7d2390023cfcbf321e6fe1dd7d521a20_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7d2390023cfcbf321e6fe1dd7d521a20_JaffaCakes118
Size

3.3MB
MD5

7d2390023cfcbf321e6fe1dd7d521a20
SHA1

5e3a609851cd2692587b69dfcc2ba394d11d1eda
SHA256

659e7e6fc0e38fbc96942371d89ed9a378c9e53766a138cd87e121c5926f3a5c
SHA512

9237a75713b4412e801ac058f7c344a94efc497bc3307ea709f6f517ef4c69c7b6c400db6c4033c0bc6b95bbf685efc77b8ece1a0cfb29a3ef0aafada9c5a017
SSDEEP

49152:Zp5Prp4x5I+Uv8YaGH7X6lcMjHpggyRp8KuHzRbR6dIZOV89nqhDYToMImkOPbSF:ZnPqjI36GH7SNgz2HNbv5wYkMIozp

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$_2_/curllib.dll
unpack001/$_2_/tinyxml.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7d2390023cfcbf321e6fe1dd7d521a20_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:0b:9b:a6:41:55:7f:3f:f7:2a:40:59:77:68:9f:f0:5d:a3:68:75
Signer

Actual PE Digest

3b:0b:9b:a6:41:55:7f:3f:f7:2a:40:59:77:68:9f:f0:5d:a3:68:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/Ad.exe
.exe windows:4 windows x86 arch:x86

a5e1c2ec7a61ae37e9ca2f404e3cafbc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:35:70:f3:d3:c5:4d:8d:5b:9e:0e:ad:13:79:f2:1e:db:6d:44:61
Signer

Actual PE Digest

e0:35:70:f3:d3:c5:4d:8d:5b:9e:0e:ad:13:79:f2:1e:db:6d:44:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\MyProjects\Xuanfen2_proj\branches\QQVipDownload\binD\Ad.pdb

Imports

kernel32

GlobalAlloc
GlobalLock
FindResourceExW
ReadFile
GlobalUnlock
GetModuleFileNameW
CloseHandle
LoadResource
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
SetFilePointer
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LockResource
CreateFileW
SizeofResource
OutputDebugStringW
GetLastError
UnhandledExceptionFilter
FindResourceW

user32

UpdateLayeredWindow
GetWindowDC
KillTimer
GetWindowRect
UpdateWindow
ShowWindow
SetWindowPos
GetDesktopWindow
CreateWindowExW
DispatchMessageW
UnregisterClassA
RegisterClassExW
SetTimer
FindWindowExW
TranslateMessage
GetMessageW
IsWindow
ReleaseDC
PostQuitMessage
SetCursor
SetForegroundWindow
GetCursorPos
AttachThreadInput
DefWindowProcW
GetForegroundWindow
PtInRect
GetWindowThreadProcessId
ScreenToClient
LoadCursorW

gdi32

SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
DeleteDC

shell32

ShellExecuteW
CommandLineToArgvW

ole32

CreateStreamOnHGlobal

shlwapi

PathAppendW
PathRemoveFileSpecW

gdiplus

GdipBitmapLockBits
GdipDisposeImage
GdipBitmapUnlockBits
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth

msvcr80

_CxxThrowException
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_controlfp_s
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
__CxxFrameHandler3
_decode_pointer
_onexit
_initterm_e
_invoke_watson
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
memcpy_s
wcslen
memmove_s
abs
labs
memset
free
_unlock
__dllonexit
_encode_pointer
_lock

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/DownloadProxyPS.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b177dcb186702f9a4775e053e2fa1e17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:64:d9:27:97:54:e8:63:2f:56:8a:83:00:53:97:85:29:fa:1d:f5
Signer

Actual PE Digest

83:64:d9:27:97:54:e8:63:2f:56:8a:83:00:53:97:85:29:fa:1d:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_AddRef

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 844B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/QQVipDownloader.exe
.exe windows:4 windows x86 arch:x86

b697d651325050ec91e5a19206be99b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:fc:05:3d:df:f2:33:fa:60:5f:a9:1a:ab:26:de:78:d4:09:dc:f6
Signer

Actual PE Digest

9e:fc:05:3d:df:f2:33:fa:60:5f:a9:1a:ab:26:de:78:d4:09:dc:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\MyProjects\Xuanfen2_proj\branches\QQVipDownload\binD\QQVipDownloader.pdb

Imports

gdiplus

GdiplusStartup
GdipDeleteBrush
GdipCreateFromHDC
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipDeleteFontFamily
GdipDrawString
GdipCloneBrush
GdipCreateFont
GdipCreateBitmapFromStream
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImageWidth
GdipDisposeImage
GdipGetImageHeight
GdipAlloc
GdipFree
GdipCloneImage
GdipCreateSolidFill

