da9bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\administrator\documents\visual studio 2013\Projects\wzHomePageAnalyze\Release\wzHomePageAnalyze.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionEx
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
RaiseException
GetProcessHeap
CreateFileA
DeviceIoControl
OutputDebugStringA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetSystemTimeAsFileTime
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
HeapSize
DeleteCriticalSection
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
OutputDebugStringW

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA

msvcr120

strnlen
??_V@YAXPAX@Z
memmove_s
sprintf
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_vsnprintf
_XcptFilter
__crtGetShowWindowMode
_amsg_exit
__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_wcmdln
_fmode
_commode
?terminate@@YAXXZ
_except_handler4_common
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
memset
free
memcpy_s
wmemcpy_s
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
??_U@YAPAXI@Z
memcpy

netapi32

Netbios

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
svrReport.exe
.exe windows:6 windows x86 arch:x86

0ec0e16e403dbde40388c78576a3ad82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\Project\Visual Studio 2013\hijackAliReport\Release\hijackAliReport.pdb

Imports

kernel32

RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
CreateFileA
GetFileSize
ReadFile
HeapDestroy
HeapReAlloc
HeapSize
GetProcAddress
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
WideCharToMultiByte
OpenFileMappingA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
Sleep
LoadLibraryA
LocalFree
CreateFileW
ReadConsoleW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LCMapStringW
SetFilePointerEx
MultiByteToWideChar
EncodePointer
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetStringTypeW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
RtlUnwind
GetConsoleCP
GetConsoleMode
FormatMessageA

user32

GetSystemMetrics

wininet

InternetReadFile
InternetOpenA
InternetCloseHandle
InternetOpenUrlA

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

netapi32

Netbios

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzBaseDataReportEx.dll
.dll windows:6 windows x86 arch:x86

1c31b07c25e1bfef0ce640d45328c2b0

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:a4:4c:fb:b0:69:49:15:2e:e7:15:a0:f7:53:3d:9f:a0:3f:df:26:da:81:0f:6c:8e:d5:af:25:2b:1e:c8:b4
Signer

Actual PE Digest

38:a4:4c:fb:b0:69:49:15:2e:e7:15:a0:f7:53:3d:9f:a0:3f:df:26:da:81:0f:6c:8e:d5:af:25:2b:1e:c8:b4

Digest Algorithm

sha256

PE Digest Matches

true

67:5b:70:a3:b3:a3:f2:6f:68:87:d7:0e:f6:59:56:70:e0:6b:73:f4
Signer

Actual PE Digest

67:5b:70:a3:b3:a3:f2:6f:68:87:d7:0e:f6:59:56:70:e0:6b:73:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\users\administrator\documents\visual studio 2013\Projects\wzBaseDataReportEx\Release\wzBaseDataReportEx.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
Sleep
OpenProcess
GetTempPathA
CopyFileA
SetLastError
DeleteFileA
GetSystemTime
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
OutputDebugStringA
CreateFileMappingA
MapViewOfFile
CreateEventA
GetTickCount
ExpandEnvironmentStringsA
GetSystemTimeAsFileTime
Module32First
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleHandleExW
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetStringTypeW
LCMapStringW
LoadLibraryExW
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

shlwapi

PathFileExistsA

sqlite3

sqlite3_get_table
sqlite3_free_table
sqlite3_close
sqlite3_open

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzBaseDataReportExCli.dll
.dll windows:6 windows x86 arch:x86

d77218ff1e57c0e689f4798947a111e2

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:96:7b:b7:fa:12:1d:10:74:6b:30:8f:e9:00:77:47:8f:1e:f8:48:a2:b0:45:c8:04:3a:be:4c:35:7d:f5:ca
Signer

Actual PE Digest

2d:96:7b:b7:fa:12:1d:10:74:6b:30:8f:e9:00:77:47:8f:1e:f8:48:a2:b0:45:c8:04:3a:be:4c:35:7d:f5:ca

Digest Algorithm

sha256

PE Digest Matches

true

8f:74:ba:d8:6e:88:5f:b2:63:b6:36:ef:97:91:03:9b:d9:0c:bb:98
Signer

Actual PE Digest

8f:74:ba:d8:6e:88:5f:b2:63:b6:36:ef:97:91:03:9b:d9:0c:bb:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\users\administrator\documents\visual studio 2013\Projects\wzBaseDataReportEx\Release\wzBaseDataReportExCli.pdb

