7d7691fbf61f6b766066b447dedc179d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7d7691fbf61f6b766066b447dedc179d_JaffaCakes118
Size

1.3MB
MD5

7d7691fbf61f6b766066b447dedc179d
SHA1

cba8dbf7bd3c279bbcbb613d9ba24165ca0e8ee2
SHA256

43b0961926d527511a17f1eaf873ac585a541c1750698499e7d0254c39136fc8
SHA512

aa50d02c001aa603e40c7b98f31d9f37190f33e3a47881a6760641d06bbc20d06105b0eb2e20e777de47eb7372fc4a2c6c61f8ec0d5e5bd2487001f0456bbbf8
SSDEEP

24576:F/ZFytH52sA/G4cv4bmIUK3i0DfzuDKlAmqorjE3jwl5uYvCvkpXO6MzXWjX6ave:/FytH52sQPp/Py0Tteluw3kDuYvb+64P

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsThread.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/nsThread.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
7d7691fbf61f6b766066b447dedc179d_JaffaCakes118
unpack001/$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/Android.dll
unpack001/$PLUGINSDIR/nsThread.dll
unpack002/out.upx

Files

7d7691fbf61f6b766066b447dedc179d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/AdbModeConfigV2.xml
$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/AdbTools.dll
.dll windows:5 windows x86 arch:x86

67e046b2349bc3bb9a5f5b5941a43afe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17
Signer

Actual PE Digest

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbTools.pdb

Imports

kernel32

ReadFile
GetFileSize
Sleep
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RaiseException
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreatePipe
CreateFileW
CreateProcessW
WaitForSingleObject
TerminateThread
TerminateProcess
lstrlenA
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LocalFree
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CloseHandle
GetLastError
SetHandleInformation
MultiByteToWideChar
EnterCriticalSection
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
QueryPerformanceCounter

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString
SysAllocStringByteLen

msvcr100

??_U@YAPAXI@Z
wcsspn
wcscspn
wcsstr
memmove_s
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
memset
?terminate@@YAXXZ
_malloc_crt
??1exception@std@@UAE@XZ
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??0exception@std@@QAE@ABQBD@Z
_encoded_null
free
vsprintf_s
strcat_s
strcpy_s
wmemcpy_s
strstr
perror
_time64
memcpy_s
??_V@YAXPAX@Z
??2@YAPAXI@Z
strtol
sprintf_s
??3@YAXPAX@Z
malloc
__CxxFrameHandler3
_CxxThrowException
_purecall
memcpy

msvcp100

?_Xlength_error@std@@YAXPBD@Z

ws2_32

getsockopt
closesocket
socket
setsockopt
WSAGetLastError
htons
ioctlsocket
connect
select
recv
inet_addr
send

