72dac225a9f01d22c5eaec4cc5082793_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

72dac225a9f01d22c5eaec4cc5082793_JaffaCakes118
Size

23.2MB
MD5

72dac225a9f01d22c5eaec4cc5082793
SHA1

1a4b765e24607d9d9229b85d2680c5c5c7401cba
SHA256

e44c03c2db5b94cf96fb6fe4aa1c77b04540a2adec2bf8873ba8c5f19f02b83c
SHA512

cd316ae0b599b0b1b601206ef164e7e19d5390f3aa961497860cfd015c79628355502a44aebd9593d0e1a4c94a63c617d4a55410132b8cd3ca5daae33e08508d
SSDEEP

393216:hQ0evbIaBat5Pv5inmolWuudqWgIFKMXb/aGr0PB+j38UeuNM4RlcY5Xhy4qPMWc:h6vbZBat9RSDkuEoIkMLRrqC8puNMOlH

Score

3^/10

Malware Config

Signatures

Unsigned PE 14 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/BgWorker.dll
unpack001/$PLUGINSDIR/DialogBk.dll
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/GuaGuaCJ/AudioCapture.dll
unpack001/GuaGuaCJ/AudioCodec2.dll
unpack001/GuaGuaCJ/AudioCodec3.dll
unpack001/GuaGuaCJ/AudioDecodec3.dll
unpack001/GuaGuaCJ/ChatCostomPost.dll
unpack001/GuaGuaCJ/ChatRTI.dll
unpack001/GuaGuaCJ/ChatRoomUI.ocx

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

72dac225a9f01d22c5eaec4cc5082793_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:05:d1:a7:1e:87:e1:bc:b0:ac:cf:3e:c6:a6:7a:49
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

22/01/2018, 07:08

Not After

17/01/2019, 07:58

Subject

CN=浙江齐聚科技有限公司,O=浙江齐聚科技有限公司,L=金华市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c0c4144406971696a752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c7:92:8b:f2:4b:df:f7:ed:e7:b6:9d:bd:da:12:11:4b:eb:6c:41:03:1b:69:24:67:22:80:dd:6b:24:e3:2f:6f
Signer

Actual PE Digest

c7:92:8b:f2:4b:df:f7:ed:e7:b6:9d:bd:da:12:11:4b:eb:6c:41:03:1b:69:24:67:22:80:dd:6b:24:e3:2f:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DialogBk.dll
.dll windows:4 windows x86 arch:x86

ca9f1b878c7f5aeb01c3f5807dc45da9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

_TrackMouseEvent

gdiplus

GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipGetImageHeight
GdipDrawString
GdipDeleteFont
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipDrawImagePointRectI
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCloneBrush
GdiplusStartup
GdiplusShutdown
GdipCreatePen1
GdipDeletePen
GdipCreatePath
GdipDeletePath
GdipSetPathGradientCenterColor
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipDeleteRegion
GdipCreateLineBrushI
GdipSetPenMode
GdipAddPathLine2I
GdipCreatePathGradientFromPath
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawRectangleI
GdipFillRectangleI
GdipFillRegion
GdipDrawImageRectRect
GdipCreateRegionHrgn
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageWidth
GdipCloneImage
GdipAlloc
GdipDrawImageRectI
GdipCreateFromHDC
GdipFree
GdipDisposeImage
GdipLoadImageFromFile
GdipDeleteGraphics

kernel32

GetSystemInfo
VirtualProtect
ReadFile
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
VirtualQuery
InterlockedExchange
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
lstrcpynA
MultiByteToWideChar
GlobalFree
GlobalUnlock
GlobalLock
FreeResource
GlobalAlloc
LockResource
GetLastError
LoadResource
SizeofResource
FindResourceA
lstrcpyA
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
HeapAlloc
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
CloseHandle
WriteFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
IsBadReadPtr

