General

Malware Config

Signatures

Files

• 73c6da067fb3d334aff02a228f118992_JaffaCakes118

  .exe windows:5 windows x86 arch:x86

  be41bf7b8cc010b614bd36bbca606973

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  12-02-2015 00:59

  Not After

  12-02-2017 00:59

  Subject

  CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  Imports

  kernel32

  SetFileTime

  CompareFileTime

  SearchPathW

  GetShortPathNameW

  GetFullPathNameW

  MoveFileW

  SetCurrentDirectoryW

  GetFileAttributesW

  GetLastError

  CreateDirectoryW

  SetFileAttributesW

  Sleep

  GetTickCount

  GetFileSize

  GetModuleFileNameW

  GetCurrentProcess

  CopyFileW

  ExitProcess

  GetWindowsDirectoryW

  GetTempPathW

  GetCommandLineW

  SetErrorMode

  lstrcpynA

  CloseHandle

  lstrcpynW

  GetDiskFreeSpaceW

  GlobalUnlock

  GlobalLock

  CreateThread

  LoadLibraryW

  CreateProcessW

  lstrcmpiA

  CreateFileW

  GetTempFileNameW

  lstrcatW

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  OpenProcess

  lstrcpyW

  GetVersionExW

  GetSystemDirectoryW

  GetVersion

  lstrcpyA

  RemoveDirectoryW

  lstrcmpA

  lstrcmpiW

  lstrcmpW

  ExpandEnvironmentStringsW

  GlobalAlloc

  WaitForSingleObject

  GetExitCodeProcess

  GlobalFree

  GetModuleHandleW

  LoadLibraryExW

  FreeLibrary

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  WideCharToMultiByte

  lstrlenA

  MulDiv

  WriteFile

  ReadFile

  MultiByteToWideChar

  SetFilePointer

  FindClose

  FindNextFileW

  FindFirstFileW

  DeleteFileW

  lstrlenW

  user32

  GetAsyncKeyState

  IsDlgButtonChecked

  ScreenToClient

  GetMessagePos

  CallWindowProcW

  IsWindowVisible

  LoadBitmapW

  CloseClipboard

  SetClipboardData

  EmptyClipboard

  OpenClipboard

  TrackPopupMenu

  GetWindowRect

  AppendMenuW

  CreatePopupMenu

  GetSystemMetrics

  EndDialog

  EnableMenuItem

  GetSystemMenu

  SetClassLongW

  IsWindowEnabled

  SetWindowPos

  DialogBoxParamW

  CheckDlgButton

  CreateWindowExW

  SystemParametersInfoW

  RegisterClassW

  SetDlgItemTextW

  GetDlgItemTextW

  MessageBoxIndirectW

  CharNextA

  CharUpperW

  CharPrevW

  wvsprintfW

  DispatchMessageW

  PeekMessageW

  wsprintfA

  DestroyWindow

  CreateDialogParamW

  SetTimer

  SetWindowTextW

  PostQuitMessage

  SetForegroundWindow

  ShowWindow

  wsprintfW

  SendMessageTimeoutW

  LoadCursorW

  SetCursor

  GetWindowLongW

  GetSysColor

  CharNextW

  GetClassInfoW

  ExitWindowsEx

  IsWindow

  GetDlgItem

  SetWindowLongW

  LoadImageW

  GetDC

  EnableWindow

  InvalidateRect

  SendMessageW

  DefWindowProcW

  BeginPaint

  GetClientRect

  FillRect

  DrawTextW

  EndPaint

  FindWindowExW

  gdi32

  SetBkColor

  GetDeviceCaps

  DeleteObject

  CreateBrushIndirect

  CreateFontIndirectW

  SetBkMode

  SetTextColor

  SelectObject

  shell32

  SHBrowseForFolderW

  SHGetPathFromIDListW

  SHGetFileInfoW

  ShellExecuteW

  SHFileOperationW

  SHGetSpecialFolderLocation

  advapi32

  RegEnumKeyW

  RegOpenKeyExW

  RegCloseKey

  RegDeleteKeyW

  RegDeleteValueW

  RegCreateKeyExW

  RegSetValueExW

  RegQueryValueExW

  RegEnumValueW

  comctl32

  ImageList_AddMasked

  ImageList_Destroy

  ord17

  ImageList_Create

  ole32

  CoTaskMemFree

  OleInitialize

  OleUninitialize

  CoCreateInstance

  version

  GetFileVersionInfoSizeW

  GetFileVersionInfoW

  VerQueryValueW

  Sections

  .text

  Size: 29KB - Virtual size: 28KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 458KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .ndata