Imports

kernel32

HeapReAlloc
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
SizeofResource
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
LockResource
OpenEventA
DecodePointer
DeleteCriticalSection
CloseHandle
OpenFileMappingA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
SetFilePointerEx
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
WriteFile
GetModuleFileNameW
LoadLibraryExW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
CreateFileW

Exports

Exports

GetHistoryInfo

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzBrowserReport.dll
.dll windows:6 windows x86 arch:x86

ea3616c59cadf3c82fe7070dfb666e64

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:6d:5e:14:9b:34:be:02:74:88:6e:ef:33:92:89:c3:d8:b0:e1:75:0d:7b:2a:d0:2f:69:26:0c:72:2e:76:e8
Signer

Actual PE Digest

2e:6d:5e:14:9b:34:be:02:74:88:6e:ef:33:92:89:c3:d8:b0:e1:75:0d:7b:2a:d0:2f:69:26:0c:72:2e:76:e8

Digest Algorithm

sha256

PE Digest Matches

true

d3:eb:b8:9a:69:df:d8:4e:11:e7:c1:5b:74:63:56:a5:f4:73:76:80
Signer

Actual PE Digest

d3:eb:b8:9a:69:df:d8:4e:11:e7:c1:5b:74:63:56:a5:f4:73:76:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wzBrowserReport1114\wzBrowserReport\Release\wzBrowserReport.pdb

Imports

kernel32

HeapFree
WaitForSingleObject
GetProcessHeap
InitializeCriticalSection
WideCharToMultiByte
Sleep
SizeofResource
HeapDestroy
LeaveCriticalSection
ReadFile
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
EnterCriticalSection
CreateEventW
DecodePointer
DeviceIoControl
DeleteCriticalSection
CreateThread
CreateEventA
CloseHandle
SetEvent
HeapAlloc
GetProcAddress
WaitForSingleObjectEx
GetModuleHandleW
FindResourceA
WriteFile
IsDebuggerPresent
OutputDebugStringW
FormatMessageA
LocalFree
LoadResource
CreateFileA
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryA
HeapReAlloc
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStringTypeW
LCMapStringW
LoadLibraryExW
GetConsoleCP
GetConsoleMode
SetFilePointerEx

advapi32

StartServiceA
CreateServiceA
OpenSCManagerW
CloseServiceHandle
OpenServiceA

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzBussInject.exe
.exe windows:5 windows x86 arch:x86

0128f671aff5b19f1da4d96dd08e8828

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hangzhou\wzBussInjectLoad_最新\trunk\Release\wzBussInjectLoad.pdb

Imports

kernel32

FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempPathA
CreateFileA
WriteFile
CloseHandle
FreeResource
GetLastError
DeleteFileA
FindResourceW
DeviceIoControl
OutputDebugStringA
GetProcAddress
GetModuleHandleA
GetCurrentProcess
GetSystemInfo
GetVersionExW
CopyFileA
GetFileAttributesA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
RaiseException
GetProcessHeap
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

advapi32

OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerW
StartServiceW

msvcr90

_encode_pointer
_lock
_onexit
_decode_pointer
_vsnprintf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__dllonexit
_unlock
memset
free
rand
srand
_time64
printf
sprintf
??2@YAPAXI@Z
iswspace
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memmove_s
memcpy_s
??3@YAXPAX@Z
strncpy
__CxxFrameHandler3
_CxxThrowException
memcpy

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzDataAnayze.dll
.dll windows:6 windows x86 arch:x86

2f87b13dbb3142d59032768dafba9a3c

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:34:bc:6c:3c:21:00:9f:32:c9:69:4b:fa:e5:2c:aa:f2:67:7d:ee:a0:af:dd:89:8c:e3:c5:d1:ec:22:c4:a0
Signer

Actual PE Digest

a9:34:bc:6c:3c:21:00:9f:32:c9:69:4b:fa:e5:2c:aa:f2:67:7d:ee:a0:af:dd:89:8c:e3:c5:d1:ec:22:c4:a0

Digest Algorithm

sha256

PE Digest Matches

true

1e:6c:64:9b:65:0e:5d:09:26:aa:5d:9e:c7:46:a1:df:82:10:7e:fb
Signer

Actual PE Digest

1e:6c:64:9b:65:0e:5d:09:26:aa:5d:9e:c7:46:a1:df:82:10:7e:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\wzDataAnalyze\trunk\Release\wzDataAnayze.pdb