msimg32

AlphaBlend

comctl32

InitCommonControlsEx
_TrackMouseEvent

kernel32

CopyFileW
FormatMessageW
FreeResource
GetVersionExA
lstrcmpW
LoadLibraryA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
InterlockedExchange
CompareStringA
GetLocaleInfoW
lstrcmpA
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetThreadLocale
lstrlenA
GetModuleHandleA
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
GetFileTime
FreeLibrary
UnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
RaiseException
RtlUnwind
ExitThread
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetVolumeInformationW
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetDriveTypeA
CreateFileA
SetEnvironmentVariableA
WriteFile
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetTickCount
Sleep
MulDiv
LoadLibraryW
lstrlenW
LocalFree
LocalAlloc
ReadFile
SetFilePointer
GetLongPathNameW
FindFirstFileW
GetFileSize
DeleteFileW
CreateDirectoryW
FindClose
LeaveCriticalSection
GetWindowsDirectoryW
GlobalUnlock
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapAlloc
VirtualAllocEx
ReadProcessMemory
TerminateProcess
SetHandleCount
FlushFileBuffers
WaitForMultipleObjects
CreateProcessW
SearchPathW
DuplicateHandle
CreateEventW
EnterCriticalSection
SuspendThread
OpenThread
Thread32Next
Thread32First
CreateToolhelp32Snapshot
HeapFree
GetCurrentProcess
SetUnhandledExceptionFilter
WriteProcessMemory
GetProcAddress
SetErrorMode
GetCurrentThreadId
GetCurrentProcessId
VirtualQuery
GetDiskFreeSpaceExW
CreateThread
GetModuleHandleW
OutputDebugStringW
DeleteCriticalSection
InitializeCriticalSection
GetDriveTypeW
InterlockedCompareExchange
GetLogicalDriveStringsW
GetSystemDirectoryW
CreateMutexW
SetLastError
WritePrivateProfileStringW
GetLastError
OutputDebugStringA
GetCurrentThread
GetModuleFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameA
GetFileAttributesW
lstrcpynW
CreateFileW
CloseHandle
DeviceIoControl
SetThreadLocale
GetPrivateProfileStringW
GetPrivateProfileIntW
GetVersionExW
LockResource
SizeofResource
LoadResource
FindResourceW
FormatMessageA
GetLocalTime
TerminateThread
IsBadReadPtr
GetStartupInfoW

user32

InvalidateRgn
SetRect
CopyAcceleratorTableW
SetWindowContextHelpId
MapDialogRect
DestroyMenu
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
CharNextW
GetMessageW
TranslateMessage
ValidateRect
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
GetWindowTextW
GetLastActivePopup
DispatchMessageW
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
UpdateWindow
GetMenu
GetClassInfoExW
RegisterClipboardFormatW
SetWindowPlacement
GetDlgCtrlID
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDC
InvalidateRect
IsClipboardFormatAvailable
HideCaret
SetRectEmpty
ShowCaret
EqualRect
SetCaretPos
GetSysColor
SystemParametersInfoW
UnhookWindowsHookEx
CallNextHookEx
SetActiveWindow
SetWindowsHookExW
mouse_event
AttachThreadInput
UpdateLayeredWindow
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
UnionRect
ReleaseDC
GetWindowDC
FillRect
DrawTextW
SetCursor
ReleaseCapture
ClientToScreen
IntersectRect
SetCapture
IsRectEmpty
GetKeyState
SetForegroundWindow
OffsetRect
AppendMenuW
GetSystemMenu
PostQuitMessage
PostThreadMessageW
UnregisterClassW
MessageBeep
GetNextDlgGroupItem
CharUpperW
GetSysColorBrush
DrawIcon
AdjustWindowRectEx
FindWindowA
GetWindowRect
GetWindowLongW
LoadCursorW
DefWindowProcW
GetClientRect
MoveWindow
CopyRect
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemInt
SetFocus
GetCursorPos
MessageBoxW
ShowWindow
KillTimer
IsIconic
IsWindowVisible
GetSystemMetrics
CreateWindowExW
RegisterWindowMessageW
DestroyWindow
SetTimer
LoadImageW
ScreenToClient
RegisterClassW
GetClassInfoW
GetDesktopWindow
SendMessageW
IsWindow
FindWindowExW
GetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
GetDlgItem
SetWindowPos
SetWindowTextW
SetDlgItemTextW
EnableWindow
PostMessageW
PtInRect
UnregisterClassA
SendMessageTimeoutW
CreateCaret

gdi32

DeleteDC
ExtSelectClipRgn
DeleteObject
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
CreateDIBSection
SelectObject
CreateFontIndirectW
GetObjectW
CreateRectRgnIndirect
GetStockObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
CreateBitmap
SetBkColor
GetClipBox
GetDeviceCaps
CreateSolidBrush
GetTextExtentPoint32W
SetTextColor
SetBkMode
BitBlt
StretchBlt
CreateCompatibleDC
PtVisible

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegQueryValueW
RegEnumKeyW
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RevertToSelf
OpenThreadToken
ImpersonateSelf
GetFileSecurityW
AccessCheck
MapGenericMask
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderPathW
SHBrowseForFolderW

shlwapi

wnsprintfW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoRegisterMessageFilter
OleInitialize
OleUninitialize
StgCreateDocfile
OleCreate
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CoLoadLibrary
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitializeEx
CoCreateGuid
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CLSIDFromProgID
CLSIDFromString
CoFreeUnusedLibraries
CoDisconnectObject
CoRevokeClassObject
OleIsCurrentClipboard
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoFreeLibrary
OleFlushClipboard

oleaut32

LoadTypeLi
SafeArrayDestroy
OleCreateFontIndirect
VariantInit
SysStringLen
VarBstrCmp
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
VariantChangeType
VariantClear
VariantCopy
VarDateFromStr
SysFreeString
VarBstrFromDate
VariantTimeToSystemTime
SystemTimeToVariantTime

imm32

ImmAssociateContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

riched20

ord4

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

ws2_32

ntohl
ntohs
ioctlsocket
closesocket
htonl
bind
htons
WSACleanup
WSAStartup
recvfrom
socket
gethostbyname
listen
WSAGetLastError
getpeername
send
sendto
recv
inet_addr
setsockopt
accept
inet_ntoa
__WSAFDIsSet
select
connect

curllib

curl_easy_init
curl_easy_setopt
curl_global_cleanup
curl_global_init
curl_version_info
curl_easy_perform
curl_easy_cleanup