  Size: - Virtual size: 1.1MB

  IMAGE_SCN_CNT_UNINITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 142KB - Virtual size: 142KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/Src/_btn_close.png

  .png
• $PLUGINSDIR/Src/bg.png

  .png
• $PLUGINSDIR/Src/bg_animation.png

  .png
• $PLUGINSDIR/Src/bg_complete.png

  .png
• $PLUGINSDIR/Src/bg_install.png

  .png
• $PLUGINSDIR/Src/bg_uninstall.png

  .png
• $PLUGINSDIR/Src/bg_uninstall_ac.png

  .png
• $PLUGINSDIR/Src/bg_uninstall_acc.png

  .png
• $PLUGINSDIR/Src/bg_uninstall_logo.png

  .png
• $PLUGINSDIR/Src/btn_blue_180_50.png

  .png
• $PLUGINSDIR/Src/btn_blue_90_30.png

  .png
• $PLUGINSDIR/Src/btn_gray_70_30.png

  .png
• $PLUGINSDIR/Src/btn_login_close.png

  .png
• $PLUGINSDIR/Src/btn_login_min.png

  .png
• $PLUGINSDIR/Src/btn_white_90_30.png

  .png
• $PLUGINSDIR/Src/checkbox_blue.png

  .png
• $PLUGINSDIR/Src/checkbox_white.png

  .png
• $PLUGINSDIR/Src/dot_down.png

  .png
• $PLUGINSDIR/Src/dot_up.png

  .png
• $PLUGINSDIR/Src/frameborder.png

  .png
• $PLUGINSDIR/Src/ic_info_46.png

  .png
• $PLUGINSDIR/Src/menu_bk.png

  .png
• $PLUGINSDIR/Src/menu_select_bkg.png

  .png
• $PLUGINSDIR/Src/menu_seperator.png

  .png
• $PLUGINSDIR/Src/messagebox.png

  .png
• $PLUGINSDIR/Src/messageboxLogo1.png

  .png
• $PLUGINSDIR/Src/prograssbar_gray.png

  .png
• $PLUGINSDIR/Src/prograssbar_white.png

  .png
• $PLUGINSDIR/Src/triangle.png

  .png
• $PLUGINSDIR/Src/tu1.png

  .png
• $PLUGINSDIR/Src/tu2.png

  .png
• $PLUGINSDIR/Src/tu3.png

  .png
• $PLUGINSDIR/Src/tu4.png

  .png
• $PLUGINSDIR/System.dll

  .dll windows:5 windows x86 arch:x86

  039bcbc605477e8e87ec550c2e60e748

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd

  Certificate

  Issuer

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Not Before

  08-11-2006 00:00

  Not After

  07-11-2021 23:59

  Subject

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageServerAuth

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  ExtKeyUsageNetscapeServerGatedCrypto

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  61:0c:12:06:00:00:00:00:00:1b