Imports

kernel32

MapViewOfFile
UnmapViewOfFile
CloseHandle
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
LoadLibraryA
GetProcAddress
CreateThread
Sleep
OutputDebugStringA
CreateEventA
SetEvent
WaitForSingleObjectEx
GetModuleHandleW
OpenFileMappingA
LockResource
LoadResource
FindResourceW
FindResourceExW
WideCharToMultiByte
InitializeCriticalSectionEx
RaiseException
GetLastError
DecodePointer
IsDebuggerPresent
OutputDebugStringW
FormatMessageA
LocalFree
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SizeofResource
EncodePointer
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzHardReport.dll
.dll windows:6 windows x86 arch:x86

162beb66dc16ef413102f6c5d04702c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\users\administrator\documents\visual studio 2013\Projects\wzHardReport\Release\wzHardReport.pdb

Imports

kernel32

CreateFileA
GetFileSize
CloseHandle
ReadFile
WriteFile
OutputDebugStringA
LoadLibraryA
GetProcAddress
HeapReAlloc
FindResourceA
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
WideCharToMultiByte
Sleep
SizeofResource
HeapDestroy
LeaveCriticalSection
CreateProcessA
InitializeCriticalSectionEx
RaiseException
CreateDirectoryA
GetLastError
HeapSize
EnterCriticalSection
LockResource
DecodePointer
DeleteCriticalSection
GetTempPathA
DeleteFileA
CreateThread
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
SetFilePointerEx
MultiByteToWideChar
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
GetConsoleCP
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetStringTypeW
LoadLibraryExW
LCMapStringW
OutputDebugStringW
CreateFileW

user32

DispatchMessageW
DefWindowProcW
UpdateWindow
ShowWindow
CreateWindowExA
TranslateMessage
PostQuitMessage
RegisterClassExA
GetMessageW

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzIex64.dll
.dll windows:5 windows x64 arch:x64

34dce485154213571f21d7e81c4881f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\wzIeBrowserEx\trunk\x64\Release\wzBF.pdb

Imports

kernel32

WaitForSingleObjectEx
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
CloseHandle
lstrcatW
lstrlenW
WideCharToMultiByte
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
InitializeCriticalSectionAndSpinCount
ReadFile
RaiseException
GetLastError
DecodePointer
GetModuleFileNameA
LoadLibraryA
GetProcAddress
SetEvent
GetModuleHandleA
OpenEventA
GetCommandLineA
GetFileAttributesA
WinExec
ExitProcess
OpenProcess
GetCurrentProcessId
OpenFileMappingW
GetModuleHandleW
GetSystemInfo
GetCurrentProcess
WriteFile
MultiByteToWideChar
CreateFileMappingW
IsDebuggerPresent
ResetEvent
ResumeThread
SuspendThread
VirtualProtect
GetThreadPriority
OpenThread
VirtualAlloc
FlushInstructionCache
SetThreadPriority
VirtualQuery
GetThreadContext
CreateFileW
FlushFileBuffers
FreeLibrary
CreateEventA
LocalFree
FormatMessageA
EncodePointer
IsProcessorFeaturePresent
GetCurrentThreadId
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
GetStdHandle
GetModuleFileNameW
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW

user32

GetSystemMetrics

zlibwapi

ord2

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

sendto
htonl
htons
inet_addr
getpeername
socket
WSAStartup
ntohl

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 176KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzIex86.dll
.dll windows:5 windows x86 arch:x86

111125bc2f79378fc673b0f1eac232cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Administrator\Desktop\wzIeBrowserEx\trunk\Release\wzBF.pdb

Imports

kernel32

WaitForSingleObjectEx
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
OutputDebugStringW
CloseHandle
lstrcatW
lstrlenW
WideCharToMultiByte
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetFileSize
GlobalDeleteAtom
GlobalAddAtomA
GlobalFindAtomA
InitializeCriticalSectionAndSpinCount
ReadFile
RaiseException
GetLastError
DecodePointer
GetModuleFileNameA
GetCurrentThread
SetEvent
GetProcAddress
FreeLibrary
GetModuleHandleA
OpenEventA
GetCommandLineA
GetFileAttributesA
WinExec
ExitProcess
OpenProcess
GetCurrentProcessId
OpenFileMappingW
GetModuleHandleW
GetSystemInfo
WriteFile
MultiByteToWideChar
CreateFileMappingW
IsDebuggerPresent
ResetEvent
VirtualAlloc
SuspendThread
VirtualFree
GetThreadContext
SetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
InterlockedCompareExchange
VirtualQuery
LoadLibraryA
CreateEventA
LocalFree
FormatMessageA
EncodePointer
IsProcessorFeaturePresent
GetCurrentThreadId
RtlUnwind
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
GetStdHandle
GetModuleFileNameW
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

user32

GetSystemMetrics

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

inet_addr
getpeername
ntohl
htonl
WSAStartup
socket
htons
sendto

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzPlatformReport.dll
.dll windows:6 windows x86 arch:x86

c836a566c16e4b7c813607c09b977648

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou\wzPlatformReport\trunk\Release\wzPlatformReport.pdb