Sections

.text
Size: 768KB - Virtual size: 766KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/Skin/SkinConfig.ini
$_2_/Skin/bk.png
.png
$_2_/Skin/btn_pause_task.png
.png
$_2_/Skin/btn_resume_task.png
.png
$_2_/Skin/btn_retry_task.png
.png
$_2_/Skin/btn_setup.png
.png
$_2_/Skin/btn_start_task.png
.png
$_2_/Skin/btn_topspeed.png
.png
$_2_/Skin/close.png
.png
$_2_/Skin/dlg_bk.png
.png
$_2_/Skin/dlg_bk_about.png
.png
$_2_/Skin/dlg_bk_login.png
.png
$_2_/Skin/dlg_btn.png
.png
$_2_/Skin/dlg_checkbox_off.png
.png
$_2_/Skin/dlg_checkbox_on.png
.png
$_2_/Skin/dlg_close.png
.png
$_2_/Skin/dlg_input.png
.png
$_2_/Skin/dlg_open_vip.png
.png
$_2_/Skin/file_path_input.png
.png
$_2_/Skin/gift_box.png
.png
$_2_/Skin/gift_tip_bk.png
.png
$_2_/Skin/gift_tip_get.png
.png
$_2_/Skin/icon_path.png
.png
$_2_/Skin/icon_success.png
.png
$_2_/Skin/list_bk.png
.png
$_2_/Skin/menu_bk.png
.png
$_2_/Skin/menu_hilight.png
.png
$_2_/Skin/menu_seperator.png
.png
$_2_/Skin/min.png
.png
$_2_/Skin/progress_bk.png
.png
$_2_/Skin/progress_fg.png
.png
$_2_/Skin/setting.png
.png
$_2_/Skin/tips_bk.png
.png
$_2_/Skin/tips_game_acc.png
.png
$_2_/Skin/tips_vip.png
.png
$_2_/Skin/vip_off.png
.png
$_2_/Skin/vip_on.png
.png
$_2_/Skin/vipdl.ico
$_2_/SkinConfig.ini
$_2_/TXSSOSetup.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:f0:ca:9e:2d:08:c3:ca:66:df:5d:7f:7a:83:7c:8a:46:e3:14:f6
Signer

Actual PE Digest

3c:f0:ca:9e:2d:08:c3:ca:66:df:5d:7f:7a:83:7c:8a:46:e3:14:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Tencentdl.exe
.exe windows:4 windows x86 arch:x86

c78de639ebfb6a7ebee511db083ddf87

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:10:b2:b2:83:e8:08:75:06:8a:4b:bb:20:1c:4c:eb:a6:51:51:d0
Signer

Actual PE Digest

0d:10:b2:b2:83:e8:08:75:06:8a:4b:bb:20:1c:4c:eb:a6:51:51:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\src\tencentdl\Tencentdl_v124\Output\Release\Tencentdl.pdb

Imports

wininet

HttpEndRequestW
InternetWriteFile
HttpSendRequestExW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpQueryInfoW

kernel32

FindNextFileW
FindFirstFileW
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
SetWaitableTimer
PostQueuedCompletionStatus
HeapAlloc
OutputDebugStringA
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
FlushInstructionCache
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
SleepEx
CreateEventW
CreateWaitableTimerW
DeleteFileW
lstrcpynW
OpenProcess
CreateToolhelp32Snapshot
CopyFileW
Sleep
CreateThread
GetCommandLineW
LoadLibraryW
GetVersionExW
lstrlenA
DeviceIoControl
CreateFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileW
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
WideCharToMultiByte
GetLocalTime
ResetEvent
ReleaseSemaphore
CreateSemaphoreW
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
FindClose
GetSystemInfo
VirtualQuery
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
GetVersionExA
GetStartupInfoW
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
TlsAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
InterlockedExchangeAdd
GetModuleHandleA
GetCurrentThreadId
GetFileAttributesW
SetFileTime
SearchPathW
WriteProcessMemory
Thread32Next
Thread32First
SuspendThread
OpenThread
CreateProcessW
DuplicateHandle
ReadProcessMemory
VirtualAllocEx
SetErrorMode
IsProcessorFeaturePresent
SetEvent
WaitForSingleObject
CreateEventA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
TlsFree
InterlockedExchange
CloseHandle
lstrcmpiW
GetThreadLocale
OpenEventA
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
InterlockedIncrement
lstrlenW
InterlockedDecrement
ExitProcess

user32

GetCapture
WindowFromPoint
ReleaseCapture
GetWindowTextW
LoadImageW
GetCursorPos
GetSubMenu
GetIconInfo
DestroyIcon
TrackPopupMenu
MonitorFromPoint
GetMonitorInfoW
GetSysColor
LoadMenuW
DrawIconEx
GetLastActivePopup
SetForegroundWindow
LoadIconW
ShowOwnedPopups
IsWindowVisible
InvalidateRect
ClientToScreen
BringWindowToTop
MoveWindow
GetWindow
GetSystemMetrics
EnableWindow
ShowWindow
wsprintfW
DefWindowProcW
MapWindowPoints
DestroyMenu
SystemParametersInfoW
CallWindowProcW
GetParent
SetRect
PtInRect
CreateWindowExW
GetMessageW
DispatchMessageW
TranslateMessage
CharUpperW
CreateDialogParamW
PostThreadMessageW
CharNextW
SetWindowPos
SendMessageW
IsWindow
DestroyWindow
EndDialog
LoadBitmapW
DrawTextW
GetWindowLongW
SetWindowLongW
RedrawWindow
FindWindowW
GetWindowRect
LoadStringW
DialogBoxParamW
GetActiveWindow
IsIconic
GetDlgItem
SetWindowTextW
PostMessageW
UnregisterClassA
GetClientRect

gdi32

CreateFontW
GetObjectW
ExtTextOutW
SetBkColor
CreateSolidBrush
SaveDC
RestoreDC
SelectObject
SetBkMode
SetTextColor
BitBlt
StretchBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject

advapi32

FreeSid
RegOpenKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
IsTextUnicode
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterClassObject
StringFromCLSID
StringFromGUID2
CoCreateGuid
CoLoadLibrary
CoFreeLibrary
CLSIDFromProgID

oleaut32

LoadRegTypeLi
LoadTypeLi
VariantInit
VariantClear
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocString

shlwapi

PathFileExistsW
wnsprintfW

comctl32

_TrackMouseEvent

ws2_32

WSAGetLastError
listen
connect
recv
send
bind
sendto
socket
recvfrom
setsockopt
ioctlsocket
closesocket
WSACleanup
WSAStartup
getpeername
htonl
htons
gethostbyname
inet_addr
select
ntohl
__WSAFDIsSet
ntohs
inet_ntoa
accept

imm32

ImmDisableIME

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 688KB - Virtual size: 686KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/VerConfig.ini
$_2_/bugreport.exe
.exe windows:4 windows x86 arch:x86

4b9f98c3cc39d350cf2d92c792f53ef4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3c:e6:cc:0f:d1:cc:38:5a:5e:ae:ca:ce:82:4f:57:93:d8:f1:8b:71
Signer

Actual PE Digest

3c:e6:cc:0f:d1:cc:38:5a:5e:ae:ca:ce:82:4f:57:93:d8:f1:8b:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

j:\Code\SVN\QQ1.91\Output\PdbFinal\bugreport.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

SymGetModuleInfoW
SymLoadModule
SymInitialize
SymSetOptions
SymCleanup

wininet

InternetOpenA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenUrlA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

tinyxml

?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
??0TiXmlDocument@@QAE@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
??1TiXmlDocument@@UAE@XZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ

kernel32

HeapDestroy
HeapReAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
LeaveCriticalSection
GetCommandLineW
InitializeCriticalSection
MoveFileW
VirtualQuery
SetFileAttributesW
VirtualAlloc
GetCurrentThreadId
GetModuleHandleW
HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
HeapFree
GetTickCount
SetCurrentDirectoryW
lstrcatW
DeleteFileW
CopyFileW
LoadLibraryW
FindFirstFileW
GetExitCodeProcess
FindNextFileW
VirtualQueryEx
TerminateProcess
FindClose
CreateFileA
SetEvent
lstrcpyW
WaitForSingleObject
CreateProcessW
SizeofResource
LockResource
LoadResource
FreeLibrary
FindResourceExW
OpenThread
ReadProcessMemory
FindResourceW
WriteProcessMemory
CreateThread
OpenProcess
GetLastError
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalLock
IsDBCSLeadByte
GlobalUnlock
GlobalFree
InterlockedIncrement
InterlockedDecrement
Sleep
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
FreeResource
CreateEventW
ResumeThread
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateFileW
WriteFile
DeleteCriticalSection
RaiseException
GetTempPathW
WritePrivateProfileStringW
CreateDirectoryW
GetVersionExW
ReadFile
SetFilePointer
GetProcAddress
GetFileSize
GetModuleFileNameW
GetPrivateProfileSectionW
GetSystemDefaultLCID
GetPrivateProfileIntW
GetThreadSelectorEntry
VirtualFree
GetFileAttributesW
GetCurrentProcessId
EnterCriticalSection

user32

GetClassInfoExW
DefWindowProcW
IsWindow
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
GetMenuItemCount
CreatePopupMenu
ReleaseDC
ClientToScreen
KillTimer
BeginPaint
GetSysColorBrush
GetKeyState
RegisterClassExW
GetWindow
CloseClipboard
EnableWindow
SetClipboardData
SendDlgItemMessageW
GetWindowTextW
EmptyClipboard
SetTimer
GetWindowTextLengthW
OpenClipboard
RegisterClipboardFormatW
CallWindowProcW
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
DrawTextW
GetDC
SetWindowLongW
EndPaint
GetDesktopWindow
PostMessageW
EndDialog
DrawIconEx
GetDlgItem
GetClientRect
ShowWindow
LoadImageW
SetWindowPos
SetWindowTextW
SendMessageW
LoadIconW
CreateWindowExW
DestroyWindow
UnregisterClassA
SetDlgItemTextW
DialogBoxParamW

gdi32

SetTextColor
SetBkMode
CreateFontW
DeleteObject
SelectObject
GetStockObject

advapi32

RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW

shell32

ord155
SHBindToParent
SHGetDesktopFolder
ShellExecuteW
SHGetFileInfoW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
DoDragDrop
OleUninitialize
OleInitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString

gdiplus

GdipLoadImageFromStreamICM
GdipImageSelectActiveFrame
GdipGetPropertyItem
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateFromHDC
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth

shlwapi

PathFileExistsW

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

msvcr80

wcschr
_wcslwr_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_mbschr
wcsrchr
memset
wcscmp
??_V@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
_mbslwr_s
_mbsstr
_snprintf
srand
wcslen
memcpy_s
_purecall
memmove_s
??3@YAXPAX@Z
_vscwprintf
_mbscmp
vswprintf_s
_vscprintf
vsprintf_s
free
__argc
__wargv
wcsncmp
swscanf
_invalid_parameter_noinfo
malloc
memcpy
??0exception@std@@QAE@XZ
_time32
strlen
_wcsicmp
memcmp
iswspace
strcmp
strtoul
fseek
ftell
fwrite
fclose
fprintf
_lock
wcscpy
_encode_pointer
__dllonexit
_unlock
wcscat
_wfopen
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
strncpy_s
tolower
sprintf_s
isalnum
_wtoi
_time64
memmove
wcsncpy
iswalnum
iswalpha
iswdigit
_gmtime32
_snwprintf
fread
wcscat_s
wcscpy_s
strchr
strncmp
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_beginthreadex
wcsstr
towlower
strrchr
atoi
isspace
__CxxFrameHandler3
_mbsicmp
_CxxThrowException