  Certificate

  Issuer

  CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  23-05-2006 17:01

  Not After

  23-05-2016 17:11

  Subject

  OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a

  Certificate

  Issuer

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Not Before

  27-02-2012 00:00

  Not After

  26-02-2015 23:59

  Subject

  CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7

  Certificate

  Issuer

  CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

  Not Before

  08-02-2010 00:00

  Not After

  07-02-2020 23:59

  Subject

  CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

  Extended Key Usages

  ExtKeyUsageClientAuth

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

  Signer

  Actual PE Digest

  78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  Imports

  kernel32

  GlobalAlloc

  GlobalFree

  GlobalSize

  GetLastError

  lstrcpyW

  lstrcpynW

  GetProcAddress

  WideCharToMultiByte

  lstrcatW

  lstrlenW

  lstrcmpiW

  LoadLibraryW

  GetModuleHandleW

  MultiByteToWideChar

  VirtualAlloc

  VirtualProtect

  FreeLibrary

  user32

  wsprintfW

  ole32

  CLSIDFromString

  StringFromGUID2

  Exports

  Exports

  Alloc

  Call

  Copy

  Free

  Get

  Int64Op

  Store

  StrAlloc

  Sections

  .text

  Size: 7KB - Virtual size: 7KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 1024B - Virtual size: 963B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 64B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 1024B - Virtual size: 588B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/insthelper.dll

  .dll windows:5 windows x86 arch:x86

  d5e7215a478e7104adc0718c6756befa

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  12-02-2015 00:59

  Not After

  12-02-2017 00:59

  Subject

  CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  D:\clientci\workspace\ime_compile_3.3.2.1010_patch\Basic\Outputs\Release\insthelper.pdb