Imports

kernel32

UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
WaitForSingleObjectEx
GetProcessHeap
HeapAlloc
CreateEventA
HeapFree
SetEvent
Sleep
HeapDestroy
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
Process32FirstW
LockResource
DecodePointer
Process32NextW
CreateToolhelp32Snapshot
DeleteCriticalSection
CloseHandle
OpenFileMappingA
CreateThread
MapViewOfFile
GetModuleHandleW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetSystemInfo
GlobalAddAtomA
LocalFree
FormatMessageA
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
OutputDebugStringA
HeapReAlloc
EncodePointer
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetStringTypeW
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
LoadLibraryExW
GetConsoleCP

user32

GetSystemMetrics

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

ntohl
socket
sendto
htonl
inet_addr
WSAStartup
htons

iphlpapi

GetAdaptersAddresses

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzReportDesktopInject.dll
.dll windows:6 windows x86 arch:x86

bbabf4fe7ed6f2ca386d016f536abece

Code Sign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:1f:5d:98:81:82:17:2e:3c:41:9e:01:4f:b0:40:4c
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

08:f4:59:43:05:61:fd:ff:09:69:39:33:b0:f6:ca:c2
Certificate

Issuer

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

31/12/2019, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:d0:e3:37:4a:c9:5b:db:fa:6b:43:4b:2a:48:ec:06
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:ac:5c:26:6a:0b:40:9b:8f:0b:79:f2:ae:46:25:77
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2031, 00:00

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0b:71:13:81:ee:a4:48:35:c1:a1:b5:ab:ae:eb:46:fa
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/01/2018, 00:00

Not After

03/01/2020, 12:00

Subject

SERIALNUMBER=91330108352496177K,CN=杭州网足科技有限公司,O=杭州网足科技有限公司,L=杭州市,C=CN,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302434e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:0f:db:e6:78:b3:1e:23:2c:ba:5a:e1:4d:9d:bf:1b
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 01:00

Not After

08/04/2023, 01:00

Subject

CN=WoSign Time Stamping Signer G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

49:b9:d7:75:02:bd:e5:d2:a3:8a:c1:25:30:bc:aa:5a:79:a5:0b:23:97:a9:5b:a7:f5:84:10:2d:73:9f:4f:37
Signer

Actual PE Digest

49:b9:d7:75:02:bd:e5:d2:a3:8a:c1:25:30:bc:aa:5a:79:a5:0b:23:97:a9:5b:a7:f5:84:10:2d:73:9f:4f:37

Digest Algorithm

sha256

PE Digest Matches

true

1d:11:99:93:2e:91:1f:a6:e7:ad:ff:73:27:b9:ac:5e:cd:0f:ab:77
Signer

Actual PE Digest

1d:11:99:93:2e:91:1f:a6:e7:ad:ff:73:27:b9:ac:5e:cd:0f:ab:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\wzReportDesktop\trunk\Release\wzReportDesktopInject.pdb

Imports

kernel32

OpenProcess
CloseHandle
OutputDebugStringA
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSectionEx
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
CreateThread
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CreateFileA
FindResourceA
WriteFile
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Sleep
GetTempPathA
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
GetStdHandle
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW

user32

MessageBoxA

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 298KB - Virtual size: 297KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzReportx64.dll
.dll windows:6 windows x64 arch:x64

3871d8d3a756b7ce6bdc872da7c0a51c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\clReport\trunk\x64\Release\commonReport.pdb

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GlobalFindAtomA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
WaitForSingleObjectEx
CreateEventA
SetEvent
Sleep
GetLastError
GetProcAddress
GetModuleHandleA
GetSystemInfo
LoadLibraryA
FormatMessageA
LocalFree
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LockResource
RaiseException
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
RtlUnwindEx
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW

user32

GetSystemMetrics

zlibwapi

ord2

rpcrt4

UuidCreate

ws2_32

htons
WSAStartup
sendto
inet_addr
socket
htonl
ntohl

netapi32

Netbios

iphlpapi

GetAdaptersAddresses

Exports

Exports

Init
ReportData
ReportData2
dReportData

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzReportx86.dll
.dll windows:6 windows x86 arch:x86