user32

SetWindowTextA
InvalidateRect
GetSystemMetrics
SetWindowRgn
DialogBoxParamA
EndDialog
GetDlgCtrlID
ReleaseCapture
GetDC
SetCapture
SetFocus
ReleaseDC
GetWindowTextW
GetClientRect
GetCursorPos
ScreenToClient
IsWindow
GetWindowLongA
SetWindowLongA
CallWindowProcA
BeginPaint
EndPaint
GetWindowRect
SendMessageA
GetDlgItem
MoveWindow
ShowWindow

gdi32

CreateRoundRectRgn
GetStockObject
DeleteObject
SetBkMode
SetTextColor
GetTextColor
GetObjectA
CreateFontIndirectA

ole32

CreateStreamOnHGlobal

Exports

Exports

DllInitalize
DllUnInitalize
InitBkSkin
InitProgress
Link
SetBtnSkin
SetProgressSkin
ShowDiskSpaceDlg
ShowRuningDlg
ShowVersionDlg
ShowWarningDlg

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

a648aeaa164b592c1e8892a10400b5ae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
FindClose
FindNextFileA
MulDiv
GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpiA
FindFirstFileA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 518B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/AudioCapture.dll
.dll windows:5 windows x86 arch:x86

884fb669714cf7109d8360f139096c69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\badu\Media\trunk\Capture-product\ReleaseU-VC10\AudioCapture.pdb

Imports

winmm

waveInUnprepareHeader
waveInStart
waveInPrepareHeader
waveInAddBuffer
waveOutPrepareHeader
waveInClose
mixerGetDevCapsW
waveInStop
waveOutWrite
waveOutOpen
waveOutUnprepareHeader
waveOutReset
waveOutClose
waveOutGetNumDevs
waveInGetNumDevs
waveInOpen
waveInReset

setupapi

SetupDiOpenDeviceInterfaceRegKey
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

InterlockedExchange
DecodePointer
InterlockedCompareExchange
TerminateProcess
LoadLibraryW
GetProcAddress
FreeLibrary
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
InterlockedIncrement
GetLastError
InterlockedDecrement
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
CloseHandle
SetThreadPriority
CreateThread
CreateEventW
Sleep
GetVersionExW
CreateFileW

advapi32

RegQueryValueExW

ole32

CoCreateInstance
PropVariantClear
CoInitializeEx
CoUninitialize
CoTaskMemFree

msvcr100

calloc
malloc
floor
realloc
__iob_func
_CIexp
rand
_CIpow
_CIsqrt
_CIsin
_CIcos
_CIatan
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_CIlog
fprintf
printf
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
_purecall
??_V@YAXPAX@Z
??_U@YAPAXI@Z
memcpy
_endthreadex
_beginthreadex
wcsncpy
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common

Exports

Exports

CreateAudioCapture
DestroyAudioCapture
SetMainPath

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/AudioCodec2.dll
.dll windows:5 windows x86 arch:x86

96245bba71baf63ddaf8532f60fa69f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Projects\svn\svn.17guagua.com\Media\trunk\Codec-product\ReleaseU-VC10\AudioCodec2.pdb

Imports

kernel32

GetSystemTimeAsFileTime
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetLastError
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
WriteFile
GetModuleFileNameW
CloseHandle
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
MultiByteToWideChar
ReadFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapSize
HeapReAlloc
LoadLibraryW
RtlUnwind
SetStdHandle
WriteConsoleW
GetStringTypeW
CreateFileW

Exports

Exports

Decode
DecoderClose
DecoderInit
Encode
EncoderClose
EncoderInit

Sections

.text
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/AudioCodec3.dll
.dll windows:5 windows x86 arch:x86

8bb4c3bcf43e6c2d8f508507020168b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\badu\Media\trunk\Codec-src\AacCodec\AACEnc\AACEnc\Release\AudioCodec3.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeConsole
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

msvcr100

_onexit
_malloc_crt
free
_encoded_null
_initterm
_lock
_amsg_exit
__CppXcptFilter
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
__dllonexit
_unlock
??3@YAXPAX@Z
??2@YAPAXI@Z
memset
__CxxFrameHandler3
floor
_CIatan
_CIexp
_CIlog10
_CIsqrt
_wassert
memmove
ceil
calloc
_CIcos
_CIsin
memcpy
_CIlog
_CIpow
_initterm_e