  Imports

  shlwapi

  PathFileExistsW

  PathRemoveFileSpecW

  PathAppendW

  kernel32

  MulDiv

  GlobalReAlloc

  SizeofResource

  LockResource

  FreeResource

  LoadResource

  FindResourceW

  SetEnvironmentVariableA

  ReadConsoleW

  SetEndOfFile

  WriteConsoleW

  SetStdHandle

  SetFilePointerEx

  GetCurrentDirectoryW

  GetFullPathNameW

  PeekNamedPipe

  GetFileInformationByHandle

  FileTimeToLocalFileTime

  GetTimeZoneInformation

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetSystemTimeAsFileTime

  GetFileType

  GetStdHandle

  GetOEMCP

  GetACP

  IsValidCodePage

  HeapSize

  EnumSystemLocalesW

  GetUserDefaultLCID

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GlobalUnlock

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCPInfo

  RtlUnwind

  CreateDirectoryW

  WaitForSingleObject

  SystemTimeToTzSpecificLocalTime

  GetDriveTypeW

  FindFirstFileExW

  LoadLibraryExW

  ExitThread

  CreateThread

  HeapReAlloc

  GetCommandLineA

  IsProcessorFeaturePresent

  IsDebuggerPresent

  AreFileApisANSI

  GetModuleHandleExW

  ExitProcess

  GetStringTypeW

  EncodePointer

  DeviceIoControl

  GetSystemDirectoryW

  WaitForMultipleObjects

  DuplicateHandle

  HeapAlloc

  InterlockedIncrement

  GetProcessHeap

  HeapFree

  InterlockedDecrement

  FindClose

  FindFirstFileW

  WriteFile

  CopyFileW

  Sleep

  ResetEvent

  SystemTimeToFileTime

  GetSystemTime

  GetTempPathW

  RemoveDirectoryW

  MoveFileExW

  QueryPerformanceCounter

  GetFileAttributesW

  GlobalLock

  ReadFile

  GetFileSize

  CreateFileW

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  SetLastError

  LeaveCriticalSection

  EnterCriticalSection

  WideCharToMultiByte

  GetTickCount

  GetModuleHandleW

  GetModuleFileNameA

  MultiByteToWideChar

  GetCurrentThreadId

  GetLocalTime

  DeleteCriticalSection

  InitializeCriticalSection

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  GetSystemInfo

  GetModuleFileNameW

  GetVersionExW

  Process32NextW

  TerminateProcess

  OpenProcess

  GetCurrentProcessId

  lstrcmpiW

  Process32FirstW

  CreateToolhelp32Snapshot

  GetCurrentProcess

  GetLastError

  CloseHandle

  CreateProcessW

  ExpandEnvironmentStringsW

  lstrcpynW

  GlobalAlloc

  GetDiskFreeSpaceExW

  OutputDebugStringW

  GlobalFree

  lstrcpyW

  SetEvent

  FileTimeToSystemTime

  RaiseException

  InitializeCriticalSectionAndSpinCount

  DeleteFileW

  DecodePointer

  CreateEventW

  user32

  GetCapture

  IsWindow

  SendMessageW

  ShowWindow

  UpdateWindow

  SetRect

  LoadImageW

  GetSystemMetrics

  PostMessageW

  GetDlgItemTextW

  SetDlgItemTextW

  PostQuitMessage

  DestroyWindow

  GetWindowRect

  MoveWindow

  CallWindowProcW

  SetWindowPos

  SetWindowTextW

  SetWindowLongW

  ExitWindowsEx

  LoadCursorW

  FindWindowExW

  GetDlgItem

  GetWindowTextW

  FindWindowA

  SendMessageTimeoutW

  GetWindowLongW

  CallNextHookEx

  GetClassInfoW

  SetWindowsHookExW

  CreateWindowExW

  UnhookWindowsHookEx

  DefWindowProcW

  RegisterClassExW

  RegisterWindowMessageW

  GetClientRect

  SetTimer

  KillTimer

  UnionRect

  IntersectRect

  InvalidateRect

  IsRectEmpty

  BeginPaint

  GetDC

  UpdateLayeredWindow

  ReleaseDC

  IsWindowVisible

  EndPaint

  CreateCaret

  ShowCaret

  HideCaret

  SetCaretPos

  SetCursor

  SetFocus

  ClientToScreen

  WindowFromPoint

  TrackMouseEvent

  ScreenToClient

  GetCursorPos

  GetFocus

  GetClassNameW

  GetClassInfoExW

  DrawIconEx

  GetMenuState

  GetSystemMenu

  SetWindowPlacement

  PtInRect

  GetActiveWindow

  OffsetRect

  SetWindowRgn

  IsZoomed

  SystemParametersInfoW

  GetMessageW

  TranslateMessage

  DrawTextW

  GetCaretPos

  GetSysColor

  MapWindowPoints

  GetWindow

  GetParent

  InflateRect

  GetKeyState

  GetDesktopWindow

  ReleaseCapture

  SetCapture

  FillRect

  EnableWindow

  GetAncestor

  DispatchMessageW

  gdi32

  SelectClipRgn

  ExtSelectClipRgn

  GetClipRgn

  GetTextExtentPoint32W

  GetObjectA

  GetDeviceCaps

  CombineRgn

  ExtCreateRegion

  StretchBlt

  GetObjectW

  Rectangle

  GetTextMetricsW

  SetBkColor