9101da38b4277fff69678bf0a9c19d3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\clReport\trunk\Release\commonReport.pdb

Imports

kernel32

InitializeCriticalSectionEx
DeleteCriticalSection
DecodePointer
CloseHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GlobalFindAtomA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
FindResourceExW
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
WaitForSingleObjectEx
CreateEventA
SetEvent
GetLastError
LockResource
GetProcAddress
GetModuleHandleA
GetSystemInfo
LoadLibraryA
FormatMessageA
LocalFree
ResetEvent
OpenEventA
CreateFileW
FlushFileBuffers
WriteConsoleW
Sleep
RaiseException
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
SetLastError
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwind
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetConsoleCP
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
SetStdHandle

user32

GetSystemMetrics

rpcrt4

UuidCreate

ws2_32

ntohl
WSAStartup
inet_addr
socket
htons
sendto
htonl

netapi32

Netbios

iphlpapi

GetAdaptersAddresses

Exports

Exports

Init
ReportData
ReportData2
dReportData

Sections

.text
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzSearchEngines.dll
.dll windows:6 windows x86 arch:x86

53795b51baa0b8fa70af2e55f1eab9bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\wzSearchEngines\trunk\Release\wzSearchEngines.pdb

Imports

kernel32

LoadLibraryA
GetProcAddress
HeapReAlloc
FindResourceExW
FindResourceW
LoadResource
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
WideCharToMultiByte
Sleep
SizeofResource
HeapDestroy
LeaveCriticalSection
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
EnterCriticalSection
LockResource
DecodePointer
DeleteCriticalSection
CreateThread
MultiByteToWideChar
IsDebuggerPresent
OutputDebugStringW
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
LCMapStringW
GetCurrentThreadId
GetSystemTimeAsFileTime
EncodePointer
GetCommandLineA
RtlUnwind
CreateTimerQueue
CloseHandle
SetEvent
WaitForSingleObjectEx
SignalObjectAndWait
GetCurrentProcess
SwitchToThread
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetModuleHandleW
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
TerminateProcess
GetTickCount
CreateSemaphoreW
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
GetVersionExW
VirtualAlloc
VirtualFree
VirtualProtect
DuplicateHandle
ReleaseSemaphore
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetStringTypeW

xhtmlai

ord19
ord21
ord12
ord1
ord13

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzSysMonDll.dll
.dll windows:5 windows x86 arch:x86

8d78a1b70fe25ba02a99d0a10dd6e61a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Code\Client\wzSysMon\Trunk\Bin\wzSysMonDll.pdb

Imports

kernel32

RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
CloseHandle
GetNativeSystemInfo
GetModuleFileNameW
lstrcpyW
lstrcatW
SetCurrentDirectoryW
HeapDestroy
GetCurrentDirectoryW
OutputDebugStringW
CreateFileW
GetProcAddress
GetModuleHandleW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
SetEvent
HeapFree
CreateEventA
HeapAlloc
GetProcessHeap
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
DeviceIoControl
HeapReAlloc
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
LocalFree
FormatMessageA
EncodePointer
GetCommandLineA
GetCurrentThreadId
RtlUnwind
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
WriteFile
LoadLibraryExW
LCMapStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
OpenEventA
ResetEvent

advapi32

StartServiceW
OpenServiceW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
CreateServiceW
OpenSCManagerW
CloseServiceHandle

Exports

Exports

GetLog
StartMon
StopMon

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzconhost.exe
.exe windows:5 windows x86 arch:x86

fe32a0af271757aef62b1b1608a18143

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\WorkCore\zhangbin\VC\RedirApp\trunk\RedirApp\Release\RedirApp.pdb

Imports

kernel32

LoadResource
CreateFileA
WriteFile
SizeofResource
CloseHandle
FreeResource
GetLastError
DeviceIoControl
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
OpenEventA
OutputDebugStringA
Sleep
WaitForSingleObject
GlobalAddAtomA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFileSize
FindResourceA
DeleteFileA
CreateProcessA
LockResource
FindResourceW
FindResourceExW
WideCharToMultiByte
CreateEventA
SetEvent
WaitForSingleObjectEx
CopyFileA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetSystemInfo
InitializeCriticalSectionAndSpinCount
RaiseException
DecodePointer
GetCurrentProcess
GetVersionExA
LocalFree
CreateFileW
FlushFileBuffers
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
ReadFile
InitializeCriticalSection
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FormatMessageA
LCMapStringW
IsDebuggerPresent
OutputDebugStringW
EncodePointer
IsProcessorFeaturePresent
GetCommandLineA
RtlUnwind
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileAttributesExW
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW

user32

GetSystemMetrics

advapi32

OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
StartServiceA

netapi32

Netbios

rpcrt4

UuidCreate

ws2_32

htonl
WSAStartup
inet_addr
socket
sendto
ntohl
htons

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzdesk.exe
.exe windows:6 windows x64 arch:x64