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/AudioDecodec3.dll
.dll windows:5 windows x86 arch:x86

4b85616306397737b4dcba20d0f29a09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\badu\Media\trunk\Codec-src\AacCodec\AACDec\AACDec2\Release\AudioDecodec3.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
IsProcessorFeaturePresent

msvcr100

__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
__CxxFrameHandler3
calloc
_wassert
memmove
_CIlog
_CIcos
_CIsin
memset
_CIpow
_CIsqrt
_except_handler4_common

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/CJ.ico
GuaGuaCJ/ChatCostomPost.dll
.dll windows:4 windows x86 arch:x86

b3e76b3e790ff2a2201b019fcc49797d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Coding\OldChatUI\branchs\20130816_tr_r27_ChatUI_FinanceClient\ChatCostomPost\ReleaseU\ChatCostomPost.pdb

Imports

mfc71u

ord2239
ord314
ord280
ord577
ord774
ord3990
ord5524
ord283
ord2311
ord870
ord293
ord1479
ord2895
ord6111
ord282
ord2926
ord762
ord764
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1079
ord1087
ord1162
ord581
ord3824
ord757
ord566
ord3327
ord4255
ord4475
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3677
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032

msvcr71

_CxxThrowException
??0exception@@QAE@ABV0@@Z
__CxxFrameHandler
memset
_except_handler3
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
__security_error_handler
_initterm
malloc
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_beginthreadex
wcscpy
wcslen
_waccess
swprintf
sprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ

kernel32

LoadLibraryW
GetProcAddress
CreateEventW
ResumeThread
TerminateThread
OpenFileMappingW
MapViewOfFile
Sleep
SetEvent
WaitForSingleObject
FreeLibrary
GetModuleFileNameW
OpenProcess
TerminateProcess
CreateProcessW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LocalFree
LocalAlloc
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
GetExitCodeThread
GetVersionExA

user32

SendMessageTimeoutW
MessageBoxW
SendMessageW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

msvcp71

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

Exports

Exports

CreateChatCostomPostInstance
DestroyChatCostomPostInstance

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/ChatHall.exe
.exe windows:4 windows x86 arch:x86

502adeb93a5c86e01978c177c447ce13

Code Sign

04:44:c0
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

22/10/2008, 12:07

Not After

31/12/2029, 12:07

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

09/11/2016, 08:45

Not After

09/11/2026, 08:45

Subject

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:05:d1:a7:1e:87:e1:bc:b0:ac:cf:3e:c6:a6:7a:49
Certificate

Issuer

CN=WoSign Code Signing CA,O=WoSign CA Limited,C=CN

Not Before

22/01/2018, 07:08

Not After

17/01/2019, 07:58

Subject

CN=浙江齐聚科技有限公司,O=浙江齐聚科技有限公司,L=金华市,ST=浙江省,C=CN,1.2.840.113549.1.9.1=#0c0c4144406971696a752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

Issuer

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Not Before

15/08/2017, 07:55

Not After

15/08/2028, 07:55

Subject

CN=WoSign Time Stamping Signer,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/04/2015, 00:58

Not After

08/04/2025, 00:58

Subject

CN=WoSign Time Stamping Services CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:9f:f9:b4:36:2c:7d:12:26:89:f7:08:b0:76:bb:d3:f6:ff:9b:4b:7d:43:82:16:e3:d0:9e:7d:2f:70:ee:7e
Signer

Actual PE Digest

5e:9f:f9:b4:36:2c:7d:12:26:89:f7:08:b0:76:bb:d3:f6:ff:9b:4b:7d:43:82:16:e3:d0:9e:7d:2f:70:ee:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\ggcj_code\GGCJ_Client\20180531_br_r6255_Finance_client_6.2_vod\Product\ReleaseU\ChatHall.pdb