  SetTextColor

  CreatePen

  CreateSolidBrush

  GetStockObject

  CreateRectRgn

  SetBkMode

  ExcludeClipRect

  CreateDIBSection

  DeleteDC

  BitBlt

  SelectObject

  CreateCompatibleBitmap

  CreateCompatibleDC

  DeleteObject

  CreateFontIndirectW

  advapi32

  RegQueryValueExA

  RegOpenKeyW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  RegSetValueExW

  RegCreateKeyExW

  RegCloseKey

  RegQueryValueExW

  RegOpenKeyExW

  RegOpenKeyExA

  shell32

  SHGetSpecialFolderPathW

  ShellExecuteW

  SHGetPathFromIDListW

  SHBrowseForFolderW

  ord165

  ord171

  SHCreateDirectoryExW

  ole32

  CreateStreamOnHGlobal

  CLSIDFromString

  gdiplus

  GdiplusStartup

  GdiplusShutdown

  GdipFree

  GdipAlloc

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateMatrix

  GdipDeleteMatrix

  GdipTranslateMatrix

  GdipRotateMatrix

  GdipDisposeImage

  GdipCreateFromHDC

  GdipGetImageGraphicsContext

  GdipDeleteGraphics

  GdipSetWorldTransform

  GdipGraphicsClear

  GdipDrawImageRectI

  GdipFillRectangleI

  GdipDrawPath

  GdipDrawRectangleI

  GdipSetSmoothingMode

  GdipAddPathArcI

  GdipAddPathLineI

  GdipDeletePath

  GdipCreatePath

  GdipDeletePen

  GdipCreatePen1

  GdipDeleteFont

  GdipCreateFontFromLogfontA

  GdipCreateFontFromDC

  GdipMeasureString

  GdipDrawString

  GdipSetTextRenderingHint

  GdipSetStringFormatTrimming

  GdipSetStringFormatLineAlign

  GdipSetStringFormatAlign

  GdipSetStringFormatFlags

  GdipDeleteStringFormat

  GdipCreateStringFormat

  GdipCreateSolidFill

  GdipCloneBrush

  GdipDeleteBrush

  GdipBitmapUnlockBits

  GdipBitmapLockBits

  GdipCloneBitmapAreaI

  GdipCreateHBITMAPFromBitmap

  GdipCreateBitmapFromScan0

  GdipCreateBitmapFromStream

  GdipCreateBitmapFromFile

  GdipGetImagePixelFormat

  GdipCloneImage

  GdipDrawImageRectRectI

  msimg32

  AlphaBlend

  imm32

  ImmUnlockIMC

  ImmLockIMC

  ImmGetDefaultIMEWnd

  ImmAssociateContext

  ImmGetContext

  ImmReleaseContext

  netapi32

  Netbios

  Exports

  Exports

  AbortInstall

  CreateInstallWnd

  DirLeave

  ExitWork

  GetCheckBoxStatus

  GetTNFromPackageName

  HideWindow

  KillProcess

  NewNsisWndProc

  NotifyHostSetupStatus

  UninstallWebAdapter

  WriteMustRebootTag

  Sections

  .text

  Size: 374KB - Virtual size: 374KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 84KB - Virtual size: 83KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 13KB - Virtual size: 24KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 272KB - Virtual size: 272KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 23KB - Virtual size: 23KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• $PLUGINSDIR/reportsetup.dll

  .dll windows:5 windows x86 arch:x86

  6b40f801eb0752570519ea3605a7e15a

  
  

  Code Sign

  7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b

  Certificate

  Issuer

  CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

  Not Before

  21-12-2012 00:00

  Not After

  30-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  04:00:00:00:00:01:2f:4e:e1:35:5c

  Certificate

  Issuer

  CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

  Not Before

  13-04-2011 10:00

  Not After

  13-04-2019 10:00

  Subject

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageCertSign

  KeyUsageCRLSign

  0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50

  Certificate

  Issuer

  CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

  Not Before

  18-10-2012 00:00

  Not After

  29-12-2020 23:59

  Subject

  CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  11:21:0c:fb:2a:27:02:26:51:c1:14:64:27:7f:19:40:f4:49

  Certificate

  Issuer

  CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

  Not Before

  12-02-2015 00:59

  Not After

  12-02-2017 00:59

  Subject

  CN=Baidu (China) Co.\, Ltd.,O=Baidu (China) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  Signer

  Actual PE Digest

  Digest Algorithm

  PE Digest Matches

  false

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_DLL

  PDB Paths

  D:\clientci\workspace\ime_compile_3.3.2.1010_patch\Basic\Outputs\Release\reportsetup.pdb