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

netapi32

Netbios

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/config.ini
$_2_/curllib.dll
.dll windows:4 windows x86 arch:x86

e7e76bacda92f81d0eefd0a58978a370

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
sendto
send
select
__WSAFDIsSet
ioctlsocket
listen
accept
WSAStartup
WSACleanup
gethostname
getservbyport
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
WSASetLastError
recv
socket
closesocket
connect
setsockopt
getpeername
getsockopt
htons
bind
ntohs
getsockname
WSAGetLastError

wldap32

ord22
ord211
ord143
ord60
ord50
ord26
ord30
ord32
ord35
ord79
ord200
ord33
ord301
ord27
ord41
ord46

kernel32

GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
Sleep
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ExpandEnvironmentStringsA
WaitForSingleObject
CloseHandle
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
SleepEx
GetTickCount

msvcr80

_malloc_crt
tolower
fseek
__sys_nerr
strerror
fflush
_gmtime64
fputc
sprintf
memmove
memchr
getenv
_errno
strstr
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_strdup
_close
_fileno
_open
_read
_stricmp
_encode_pointer
strchr
memcpy
memset
_time64
_strtoi64
strncmp
strrchr
strtol
sscanf
_strnicmp
fclose
fgets
fopen
__iob_func
qsort
fputs
strcpy_s
calloc
free
strncpy_s
strtoul
sprintf_s
strcat_s
islower
isalpha
isupper
isdigit
isprint
isalnum
isgraph
isspace
isxdigit
_beginthreadex
malloc
realloc
fwrite
_fstat64
_lseeki64
_stat64
fread
strncpy

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_maprintf
curl_mfprintf
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/dlcore.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5e11ed6aac5b5fba95048af2d6ffbe89

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

39:78:39:06:98:8d:0c:9f:3b:8c:77:6a:51:38:8c:3e:b4:f4:b9:93
Signer

Actual PE Digest

39:78:39:06:98:8d:0c:9f:3b:8c:77:6a:51:38:8c:3e:b4:f4:b9:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Program Files (x86)\Common Files\Tencent\QQVipDownloader\124\dlcore.pdb

Imports

ws2_32

connect
WSAGetLastError
recv
send
inet_addr
gethostbyname
bind
sendto
socket
recvfrom
setsockopt
getpeername
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest
gethostname
ioctlsocket
closesocket
inet_ntoa
ntohl
ntohs
htonl
listen
accept
__WSAFDIsSet
select
WSAStartup
getsockname
WSASetLastError
htons

kernel32

OpenMutexW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
GetTickCount
CloseHandle
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
WideCharToMultiByte
FindClose
FindFirstFileW
GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
DeleteFileW
MultiByteToWideChar
InterlockedDecrement
lstrlenA
InterlockedIncrement
InterlockedExchangeAdd
ReleaseSemaphore
WaitForMultipleObjects
TerminateThread
MoveFileW
CreateFileW
CopyFileA
GetDiskFreeSpaceExA
GetLogicalDrives
InterlockedExchange
OpenMutexA
GetLastError
CreateMutexA
ReleaseMutex
CopyFileW
RemoveDirectoryW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcessTimes
OpenProcess
lstrlenW
RaiseException
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
CreateEventW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
CreateFileMappingW
LocalFree
OpenSemaphoreW
MapViewOfFile
SetFilePointerEx
GetVolumeInformationA
CreateSemaphoreA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetConsoleMode
GetConsoleCP
GetStdHandle
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
GetVersionExA
SystemTimeToFileTime
FindNextFileW
GetModuleFileNameW
Module32Next
Module32First
GetCurrentProcessId
GetCurrentThread
GlobalFree
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
GetCurrentDirectoryA
GetTempPathA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetVolumeInformationW
GetProcAddress
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
CreateFileA
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
SetFileAttributesA
FindNextFileA
FindFirstFileA
InterlockedCompareExchange
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue

user32

CreateWindowExA
PostQuitMessage
DefWindowProcA
IsWindow
RegisterClassExA
SendMessageTimeoutA
FindWindowA
IsIconic
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
PostMessageA
CharNextA
UnregisterClassA
wsprintfW

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumValueA
IsTextUnicode
RegCreateKeyA
RegOpenKeyA
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoFreeLibrary
CoLoadLibrary
CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
SafeArrayPutElement
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
VariantCopy
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayCreate

psapi

GetProcessMemoryInfo

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
InternetReadFile

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/extract.dll
.dll windows:4 windows x86 arch:x86

102033a12b8cf17a451a9e9760020138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e
Signer

Actual PE Digest

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vcoutput\Release\7z\Extract.pdb

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
SetCurrentDirectoryA
AreFileApisANSI
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
DeleteFileW
GetShortPathNameA
lstrlenA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetFullPathNameW
SearchPathW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindFirstChangeNotificationW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
CreateFileA
CompareFileTime
GetSystemInfo
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
FatalAppExitA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetEnvironmentVariableA

user32

CharPrevA
CharToOemA
CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/tinyxml.dll
.dll windows:4 windows x86 arch:x86

2524407d3051eac98e4560fe35989f1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\tc-svn\HummerSDK_proj\Output\PdbFinal\tinyxml.pdb

Imports

kernel32

MultiByteToWideChar
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr80

isalnum
strncmp
strchr
memset
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
free
_encoded_null
_decode_pointer
__iob_func
isalpha
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
fclose
fseek
ftell
fread
_vsnprintf_s
atof
atoi
sscanf_s
fprintf
fputc
ferror
fopen
_initterm_e
_wfopen
tolower
isspace
_purecall
strcmp
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_wassert
strlen
memmove
__CxxFrameHandler3
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_initterm