08def7a39274c9b45c7fdb455d154592

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\WorkCore\zhangbin\VC\injectDesktop\x64\Release\injectTest.pdb

Imports

kernel32

GetExitCodeThread
ResumeThread
CreateProcessA
CreateProcessW
GetVersion
GetTickCount
GetSystemDirectoryW
VirtualProtectEx
ReadProcessMemory
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
LocalAlloc
LocalFree
lstrcpyW
GetWindowsDirectoryW
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
GetCurrentProcessId
GetVersionExW
VirtualAlloc
VirtualFree
CreateFileMappingW
OpenFileMappingW
GetModuleHandleA
lstrcpyA
lstrcatA
lstrlenA
CreateFileW
EnterCriticalSection
LeaveCriticalSection
VirtualQuery
GetModuleFileNameA
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentThread
GetCurrentThreadId
OpenThread
TerminateThread
GetThreadContext
SetThreadContext
VirtualProtect
VirtualQueryEx
LoadLibraryW
Thread32First
Thread32Next
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
ExitThread
FlushInstructionCache
TerminateProcess
ReleaseMutex
GetCommandLineW
HeapReAlloc
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
WriteFile
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
OutputDebugStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
Sleep
SetLastError
DuplicateHandle
GetFileAttributesW
GetCurrentDirectoryW
GetLastError
GetCurrentProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
VirtualFreeEx
WaitForSingleObject
CreateRemoteThread
GetModuleHandleW
GetProcAddress
WriteProcessMemory
VirtualAllocEx
OpenProcess
lstrlenW
CreateFileMappingA
lstrcmpiW

advapi32

StartServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetKernelObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetTokenInformation
GetLengthSid
LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges
DeleteService
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
QueryServiceStatus
CreateServiceW

user32

GetThreadDesktop
CloseDesktop
OpenInputDesktop
GetUserObjectInformationA

Sections

.text
Size: 206KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wzdesktop.dll
.dll windows:6 windows x64 arch:x64

cc9c86d95e5532ff1ba3fdc7fa7e7f8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\VRegDesktopICO\trunk\x64\Release\VirtualReg.pdb

Imports

kernel32

CloseHandle
FindResourceExW
FindResourceW
LoadResource
WaitForSingleObject
InitializeCriticalSection
WideCharToMultiByte
GlobalFindAtomA
SizeofResource
Sleep
LeaveCriticalSection
EnterCriticalSection
LockResource
OpenEventA
ExpandEnvironmentStringsW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OutputDebugStringA
OpenFileMappingA
GlobalAddAtomA
GetModuleFileNameA
MultiByteToWideChar
CreateEventA
GetWindowsDirectoryW
FreeLibrary
LoadLibraryA
OutputDebugStringW
OpenProcess
ReadProcessMemory
WaitForSingleObjectEx
GetCurrentProcess
SetEvent
CreateFileW
DuplicateHandle
DeleteCriticalSection
CreateThread
WriteFile
VirtualFree
VirtualAlloc
GetSystemInfo
GetFileAttributesExW
SetFileAttributesW
SetFilePointer
UpdateResourceA
GetTempPathW
BeginUpdateResourceW
EndUpdateResourceA
GetVersionExA
GetCurrentThreadId
FormatMessageA
LocalFree
VirtualProtect
GetModuleHandleA
DecodePointer
HeapSize
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionEx
GetSystemDirectoryA
ReadFile
HeapDestroy
GetProcessHeap
HeapFree
HeapAlloc
GetFileSize
CreateFileA
GetCurrentProcessId
HeapReAlloc
ResetEvent
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
GetStdHandle
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
InitializeCriticalSectionAndSpinCount
EncodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError

user32

wsprintfW
GetSystemMetrics

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegQueryValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

SHChangeNotify

ole32

CoCreateGuid

shlwapi

PathFileExistsA
StrStrIW
PathFileExistsW

rpcrt4

UuidCreate

ws2_32

socket
inet_addr
send
closesocket
gethostbyname
WSAStartup
recv
setsockopt
htons
WSACleanup
connect
htonl
ntohl
sendto

zlibwapi

ord2

netapi32

Netbios

Exports

Exports

distorm_decode64
distorm_version

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wztask.ini
xypreloadgame.dll
.dll windows:5 windows x86 arch:x86