Imports

ws2_32

send
select
WSASetLastError
recv
WSAIoctl
getsockname
bind
getsockopt
getpeername
sendto
recvfrom
WSACleanup
inet_ntoa
inet_addr
WSAGetLastError
gethostbyname
htonl
getservbyname
htons
gethostbyaddr
getservbyport
ntohs
closesocket
connect
socket
ioctlsocket
__WSAFDIsSet
setsockopt
shutdown
gethostname
listen
accept
WSAStartup

mfc71u

ord1611
ord1392
ord5148
ord5199
ord925
ord927
ord2397
ord2379
ord2381
ord3339
ord1353
ord5171
ord1590
ord2708
ord2640
ord4256
ord6086
ord4119
ord1871
ord1785
ord5803
ord4098
ord2657
ord5862
ord3873
ord2366
ord577
ord870
ord3756
ord283
ord2860
ord2654
ord2155
ord5801
ord6063
ord2651
ord5867
ord5869
ord3869
ord4535
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5562
ord2832
ord4475
ord4255
ord3327
ord757
ord293
ord566
ord1096
ord1049
ord3824
ord5209
ord2239
ord280
ord776
ord2077
ord1536
ord5911
ord4226
ord5210
ord2311
ord1894
ord3789
ord5609
ord3396
ord1632
ord1562
ord4232
ord3678
ord3467
ord2081
ord1628
ord1549
ord4230
ord642
ord745
ord1176
ord3204
ord1925
ord3157
ord1271
ord3198
ord2895
ord2985
ord572
ord777
ord557
ord709
ord860
ord5638
ord6033
ord5727
ord501
ord4347
ord4337
ord4514
ord4879
ord4358
ord4094
ord2085
ord3238
ord1946
ord1274
ord4656
ord3395
ord1220
ord2229
ord6140
ord5272
ord266
ord265
ord2460
ord774
ord4101
ord2260
ord1182
ord1178
ord2132
ord4292
ord2809
ord2121
ord5558
ord3990
ord2261
ord5829
ord5711
ord1472
ord4027
ord290
ord2926
ord3927
ord287
ord3645
ord3483
ord658
ord723
ord4642
ord1479
ord6111
ord282
ord5712
ord531
ord6116
ord2788
ord4109
ord2255
ord2361
ord4123
ord5908
ord1782
ord894
ord2444
ord578
ord2313
ord310
ord2893
ord2159
ord3390
ord6232
ord1386
ord896
ord5485
ord899
ord3433
ord3155
ord3296
ord2521
ord5607
ord6056
ord5604
ord6050
ord4155
ord6053
ord5884
ord5723
ord5643
ord5519
ord5584
ord5410
ord5397
ord5917
ord5715
ord602
ord1270
ord347
ord2461
ord3249
ord3875
ord6161
ord2066
ord2364
ord5327
ord6293
ord5316
ord6282
ord1555
ord1921
ord651
ord416
ord1883
ord2867
ord5633
ord4117
ord3995
ord5637
ord1920
ord3448
ord1476
ord3755
ord1867
ord2656
ord3635
ord3435
ord354
ord605
ord4314
ord589
ord330
ord6279
ord4112
ord4574
ord1118
ord1086
ord5914
ord5524
ord784
ord314
ord1067
ord655
ord1434
ord1908
ord5966
ord5105
ord421
ord300
ord5398
ord3753
ord1876
ord2876
ord1922
ord1474
ord4092
ord1538
ord4228
ord741
ord2086
ord1582
ord4234
ord3311
ord2713
ord629
ord5319
ord5083
ord384
ord1430
ord6284
ord620
ord3568
ord1638
ord1580
ord739
ord5742
ord2489
ord1959
ord2362
ord1416
ord3424
ord591
ord2225
ord4882
ord3670
ord3577
ord1641
ord1585
ord4237
ord3752
ord748
ord3508
ord1027
ord5337
ord2297
ord1172
ord2250
ord3043
ord3482
ord1388
ord6262
ord1924
ord1475
ord4093
ord1561
ord4231
ord657
ord3400
ord6299
ord584
ord1425
ord317
ord326
ord3590
ord5981
ord1542
ord1661
ord1662
ord2011
ord760
ord1156
ord2871
ord1202
ord783
ord1154
ord4042
ord4041
ord4884
ord4729
ord4206
ord5178
ord1058
ord1079
ord4929
ord6061
ord2411
ord2412
ord2415
ord2414
ord2413
ord762
ord764
ord4179
ord5202
ord2797
ord4667
ord4194
ord648
ord410
ord4267
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2534
ord502
ord2254
ord3560
ord1578
ord731
ord2856
ord2711
ord4301
ord2829
ord2725
ord2531
ord5196
ord1553
ord1646
ord1647
ord1955
ord1351
ord4961
ord3338
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord929
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord6271
ord5067
ord1899
ord5147
ord4238
ord1393
ord3940
ord1608
ord1610
ord5910
ord3968
ord4854
ord4857
ord4373
ord4378
ord4375
ord4393
ord4395
ord4380
ord4770
ord4581
ord4172
ord4165
ord4974
ord4383
ord4775
ord4198
ord4784
ord4437
ord4438
ord3734
ord4513
ord4914
ord4553
ord5043
ord4433
ord4362
ord4495
ord4840
ord4964
ord4523
ord4474
ord4965
ord4510
ord4942
ord4788
ord4281
ord4370
ord4371
ord4957
ord4790
ord4704
ord4799
ord5047
ord4958
ord4643
ord4940
ord4501
ord4955
ord4668
ord4125
ord1293
ord1999
ord4126
ord3471
ord3596
ord3644
ord4755
ord3983
ord3570
ord753
ord563
ord1939
ord1970
ord1281
ord2252
ord1006
ord6251
ord587
ord3417
ord1087
ord5648
ord2368
ord2622
ord2365
ord1198
ord1784