Exports

Exports

??0Cddms@@QAE@XZ
??0Cddms_Callback@@QAE@ABV0@@Z
??0Cddms_Callback@@QAE@XZ
??1Cddms@@QAE@XZ
??4Cddms@@QAEAAV0@ABV0@@Z
??4Cddms_Callback@@QAEAAV0@ABV0@@Z
??_7Cddms_Callback@@6B@
?_shellExcute@Cddms@@AAEJIPAD0@Z
?backup@Cddms@@QAEJIPADEEHHPAPAD@Z
?close@Cddms@@QAEXI@Z
?close@Cddms@@QAEXXZ
?closeTempSocket@Cddms@@QAEXI@Z
?connectToADB@Cddms@@AAEJIJ@Z
?fnddms@@YAHXZ
?getConnectTimeOut@Cddms@@QAEJXZ
?getDevices@Cddms@@QAEHPADH@Z
?getDevicesOnSocket@Cddms@@QAEHIPADH@Z
?getFrameBuffer@Cddms@@QAEJIPADPAPAUIStream@@@Z
?getLastError@Cddms@@QAEJXZ
?getNextDevice@Cddms@@SAHPADPAHH0@Z
?getReadTimeOut@Cddms@@QAEJXZ
?getTempSocket@Cddms@@QAEIXZ
?getWriteTimeOut@Cddms@@QAEJXZ
?init@Cddms@@AAEXPADH@Z
?install4MIUI@Cddms@@QAEJIIIIIIPADPA_W0PAHEHHPAVCddms_Callback@@0@Z
?install@Cddms@@QAEJIIIIIIPADPA_W0PAHEHH@Z
?install@Cddms@@QAEJIIIPADPA_W0PAHEHH@Z
?installFromDevice@Cddms@@QAEJIPAD00PAHEHH@Z
?killserver@Cddms@@QAEJIPBD@Z
?log@Cddms@@QAEJIPAD0H@Z
?nddms@@3HA
?onError@Cddms@@AAEXJPAD@Z
?open@Cddms@@QAEIJ@Z
?openSync@Cddms@@AAEJI@Z
?pull@Cddms@@QAEJIPADPA_W10PAH@Z
?push@Cddms@@QAEJIPADPA_W10PAH@Z
?pushFolder@Cddms@@QAEJIPADPA_W1@Z
?reboot@Cddms@@QAEJIPADH@Z
?rebootInTime@Cddms@@QAEJIPADHH@Z
?rebootTo@Cddms@@QAEJIPAD0H@Z
?rebootToInTime@Cddms@@QAEJIPAD0HH@Z
?restore@Cddms@@QAEJIPAD@Z
?setConnectTimeOut@Cddms@@QAEXJ@Z
?setDevice@Cddms@@AAEJIPAD@Z
?setReadTimeOut@Cddms@@QAEXJ@Z
?setSocketReadTimeOut@Cddms@@QAEXIH@Z
?setSocketWriteTimeOut@Cddms@@QAEXIH@Z
?setWriteTimeOut@Cddms@@QAEXJ@Z
?shellExcute@Cddms@@QAEJIPAD0HHH@Z
?shellExcute@Cddms@@QAEJIPAD0PAH0H@Z
?shellExcuteInTime@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteInTimeFlow@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteNoConnect@Cddms@@QAEJIPAD0PAH0H@Z
?tcpForward@Cddms@@QAEJIPADHHH@Z
?tcpKillForward@Cddms@@QAEJIPADHHH@Z
?udpForward@Cddms@@QAEJIPADHHH@Z
?udpKillForward@Cddms@@QAEJIPADHHH@Z
?uninstall@Cddms@@QAEJIPAD00PAHEH@Z
?waitforDevice@Cddms@@QAEJIPADH@Z
DDMS_Close
DDMS_GetDevices
DDMS_Open
DDMS_SetReadTimeOut
DDMS_SetWriteTimeOut

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/AdbWinApi.dll
.dll windows:5 windows x86 arch:x86

cbc9193647317ee12954479e6c046085

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7
Signer

Actual PE Digest

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinApi.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
SetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileW
DeviceIoControl
CloseHandle
WideCharToMultiByte
ReadFile
WriteFile
GetOverlappedResult
Sleep
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
InterlockedExchange
EncodePointer

ole32

CoCreateInstance

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_CxxThrowException
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_vswprintf
_wcsnicmp
_purecall
malloc
free
memset
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy
?what@exception@std@@UBEPBDXZ

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/AdbWinUsbApi.dll
.dll windows:5 windows x86 arch:x86

04f25f128abbee374d598a5e7d56ce0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01
Signer

Actual PE Digest

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinUsbApi.pdb

Imports

adbwinapi

??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??1AdbEndpointObject@@MAE@XZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?AddRef@AdbObjectHandle@@UAEJXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??1AdbInterfaceObject@@MAE@XZ
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??1AdbIOCompletion@@MAE@XZ
?IsCompleted@AdbIOCompletion@@UAE_NXZ

winusb

WinUsb_Free
WinUsb_QueryPipe
WinUsb_QueryInterfaceSettings
WinUsb_GetDescriptor
WinUsb_GetCurrentAlternateSetting
WinUsb_Initialize
WinUsb_SetPipePolicy
WinUsb_GetOverlappedResult
WinUsb_WritePipe
WinUsb_ReadPipe