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

Exports

Exports

??0TiXmlAttribute@@QAE@PBD0@Z
??0TiXmlAttribute@@QAE@XZ
??0TiXmlAttributeSet@@QAE@XZ
??0TiXmlBase@@QAE@XZ
??0TiXmlComment@@QAE@ABV0@@Z
??0TiXmlComment@@QAE@PBD@Z
??0TiXmlComment@@QAE@XZ
??0TiXmlDeclaration@@QAE@ABV0@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDeclaration@@QAE@XZ
??0TiXmlDocument@@IAE@PBD@Z
??0TiXmlDocument@@QAE@ABV0@@Z
??0TiXmlDocument@@QAE@XZ
??0TiXmlElement@@QAE@ABV0@@Z
??0TiXmlElement@@QAE@PBD@Z
??0TiXmlNode@@IAE@W4NodeType@0@@Z
??0TiXmlPrinter@@QAE@ABV0@@Z
??0TiXmlPrinter@@QAE@XZ
??0TiXmlText@@QAE@ABV0@@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlUnknown@@QAE@ABV0@@Z
??0TiXmlUnknown@@QAE@XZ
??1TiXmlAttribute@@UAE@XZ
??1TiXmlAttributeSet@@QAE@XZ
??1TiXmlBase@@UAE@XZ
??1TiXmlComment@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlNode@@UAE@XZ
??1TiXmlPrinter@@UAE@XZ
??1TiXmlText@@UAE@XZ
??1TiXmlUnknown@@UAE@XZ
??4TiXmlComment@@QAEXABV0@@Z
??4TiXmlDeclaration@@QAEXABV0@@Z
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
??4TiXmlPrinter@@QAEAAV0@ABV0@@Z
??4TiXmlText@@QAEXABV0@@Z
??4TiXmlUnknown@@QAEXABV0@@Z
??8TiXmlAttribute@@QBE_NABV0@@Z
??MTiXmlAttribute@@QBE_NABV0@@Z
??OTiXmlAttribute@@QBE_NABV0@@Z
??_7TiXmlAttribute@@6B@
??_7TiXmlBase@@6B@
??_7TiXmlComment@@6B@
??_7TiXmlDeclaration@@6B@
??_7TiXmlDocument@@6B@
??_7TiXmlElement@@6B@
??_7TiXmlNode@@6B@
??_7TiXmlPrinter@@6B@
??_7TiXmlText@@6B@
??_7TiXmlUnknown@@6B@
?Accept@TiXmlComment@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDeclaration@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlText@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlUnknown@@UBE_NPAVTiXmlVisitor@@@Z
?Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAN@Z
?Blank@TiXmlText@@IBE_NXZ
?CDATA@TiXmlText@@QBE_NXZ
?CStr@TiXmlPrinter@@QAEPBDXZ
?Clear@TiXmlNode@@QAEXXZ
?ClearError@TiXmlDocument@@QAEXXZ
?ClearThis@TiXmlElement@@IAEXXZ
?Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ
?Column@TiXmlBase@@QBEHXZ
?ConvertUTF32ToUTF8@TiXmlBase@@KAXKPADPAH@Z
?CopyTo@TiXmlComment@@IBEXPAV1@@Z
?CopyTo@TiXmlDeclaration@@IBEXPAV1@@Z
?CopyTo@TiXmlDocument@@ABEXPAV1@@Z
?CopyTo@TiXmlElement@@IBEXPAV1@@Z
?CopyTo@TiXmlNode@@IBEXPAV1@@Z
?CopyTo@TiXmlText@@IBEXPAV1@@Z
?CopyTo@TiXmlUnknown@@IBEXPAV1@@Z
?DoIndent@TiXmlPrinter@@AAEXXZ
?DoLineBreak@TiXmlPrinter@@AAEXXZ
?DoubleValue@TiXmlAttribute@@QBENXZ
?EncodeString@TiXmlBase@@SAXABVTiXmlString@@PAV2@@Z
?Encoding@TiXmlDeclaration@@QBEPBDXZ
?Error@TiXmlDocument@@QBE_NXZ
?ErrorCol@TiXmlDocument@@QBEHXZ
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?ErrorId@TiXmlDocument@@QBEHXZ
?ErrorRow@TiXmlDocument@@QBEHXZ
?Find@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@PBD@Z
?Find@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@PBD@Z
?First@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?First@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?FirstAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?FirstChild@TiXmlNode@@QAEPAV1@XZ
?FirstChild@TiXmlNode@@QBEPBV1@PBD@Z
?FirstChild@TiXmlNode@@QBEPBV1@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?FirstChildElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?GetChar@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetDocument@TiXmlNode@@QAEPAVTiXmlDocument@@XZ
?GetDocument@TiXmlNode@@QBEPBVTiXmlDocument@@XZ
?GetEntity@TiXmlBase@@KAPBDPBDPADPAHW4TiXmlEncoding@@@Z
?GetText@TiXmlElement@@QBEPBDXZ
?GetUserData@TiXmlBase@@QAEPAXXZ
?GetUserData@TiXmlBase@@QBEPBXXZ
?Identify@TiXmlNode@@IAEPAV1@PBDW4TiXmlEncoding@@@Z
?Indent@TiXmlPrinter@@QAEPBDXZ
?InsertAfterChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertBeforeChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?InsertEndChild@TiXmlNode@@QAEPAV1@ABV1@@Z
?IntValue@TiXmlAttribute@@QBEHXZ
?IsAlpha@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsAlphaNum@TiXmlBase@@KAHEW4TiXmlEncoding@@@Z
?IsWhiteSpace@TiXmlBase@@KA_ND@Z
?IsWhiteSpace@TiXmlBase@@KA_NH@Z
?IsWhiteSpaceCondensed@TiXmlBase@@SA_NXZ
?IterateChildren@TiXmlNode@@QAEPAV1@PBDPBV1@@Z
?IterateChildren@TiXmlNode@@QAEPAV1@PBV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBDPBV1@@Z
?IterateChildren@TiXmlNode@@QBEPBV1@PBV1@@Z
?Last@TiXmlAttributeSet@@QAEPAVTiXmlAttribute@@XZ
?Last@TiXmlAttributeSet@@QBEPBVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QAEPAVTiXmlAttribute@@XZ
?LastAttribute@TiXmlElement@@QBEPBVTiXmlAttribute@@XZ
?LastChild@TiXmlNode@@QAEPAV1@PBD@Z
?LastChild@TiXmlNode@@QAEPAV1@XZ
?LastChild@TiXmlNode@@QBEPBV1@PBD@Z
?LastChild@TiXmlNode@@QBEPBV1@XZ
?LineBreak@TiXmlPrinter@@QAEPBDXZ
?LinkEndChild@TiXmlNode@@QAEPAV1@PAV1@@Z
?LoadFile@TiXmlDocument@@QAE_NPAU_iobuf@@W4TiXmlEncoding@@@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?LoadXML@TiXmlDocument@@QAE_NPADHW4TiXmlEncoding@@@Z