msvcr71

_except_handler3
free
swprintf
_localtime64
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_wtoi
_CxxThrowException
??0exception@@QAE@ABV0@@Z
malloc
_beginthreadex
wcslen
_purecall
wcstok
wcsncmp
rand
srand
time
_wtoi64
fclose
fwrite
_wfopen
strtoul
strncpy
_snprintf
fseek
fread
fopen
wcscmp
wcsncpy
memmove
_wtol
sprintf
wcsstr
_waccess
wcscat
_wcsnicmp
swscanf
_itow
_atoi64
sscanf
strncmp
atoi
ceil
wcschr
isspace
isalnum
_endthreadex
strstr
localtime
fprintf
printf
vsprintf
fputwc
strchr
strpbrk
calloc
_iob
realloc
_errno
tolower
strrchr
strtol
isxdigit
_strtoi64
fgets
qsort
fputs
isdigit
fputc
strerror
_sys_nerr
memchr
_fstati64
_lseeki64
getenv
fflush
isalpha
gmtime
_stati64
islower
isupper
isprint
isgraph
memset
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
toupper
_ftime
_strdup
_close
_write
_open
_read
_stricmp
_strnicmp
__CxxFrameHandler
wcscpy
_i64tow
_i64toa
ftell
_time64
_vscprintf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__security_error_handler
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
_itoa
_wcsicmp