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
SetLastError
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
CreateEventW
CloseHandle
CreateFileW
WideCharToMultiByte
Sleep
InterlockedExchange
DecodePointer
EncodePointer

ole32

CoCreateInstance

msvcr100

??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy

Exports

Exports

InstantiateWinUsbInterface

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Tencent/QQPhoneManager/PreUnZipFiles/QQPhoneManager/Android.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 267KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:5 windows x86 arch:x86

48a5383a7ce39b54ffbdc5f25781b686

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:b8:a7:57:53:31:7e:b3:a6:12:81:83:ef:99:c7:95:1a:14:b8:3b
Signer

Actual PE Digest

24:b8:a7:57:53:31:7e:b3:a6:12:81:83:ef:99:c7:95:1a:14:b8:3b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SVNServer\android_nsis_installer_proj\trunk\InstallerTools\InstalerHelper\Running\Release\InstallHelper.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
LocalAlloc
GetDiskFreeSpaceExW
SuspendThread
ResumeThread
MapViewOfFile
UnmapViewOfFile
ReadFile
CreateFileW
CreateTimerQueueTimer
DeleteTimerQueueTimer
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetFileSize
GetCPInfo
IsDBCSLeadByte
WriteFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
HeapReAlloc
LoadLibraryW
RtlUnwind
GetStringTypeW
OpenMutexW
GetSystemDirectoryW
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
SetHandleCount
HeapDestroy
HeapCreate
ExitProcess
HeapSize
GetStdHandle
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
GetCommandLineA
HeapAlloc
HeapFree
EncodePointer
DecodePointer
lstrlenW
MultiByteToWideChar
GetProcessHeap
GetLogicalDriveStringsW
GetDriveTypeW
lstrcpyW
LocalFree
GetCurrentProcessId
DeleteFileW
CloseHandle
Module32NextW
GetShortPathNameW
CreateToolhelp32Snapshot
FindNextFileW
lstrcmpiW
Process32NextW
Module32FirstW
LockResource
CreateFileMappingW
OpenThread
Process32FirstW
FindClose
GlobalFree
GetProcAddress
GetConsoleCP
GetLastError
lstrcmpW
GetModuleFileNameW
TerminateProcess
lstrcpynW
GetVersionExW
SizeofResource
CopyFileW
Sleep
GlobalAlloc
OpenProcess
GetTickCount
GetModuleHandleW
WaitForSingleObject
CreateDirectoryW
GetCurrentProcess
MapViewOfFileEx
CreateProcessW
LoadResource
FindResourceW
FindResourceExW
FindFirstFileW
GetConsoleMode
CreateMutexW

user32

SendMessageW
IsWindow
SendMessageTimeoutW
wsprintfW
GetWindowThreadProcessId
LoadCursorW
IsZoomed
CallNextHookEx
GetAncestor
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
EnumThreadWindows
UpdateLayeredWindow
SetWindowRgn
RegisterClassExW
SetWindowPos
EndPaint
ClientToScreen
SetCursor
ScreenToClient
IsIconic
FillRect
GetFocus
BeginPaint
PtInRect
GetDC
GetWindowTextW
SetScrollPos
GetClassNameW
GetDlgItem
MessageBoxW
IsWindowVisible
GetDlgItemTextW
SetWindowTextW
GetWindowDC
ReleaseDC
GetDesktopWindow
DrawTextW
GetClientRect
EnableWindow
TrackMouseEvent
GetWindowLongW
SetWindowLongW
ShowWindow
CreateWindowExW
CallWindowProcW
DefWindowProcW
DestroyWindow
GetWindowRect
PostMessageW
SetFocus
InvalidateRect
UpdateWindow
MoveWindow
FindWindowW