  Imports

  kernel32

  GetEnvironmentStringsW

  FreeEnvironmentStringsW

  OpenProcess

  GetCurrentProcess

  LocalFree

  ExpandEnvironmentStringsW

  LoadLibraryExW

  GetVolumeInformationA

  DeviceIoControl

  WriteFile

  GetFileAttributesW

  ReadFile

  FindClose

  GetLocalTime

  FindNextFileW

  GetCurrentThreadId

  SetEndOfFile

  ReadConsoleW

  SetEnvironmentVariableA

  WriteConsoleW

  SetStdHandle

  SetFilePointerEx

  FlushFileBuffers

  GetConsoleMode

  GetConsoleCP

  QueryPerformanceCounter

  GetFileType

  GetStdHandle

  GetSystemDirectoryW

  GetOEMCP

  GetACP

  IsValidCodePage

  GetTimeZoneInformation

  AreFileApisANSI

  ExitProcess

  EnumSystemLocalesW

  GetUserDefaultLCID

  SetLastError

  GetModuleHandleExW

  InterlockedExchange

  GetCurrentProcessId

  GetModuleHandleW

  InitializeCriticalSection

  VerifyVersionInfoW

  VerSetConditionMask

  GetVersionExW

  CreateFileW

  CreateDirectoryW

  MoveFileExW

  RemoveDirectoryW

  DeleteFileW

  GetModuleFileNameW

  LeaveCriticalSection

  EnterCriticalSection

  lstrcpynW

  GlobalAlloc

  GlobalFree

  lstrcpyW

  WideCharToMultiByte

  FindResourceExW

  FindResourceW

  LoadResource

  HeapReAlloc

  LockResource

  SizeofResource

  WritePrivateProfileStringW

  GetPrivateProfileStringW

  MultiByteToWideChar

  Sleep

  FreeLibrary

  GetProcAddress

  LoadLibraryW

  SetErrorMode

  CloseHandle

  Process32NextW

  lstrcmpiW

  Process32FirstW

  CreateToolhelp32Snapshot

  DeleteCriticalSection

  DecodePointer

  HeapSize

  GetLastError

  RaiseException

  HeapDestroy

  InitializeCriticalSectionAndSpinCount

  GetProcessHeap

  OutputDebugStringW

  HeapFree

  IsValidLocale

  GetLocaleInfoW

  LCMapStringW

  CompareStringW

  GetTimeFormatW

  GetDateFormatW

  GetStartupInfoW

  TlsFree

  TlsSetValue

  TlsGetValue

  TlsAlloc

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCPInfo

  RtlUnwind

  GetCommandLineA

  FileTimeToSystemTime

  SystemTimeToTzSpecificLocalTime

  FindFirstFileExW

  GetFileAttributesExW

  GetSystemTimeAsFileTime

  IsProcessorFeaturePresent

  GetTickCount

  GetModuleFileNameA

  UnmapViewOfFile

  MapViewOfFile

  CreateFileMappingW

  GetSystemInfo

  EncodePointer

  GetStringTypeW

  IsDebuggerPresent

  HeapAlloc

  user32

  SendMessageTimeoutW

  FindWindowA

  MessageBoxW

  LoadImageW

  IsWindow

  DestroyWindow

  DefWindowProcW

  LoadCursorW

  RegisterClassW

  CreateWindowExW

  gdi32

  GetStockObject

  advapi32

  RegQueryValueExA

  RegOpenKeyExW

  GetFileSecurityW

  DuplicateToken

  AccessCheck

  MapGenericMask

  RegEnumKeyExA

  RegOpenKeyExA

  GetSidSubAuthority

  GetSidSubAuthorityCount

  GetTokenInformation

  OpenProcessToken

  RegSetValueExW

  RegOpenKeyW

  RegCloseKey

  RegQueryValueExW

  shell32

  Shell_NotifyIconW

  SHGetFolderPathW

  ord165

  ole32

  CLSIDFromString

  CoTaskMemFree

  oleaut32

  VariantClear

  shlwapi

  PathFileExistsW

  PathAppendW

  PathRemoveFileSpecW

  winhttp

  WinHttpWriteData

  WinHttpCloseHandle

  WinHttpSendRequest

  WinHttpSetOption

  WinHttpOpenRequest

  WinHttpReadData

  WinHttpQueryDataAvailable

  WinHttpReceiveResponse

  WinHttpOpen

  WinHttpConnect

  iphlpapi

  GetAdaptersInfo

  Exports

  Exports

  CheckPathValid

  CheckSetupAccess

  GetEnvironmentTN

  Is_Win8_or_Later

  NotifyMsg

  RemoveFiles

  RevertPendingDeletion

  SetupActiveC

  SetupSucC

  TestSetupPCSuit

  URLEncode

  UnSetupActiveC

  UnSetupSucC

  Sections

  .text

  Size: 225KB - Virtual size: 224KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 60KB - Virtual size: 59KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 7KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .reloc

  Size: 10KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