?Name@TiXmlAttribute@@QBEPBDXZ
?NameTStr@TiXmlAttribute@@QBEABVTiXmlString@@XZ
?Next@TiXmlAttribute@@QAEPAV1@XZ
?Next@TiXmlAttribute@@QBEPBV1@XZ
?NextSibling@TiXmlNode@@QAEPAV1@PBD@Z
?NextSibling@TiXmlNode@@QAEPAV1@XZ
?NextSibling@TiXmlNode@@QBEPBV1@PBD@Z
?NextSibling@TiXmlNode@@QBEPBV1@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@PBD@Z
?NextSiblingElement@TiXmlNode@@QBEPBVTiXmlElement@@XZ
?NoChildren@TiXmlNode@@QBE_NXZ
?Parent@TiXmlNode@@QAEPAV1@XZ
?Parent@TiXmlNode@@QBEPBV1@XZ
?Parse@TiXmlAttribute@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlComment@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDeclaration@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlElement@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlText@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Parse@TiXmlUnknown@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Previous@TiXmlAttribute@@QAEPAV1@XZ
?Previous@TiXmlAttribute@@QBEPBV1@XZ
?PreviousSibling@TiXmlNode@@QAEPAV1@PBD@Z
?PreviousSibling@TiXmlNode@@QAEPAV1@XZ
?PreviousSibling@TiXmlNode@@QBEPBV1@PBD@Z
?PreviousSibling@TiXmlNode@@QBEPBV1@XZ
?Print@TiXmlAttribute@@QBEXPAU_iobuf@@HPAVTiXmlString@@@Z
?Print@TiXmlAttribute@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlComment@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlDeclaration@@UBEXPAU_iobuf@@HPAVTiXmlString@@@Z
?Print@TiXmlDocument@@QBEXXZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlElement@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlText@@UBEXPAU_iobuf@@H@Z
?Print@TiXmlUnknown@@UBEXPAU_iobuf@@H@Z
?QueryDoubleAttribute@TiXmlElement@@QBEHPBDPAN@Z
?QueryDoubleValue@TiXmlAttribute@@QBEHPAN@Z
?QueryFloatAttribute@TiXmlElement@@QBEHPBDPAM@Z
?QueryIntAttribute@TiXmlElement@@QBEHPBDPAH@Z
?QueryIntValue@TiXmlAttribute@@QBEHPAH@Z
?ReadName@TiXmlBase@@KAPBDPBDPAVTiXmlString@@W4TiXmlEncoding@@@Z
?ReadText@TiXmlBase@@KAPBDPBDPAVTiXmlString@@_N02W4TiXmlEncoding@@@Z
?ReadValue@TiXmlElement@@IAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?Remove@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?RemoveAttribute@TiXmlElement@@QAEXPBD@Z
?RemoveChild@TiXmlNode@@QAE_NPAV1@@Z
?ReplaceChild@TiXmlNode@@QAEPAV1@PAV1@ABV1@@Z
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?RootElement@TiXmlDocument@@QBEPBVTiXmlElement@@XZ
?Row@TiXmlBase@@QBEHXZ
?SaveFile@TiXmlDocument@@QBE_NPAU_iobuf@@@Z
?SaveFile@TiXmlDocument@@QBE_NPB_W@Z
?SetAttribute@TiXmlElement@@QAEXPBD0@Z
?SetAttribute@TiXmlElement@@QAEXPBDH@Z
?SetCDATA@TiXmlText@@QAEX_N@Z
?SetCondenseWhiteSpace@TiXmlBase@@SAX_N@Z
?SetDocument@TiXmlAttribute@@QAEXPAVTiXmlDocument@@@Z
?SetDoubleAttribute@TiXmlElement@@QAEXPBDN@Z
?SetDoubleValue@TiXmlAttribute@@QAEXN@Z
?SetError@TiXmlDocument@@QAEXHPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?SetIndent@TiXmlPrinter@@QAEXPBD@Z
?SetIntValue@TiXmlAttribute@@QAEXH@Z
?SetLineBreak@TiXmlPrinter@@QAEXPBD@Z
?SetName@TiXmlAttribute@@QAEXPBD@Z
?SetStreamPrinting@TiXmlPrinter@@QAEXXZ
?SetTabSize@TiXmlDocument@@QAEXH@Z
?SetUserData@TiXmlBase@@QAEXPAX@Z
?SetValue@TiXmlAttribute@@QAEXPBD@Z
?SetValue@TiXmlNode@@QAEXPBD@Z
?Size@TiXmlPrinter@@QAEIXZ
?SkipWhiteSpace@TiXmlBase@@KAPBDPBDW4TiXmlEncoding@@@Z
?Standalone@TiXmlDeclaration@@QBEPBDXZ
?StringEqual@TiXmlBase@@KA_NPBD0_NW4TiXmlEncoding@@@Z
?TabSize@TiXmlDocument@@QBEHXZ
?ToComment@TiXmlComment@@UAEPAV1@XZ
?ToComment@TiXmlComment@@UBEPBV1@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToDeclaration@TiXmlDeclaration@@UAEPAV1@XZ
?ToDeclaration@TiXmlDeclaration@@UBEPBV1@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToDocument@TiXmlNode@@UAEPAVTiXmlDocument@@XZ
?ToDocument@TiXmlNode@@UBEPBVTiXmlDocument@@XZ
?ToElement@TiXmlElement@@UAEPAV1@XZ
?ToElement@TiXmlElement@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToLower@TiXmlBase@@KAHHW4TiXmlEncoding@@@Z
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToText@TiXmlText@@UAEPAV1@XZ
?ToText@TiXmlText@@UBEPBV1@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToUnknown@TiXmlUnknown@@UAEPAV1@XZ
?ToUnknown@TiXmlUnknown@@UBEPBV1@XZ
?Type@TiXmlNode@@QBEHXZ
?Value@TiXmlAttribute@@QBEPBDXZ
?Value@TiXmlNode@@QBEPBDXZ
?ValueTStr@TiXmlNode@@QBEABVTiXmlString@@XZ
?Version@TiXmlDeclaration@@QBEPBDXZ
?Visit@TiXmlPrinter@@UAE_NABVTiXmlComment@@@Z
?Visit@TiXmlPrinter@@UAE_NABVTiXmlDeclaration@@@Z
?Visit@TiXmlPrinter@@UAE_NABVTiXmlText@@@Z
?Visit@TiXmlPrinter@@UAE_NABVTiXmlUnknown@@@Z
?VisitEnter@TiXmlPrinter@@UAE_NABVTiXmlDocument@@@Z
?VisitEnter@TiXmlPrinter@@UAE_NABVTiXmlElement@@PBVTiXmlAttribute@@@Z
?VisitExit@TiXmlPrinter@@UAE_NABVTiXmlDocument@@@Z
?VisitExit@TiXmlPrinter@@UAE_NABVTiXmlElement@@@Z
?condenseWhiteSpace@TiXmlBase@@0_NA
?entity@TiXmlBase@@0PAUEntity@1@A
?errorString@TiXmlBase@@1PAPBDA
?utf8ByteTable@TiXmlBase@@2QBHB