2d44fc73cafaa771ffd8a532d3d77218

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Hangzhou_Business\preloadgame2\tag_xunyou\Release\xypreloadgame.pdb

Imports

kernel32

GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
DecodePointer
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
MultiByteToWideChar
GetProcAddress
CloseHandle
CreateThread
GetModuleFileNameA
OutputDebugStringA
OpenFileMappingA
OutputDebugStringW
MapViewOfFile
UnmapViewOfFile
CreateProcessA
CreateDirectoryA
Sleep
SetCurrentDirectoryA
CopyFileA
EnterCriticalSection
LeaveCriticalSection
EncodePointer
GetStringTypeW
ReadFile
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetCurrentProcess
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
CreateDirectoryW
IsValidCodePage
GetACP
GetOEMCP
GetFileAttributesExW
FlushFileBuffers
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
SetStdHandle
WriteConsoleW
CreateFileW
SetEndOfFile
AreFileApisANSI
WideCharToMultiByte
TerminateProcess

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

shlwapi

PathFileExistsA

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zhmq.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/07/2017, 00:00

Not After

17/07/2018, 23:59

Subject

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

02:f9:ff:7b:da:07:bc:cd:4a:97:80:32:6d:b7:ca:23:f2:64:91:b9
Signer

Actual PE Digest

02:f9:ff:7b:da:07:bc:cd:4a:97:80:32:6d:b7:ca:23:f2:64:91:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
config.dll
.dll windows:5 windows x86 arch:x86

bf9dd5dfdcdd67691c400635d57d3924

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/07/2017, 00:00

Not After

17/07/2018, 23:59

Subject

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:ab:16:de:36:13:fd:76:11:b6:32:92:29:0e:c1:c7:54:5a:36:bd
Signer

Actual PE Digest

d4:ab:16:de:36:13:fd:76:11:b6:32:92:29:0e:c1:c7:54:5a:36:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\37Work\pc_code\lander\template\37dll\bin\config.pdb

Imports

kernel32

WritePrivateProfileStringW
GetPrivateProfileIntW
GetTempPathW
WideCharToMultiByte
OutputDebugStringW
InterlockedExchange
FreeResource
GlobalFree
Sleep
CreateEventW
SetEvent
CreateFileW
WriteFile
DeleteFileW
GetTickCount
GetVersionExW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetPrivateProfileStringW
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetCommandLineW
CreateDirectoryW
CreateProcessW
FindResourceExW
LockResource
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
ResumeThread
TerminateThread
GetExitCodeThread
CloseHandle
WaitForSingleObject
IsBadWritePtr
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcessAffinityMask
InitializeCriticalSection

user32

SetCursor
GetClientRect
ShowWindow
DefWindowProcW
UpdateWindow
ClientToScreen
IsChild
MessageBoxW
LoadMenuW
ReleaseDC
UpdateLayeredWindow
GetDC
GetWindowLongW
SetWindowLongW
SetWindowPos
SendMessageW
RegisterClassExW
LoadCursorW
LoadIconW
DestroyWindow
CharNextW
GetSubMenu
RemoveMenu
DestroyMenu
CheckMenuItem
TrackPopupMenu
GetCursorPos
PostMessageW
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
GetSysColor
GetClassNameW
IsWindow
GetDlgItem
GetWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
PostQuitMessage
GetKeyState
LoadStringW
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
GetForegroundWindow
IsWindowVisible
LoadImageW
PtInRect
UnregisterClassA
OffsetRect
DrawTextW
InflateRect
IsIconic
SetWindowRgn
SystemParametersInfoW

gdi32

SetBkColor
StretchBlt
CreateRoundRectRgn
SetTextColor
SetBkMode
SetDIBColorTable
SelectObject
CreateDIBSection
CreateSolidBrush
GetStockObject
GetDeviceCaps
GetObjectW
BitBlt
RestoreDC
CreateCompatibleBitmap
CreateFontW
DeleteDC
DeleteObject
CreateCompatibleDC
SaveDC

advapi32

RegDeleteValueW
GetTokenInformation
OpenProcessToken
RegCreateKeyW
RegQueryValueExW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData

shlwapi

PathFileExistsW
StrCpyW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

msvcp90

?uncaught_exception@std@@YA_NXZ
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIPB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