kernel32

CreateToolhelp32Snapshot
Process32FirstW
TerminateProcess
Process32NextW
GetLastError
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenFileMappingW
CreateDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
OpenProcess
GetModuleFileNameW
HeapFree
CreateThread
Sleep
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
GetTempPathW
FormatMessageW
LocalFree
FreeLibrary
SetFileAttributesW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
CreateEventW
GlobalAlloc
GlobalLock
WaitForSingleObject
ResetEvent
SetEvent
InterlockedDecrement
InterlockedIncrement
LoadLibraryW
GetProcAddress
SetUnhandledExceptionFilter
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CloseHandle
lstrcatW
lstrcpyW
lstrlenW
MultiByteToWideChar
GetTickCount
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapAlloc
HeapDestroy
CreateMutexW
lstrlenA
FindResourceExW
GlobalSize
GlobalReAlloc
MulDiv
GlobalFree
WinExec
GetWindowsDirectoryW
WritePrivateProfileStringW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryA
GetSystemDirectoryA
OutputDebugStringA
SetLastError
SleepEx
GetVersionExA
FormatMessageA
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapReAlloc
HeapSize
GetProcessHeap
DeviceIoControl
GetVersion
GlobalUnlock
GetDriveTypeW
ResumeThread
TerminateThread
WriteFile

user32

MessageBeep
GetMessagePos
DestroyCursor
GetWindowInfo
RedrawWindow
FrameRect
EndPaint
GetWindowDC
ReleaseCapture
GetNextDlgGroupItem
SetCursor
BeginPaint
GetPropW
GetDlgCtrlID
EnumChildWindows
ClientToScreen
GetActiveWindow
GetUpdateRect
GetMenu
GetSubMenu
GetMenuItemID
IsRectEmpty
GetMenuItemCount
GetMenuItemInfoW
ScreenToClient
MoveWindow
SetParent
PostMessageW
DrawTextW
GetSysColor
InflateRect
LoadImageW
DispatchMessageW
TranslateMessage
PeekMessageW
DestroyWindow
GetClientRect
EnableWindow
IsWindow
GetWindowRect
SendMessageW
LoadCursorW
SetPropW
FindWindowExW
RegisterClassW
GetFocus
LoadIconW
GetParent
GetCursorPos
DefWindowProcW
CallWindowProcW
SetRect
IntersectRect
RemovePropW
GetScrollInfo
GetClassInfoExW
SetLayeredWindowAttributes
SystemParametersInfoW
PtInRect
IsWindowVisible
SetCapture
ReleaseDC
CreateWindowExW
AdjustWindowRectEx
AppendMenuW
CreatePopupMenu
FillRect
GetDC
GetSystemMetrics
SetWindowRgn
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
SetWindowTextW
IsWindowEnabled
PostQuitMessage
EnumWindows
MessageBoxW
GetWindowTextW
GetClassNameW
GetWindowThreadProcessId
GetWindow
DestroyIcon
GetWindowLongW
SetWindowLongW
KillTimer
SetTimer
GetKeyState
InvalidateRect
SetWindowPos
LoadBitmapW
GrayStringW
DrawTextExW
TabbedTextOutW
CopyRect
RegisterClassExW
ShowWindow
OffsetRect

gdi32

DeleteDC
ExcludeClipRect
CreateFontIndirectW
GetObjectW
SetTextColor
GetDeviceCaps
CreateDCW
CombineRgn
ExtCreateRegion
CreateDIBSection
CreateRectRgn
OffsetRgn
GetTextExtentPointW
CreateRoundRectRgn
GetTextExtentPoint32W
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
CreatePen
SelectObject
DeleteObject
GetTextMetricsW
CreateFontW
CreateSolidBrush
SetBkMode

advapi32

CryptAcquireContextA
RegQueryValueW
RegCreateKeyW
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
RegOpenKeyW
CryptCreateHash
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
Shell_NotifyIconW
SHGetSpecialFolderLocation

comctl32

ImageList_AddMasked
ord17
ImageList_GetImageInfo
ImageList_GetImageCount
ImageList_Draw
_TrackMouseEvent

ole32

CoUninitialize
CoCreateGuid
CreateStreamOnHGlobal
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantCopy
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen

urlmon

CoInternetGetSession

gdiplus

GdiplusStartup
GdiplusShutdown
GdipCloneBrush
GdipDeleteGraphics
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipCreateTexture2I
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreateBitmapFromStream
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageEncodersSize
GdipGetImageEncoders
GdipSetImageAttributesColorKeys
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatHotkeyPrefix
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipMeasureString
GdipCreateBitmapFromHBITMAP
GdipCreatePen1
GdipDeletePen
GdipSetPenMode
GdipDrawRectangleI
GdipSetClipRectI
GdipSaveImageToStream
GdipDrawImageI
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipFree
GdipCreateFromHDC
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipAlloc
GdipCloneImage
GdipDeleteBrush
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreateFontFamilyFromName
GdipGetGenericFontFamilySansSerif
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipCreateSolidFill
GdipSetStringFormatTrimming
GdipFillRectangleI
GdipDrawString
GdipDrawImageRectRectI

msvcp71

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AViterator@12@XZ
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEX_NI@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

dbghelp

MiniDumpWriteDump

wininet

InternetSetOptionW
InternetGetCookieExW

psapi

GetProcessImageFileNameW

netapi32

Netbios

wldap32

ord33
ord200
ord79
ord35
ord32
ord30
ord301
ord50
ord60
ord143
ord211
ord22
ord27
ord26
ord46
ord41

Sections

.text
Size: 756KB - Virtual size: 752KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.v-lizer
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
GuaGuaCJ/ChatHall.ini
GuaGuaCJ/ChatRTI.dll
.dll windows:4 windows x86 arch:x86

ad0a0ee0440dd8be4b54b8c9b3af774b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Coding\OldChatUI\branchs\20130816_tr_r27_ChatUI_FinanceClient\ChatRTI\ReleaseU\ChatRTI.pdb

Imports

mfc71u

ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord566
ord757
ord3824
ord2239
ord764
ord762
ord314
ord3713
ord266
ord265
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1079
ord1033
ord1087
ord1162
ord581
ord315
ord765
ord3712
ord2527
ord2640
ord2534
ord2832
ord2708
ord4301
ord2829
ord2725
ord2531
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord3677

msvcr71

?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
__security_error_handler
_onexit
__dllonexit
free
_except_handler3
memset
sprintf
__CxxFrameHandler

kernel32

LocalFree
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
TerminateProcess
ReleaseMutex
WaitForSingleObject
OpenMutexW
CreateMutexW
CreateFileMappingW
CloseHandle
MapViewOfFile
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
LocalAlloc

user32

SendMessageTimeoutW

Exports

Exports

CreateChatRTIInstance
DestroyChatRTIInstance

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/ChatRoomUI.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

135cc4765d434b7922f2bb51b73648fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Svn\guagua\ChatHall\ChatRoomOcx\ReleaseU\ChatRoomOcx.pdb