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/tnproxy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

2c6a8580aa373b4c5d85aca34b95e660

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4b:ab:d8:a7:de:5b:b7:70:ba:23:4d:9b:69:03:7d:35:04:76:cf:4b
Signer

Actual PE Digest

4b:ab:d8:a7:de:5b:b7:70:ba:23:4d:9b:69:03:7d:35:04:76:cf:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\src\Xuanfen2_proj\trunk\Output\xcore.pdb

Imports

ws2_32

socket
sendto
bind
send
recv
connect
listen
__WSAFDIsSet
select
setsockopt
WSAStartup
WSACleanup
getpeername
accept
inet_ntoa
inet_addr
gethostname
htons
gethostbyname
WSAGetLastError
recvfrom
ntohs
ntohl
ioctlsocket
closesocket
htonl

kernel32

DeleteCriticalSection
TlsGetValue
TlsSetValue
TlsAlloc
InitializeCriticalSection
Sleep
CloseHandle
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentProcessId
TlsFree
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

msvcr80

__clean_type_info_names_internal
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
strcmp
srand
rand
memmove
isdigit
strstr
memcpy_s
strncpy
atoi
??_U@YAPAXI@Z
??_V@YAXPAX@Z
strlen
strcpy
memcpy
memset
_beginthreadex
memmove_s
_CxxThrowException
__CxxFrameHandler3
fgetc
calloc
free
printf
__iob_func
sprintf
fputc
_time64
??0exception@std@@QAE@ABV01@@Z
_purecall
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
??3@YAXPAX@Z
_invalid_parameter_noinfo
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ

msvcp80

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetIfEntry

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 568KB - Virtual size: 565KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

3b:0b:9b:a6:41:55:7f:3f:f7:2a:40:59:77:68:9f:f0:5d:a3:68:75Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 24KB - Virtual size: 23KB

a5e1c2ec7a61ae37e9ca2f404e3cafbc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e0:35:70:f3:d3:c5:4d:8d:5b:9e:0e:ad:13:79:f2:1e:db:6d:44:61Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

ole32

shlwapi

gdiplus

msvcr80

Sections

.text Size: 8KB - Virtual size: 8KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

b177dcb186702f9a4775e053e2fa1e17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

3b:0b:9b:a6:41:55:7f:3f:f7:2a:40:59:77:68:9f:f0:5d:a3:68:75
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 24KB - Virtual size: 23KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e0:35:70:f3:d3:c5:4d:8d:5b:9e:0e:ad:13:79:f2:1e:db:6d:44:61
Signer

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

83:64:d9:27:97:54:e8:63:2f:56:8a:83:00:53:97:85:29:fa:1d:f5
Signer

.text
Size: 28KB - Virtual size: 25KB

.orpc
Size: 4KB - Virtual size: 844B

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

9e:fc:05:3d:df:f2:33:fa:60:5f:a9:1a:ab:26:de:78:d4:09:dc:f6
Signer