gdiplus

GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageWidth
GdiplusShutdown
GdipCloneImage
GdipBitmapUnlockBits
GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight

msvcr90

??2@YAPAXI@Z
??_V@YAXPAX@Z
memcpy
_itoa
free
malloc
memcpy_s
_recalloc
wcsncpy_s
wcsstr
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
memmove_s
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_beginthreadex
swprintf_s
_vscwprintf
vswprintf_s
_localtime64_s
_time64
wcsftime
_purecall
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_resetstkoflw
_unlock
_CxxThrowException
__CxxFrameHandler3
memset
strpbrk
sprintf_s
sscanf
isalnum
wcscpy_s
wcscat_s
_wcsicmp
_wcslwr_s
_snwprintf_s
memmove
atoi
??3@YAXPAX@Z

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW

iphlpapi

GetAdaptersInfo

Exports

Exports

StartLander

Sections

.text
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
config.ini
dwjh_wqeqd.exe
.exe windows:5 windows x86 arch:x86

2ce3a028f67b8cd50455db6ac7115c66

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/07/2017, 00:00

Not After

17/07/2018, 23:59

Subject

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:e1:96:82:38:33:f8:9a:42:b5:7b:b9:c2:a7:84:03:26:38:32:4c
Signer

Actual PE Digest

da:e1:96:82:38:33:f8:9a:42:b5:7b:b9:c2:a7:84:03:26:38:32:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\37Work\pc_code\lander\template\37dll\bin\lander.pdb

Imports

kernel32

GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

user32

DialogBoxParamW
EndDialog
EndPaint
BeginPaint
DefWindowProcW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
PostQuitMessage
LoadStringW
DestroyWindow

msvcr90

?terminate@@YAXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_onexit
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
_initterm_e
_unlock
__dllonexit
_lock

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 502KB - Virtual size: 502KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:ed:0d:06:95:fa:ca:69:9b:e4:5b:5f:db:c7:37:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

17/07/2017, 00:00

Not After

17/07/2018, 23:59

Subject

CN=江苏嘉趣网络科技有限公司,OU=IT,O=江苏嘉趣网络科技有限公司,L=淮安,ST=江苏,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

94:3f:71:d2:c9:8d:9a:fb:34:19:0a:8d:2f:c5:25:d5:dd:e3:65:8e
Signer

Actual PE Digest

94:3f:71:d2:c9:8d:9a:fb:34:19:0a:8d:2f:c5:25:d5:dd:e3:65:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 506KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WizModernImage.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

068e086290d4b3725133232c84864d94

Code Sign

04:44:c0Certificate

Key Usages

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:afCertificate

Extended Key Usages

Key Usages

50:c4:e0:08:96:39:83:54:98:19:7c:ba:61:7a:41:15Certificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

ab:cb:4b:72:41:95:ba:53:51:af:3b:3b:88:a5:78:26:7b:3c:6f:a1:4a:77:31:6c:34:cc:32:0d:cd:92:32:9dSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

msimg32

wininet

Sections

.text Size: 330KB - Virtual size: 330KB

.rdata Size: 67KB - Virtual size: 67KB

.data Size: 15KB - Virtual size: 170KB

.rsrc Size: 156KB - Virtual size: 155KB

.reloc Size: 20KB - Virtual size: 19KB

b1a57b635b23ffd553b3fd1e0960b2bd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

25:6d:50:46:d5:c3:5c:fe:0e:37:c0:13:78:fe:92:ca:14:b5:fb:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 104KB - Virtual size: 103KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

04:44:c0
Certificate

6e:a1:d4:94:5f:0e:69:e9:d6:f1:48:2c:58:6a:71:af
Certificate

50:c4:e0:08:96:39:83:54:98:19:7c:ba:61:7a:41:15
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ab:cb:4b:72:41:95:ba:53:51:af:3b:3b:88:a5:78:26:7b:3c:6f:a1:4a:77:31:6c:34:cc:32:0d:cd:92:32:9d
Signer

.text
Size: 330KB - Virtual size: 330KB

.rdata
Size: 67KB - Virtual size: 67KB

.data
Size: 15KB - Virtual size: 170KB

.rsrc
Size: 156KB - Virtual size: 155KB

.reloc
Size: 20KB - Virtual size: 19KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4f:c4:17:71:d2:98:34:72:6b:be:19:17:03:27:9f:c7
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

25:6d:50:46:d5:c3:5c:fe:0e:37:c0:13:78:fe:92:ca:14:b5:fb:f6
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 104KB - Virtual size: 103KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 510B