Imports

mfc71u

ord5231
ord5229
ord920
ord925
ord929
ord927
ord931
ord2384
ord2404
ord2388
ord2394
ord2392
ord2390
ord2407
ord2402
ord2386
ord2409
ord2397
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord1647
ord1646
ord1590
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4256
ord605
ord354
ord5199
ord4347
ord1894
ord764
ord6063
ord6061
ord6277
ord4574
ord3598
ord3596
ord3651
ord3514
ord6260
ord2905
ord6261
ord4308
ord5376
ord2851
ord2936
ord4475
ord4255
ord3269
ord476
ord2292
ord701
ord1948
ord1320
ord5452
ord963
ord4167
ord4550
ord4492
ord5515
ord1649
ord4731
ord4808
ord5856
ord1612
ord1415
ord5112
ord2503
ord3750
ord5055
ord4569
ord4571
ord2416
ord5483
ord3974
ord4525
ord4524
ord4636
ord4508
ord4789
ord4398
ord4368
ord4443
ord4873
ord4815
ord4820
ord4825
ord4521
ord4795
ord4794
ord4530
ord4529
ord4528
ord4506
ord4552
ord4913
ord4515
ord4500
ord5956
ord4650
ord4507
ord4490
ord4489
ord4952
ord4432
ord4199
ord4187
ord4182
ord4607
ord4609
ord4606
ord4239
ord4453
ord4894
ord4246
ord4877
ord4864
ord1988
ord2987
ord4389
ord2504
ord5911
ord1393
ord1897
ord6266
ord2532
ord2726
ord2830
ord4302
ord2841
ord2535
ord2639
ord3944
ord4477
ord5675
ord683
ord2148
ord3819
ord451
ord2550
ord4839
ord4340
ord4925
ord5210
ord4295
ord762
ord1079
ord2362
ord1088
ord314
ord1142
ord1127
ord2041
ord577
ord1220
ord2311
ord293
ord4032
ord4008
ord6272
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2238
ord3942
ord4562
ord5226
ord5209
ord5562
ord3823
ord2832
ord2984
ord3256
ord566
ord757
ord6248
ord1133
ord1145
ord3655
ord3531
ord4420
ord4534
ord4720
ord4897
ord4576
ord6267
ord5206
ord4273
ord2852
ord4478
ord479
ord1754
ord1129
ord703
ord1044
ord1591
ord4276
ord4716
ord765
ord315
ord1033
ord1197
ord1199
ord1093
ord371
ord1115
ord1192
ord1168
ord1170
ord1200
ord1087
ord1162
ord581
ord3397
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord3435
ord4180
ord3635
ord1043

msvcr71

__CxxFrameHandler
wcscpy
wcsncpy
wcslen
_wtoi64
wcscat
wcsrchr
memset
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__CppXcptFilter
_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
__security_error_handler
free
_except_handler3

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
GetSystemTimeAsFileTime
GetModuleFileNameW
SetCurrentDirectoryW
LoadLibraryW
GetProcAddress
LocalFree
GetVersionExA

user32

GetSystemMetrics
GetClientRect
FillRect
EnableWindow

gdi32

GetStockObject

ole32

CoCreateInstance

oleaut32

LoadRegTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GuaGuaCJ/NoahRoom/Skin/ChatFrame.ico
GuaGuaCJ/NoahRoom/Skin/FnncFrame.ico
GuaGuaCJ/Skin/ChatFrame.ico
GuaGuaCJ/Skin/FnncFrame.ico

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

04:44:c0Certificate

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:aeCertificate

Extended Key Usages

Key Usages

1c:05:d1:a7:1e:87:e1:bc:b0:ac:cf:3e:c6:a6:7a:49Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47Certificate

Extended Key Usages

Key Usages

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0eCertificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

c7:92:8b:f2:4b:df:f7:ed:e7:b6:9d:bd:da:12:11:4b:eb:6c:41:03:1b:69:24:67:22:80:dd:6b:24:e3:2f:6fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 100KB

.rsrc Size: 130KB - Virtual size: 129KB

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

ca9f1b878c7f5aeb01c3f5807dc45da9

Headers

File Characteristics

Imports

comctl32

gdiplus

kernel32

user32

gdi32

ole32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 64KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 6KB - Virtual size: 5KB

8df26927f8978d4eb40ff179c0aa961b

Headers

04:44:c0
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

17:ef:72:b4:15:7d:6f:4b:68:e4:bd:d5:75:e5:cc:ae
Certificate

1c:05:d1:a7:1e:87:e1:bc:b0:ac:cf:3e:c6:a6:7a:49
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

6d:79:16:4f:42:57:0d:7a:07:0b:5e:c7:60:39:7c:47
Certificate

51:ec:ef:d7:72:99:ba:1a:dd:28:02:43:1e:86:e2:0e
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

c7:92:8b:f2:4b:df:f7:ed:e7:b6:9d:bd:da:12:11:4b:eb:6c:41:03:1b:69:24:67:22:80:dd:6b:24:e3:2f:6f
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 130KB - Virtual size: 129KB

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

.text
Size: 64KB - Virtual size: 64KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 1024B - Virtual size: 518B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 574B