gdi32

CombineRgn
SetStretchBltMode
GetStretchBltMode
GetTextMetricsW
CreateRectRgnIndirect
Rectangle
SetDCPenColor
CreateFontW
CreatePatternBrush
ExtSelectClipRgn
GetStockObject
CreateDIBSection
StretchBlt
SetTextColor
SetBkMode
BitBlt
DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap

advapi32

IsTextUnicode
RegOpenKeyExW
RegQueryValueExW
ControlService
GetLengthSid
QueryServiceStatusEx
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
OpenServiceW
OpenSCManagerW
DeleteService
OpenProcessToken
CloseServiceHandle

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoCreateInstance
CoLoadLibrary
CoInitializeEx

oleaut32

SysFreeString
SysStringLen
SysAllocString

shlwapi

PathFileExistsW
StrToIntW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

msimg32

AlphaBlend

Exports

Exports

AddDeskUpdate2FireWall
CloseOldQQBrowser
CopyHelp
CreateCustomPage
CreateInstallPage
CreateInstallRunningFlag
CreateUnInstallRunningFlag
CreateWelcomePage
DelDeskUpdate2FireWall
DeleteRegKeyWithSubkeys
DestroyWnd
ExecHideWindowWait
GetCheck
GetDefBrowserName
GetInstDirExcludeExtraDelimiter
GetInstallPath
GetParentProcessName
GetPreUnZipThreadID
GetQBAppData
GetUseModuleProcess
GetUseModuleProcessParent
InitSkin
IsBrowserRunning
IsDefBrowser
IsFirstInstall
IsInstallRunning
IsOldQQbrowser6
IsUnInstallRunning
KillProc
KillRunningBrowser
MoveWindowRect
NotifyHostSetupStatus
PinBrowserTaskbar
PostFinish
PostInstallProgress
PreUnZipFinish
ReleaseUnInstallFlag
RemoveOldVersionDirs
ResumePreUnZipThread_EX
RunQQBrowser
SetCheck
SetFocusWnd
SetNSISCallBack
SetOldInstallInfo
UnInitSkin
UnLoadPlugin
UnPinBrowserTaskbar
UninstallUpdateServiceSync
ZipFolder

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISAppUpdater.dll
.dll windows:5 windows x86 arch:x86

be6ca8d7a4398443b2e6dd3a1c637120

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e8:29:48:65:bb:a6:e9:c5:d6:f0:bc:1d:22:81:0e:33:c9:5c:60:9f
Signer

Actual PE Digest

e8:29:48:65:bb:a6:e9:c5:d6:f0:bc:1d:22:81:0e:33:c9:5c:60:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SVNServer\android_nsis_installer_proj\trunk\InstallerTools\NSISPlugin\Running\Release_Unicode\NSISAppUpdater.pdb

Imports

kernel32

FindResourceExW
GlobalFree
lstrcpynW
GlobalAlloc
GetLastError
CloseHandle
DeleteFileW
SetFileAttributesW
GetFileAttributesW
IsBadReadPtr
CreateDirectoryW
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
CopyFileW
WaitForSingleObject
TerminateThread
FindResourceW
CreateProcessW
lstrlenW
WideCharToMultiByte
MoveFileExW
MultiByteToWideChar
lstrlenA
InterlockedDecrement
OpenProcess
WritePrivateProfileStringW
GetLocalTime
GetTempPathW
TerminateProcess
GetProcAddress
GetModuleHandleW
LCMapStringW
LocalFree
LoadResource
LockResource
SizeofResource
lstrcmpiW
GetPrivateProfileStringW
OpenThread
lstrcpyW
SetEnvironmentVariableA
CompareStringW
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
LoadLibraryW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
GetConsoleMode
GetConsoleCP
SetFilePointer
SetHandleCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentProcess
IsProcessorFeaturePresent
GetStringTypeW
GetTimeZoneInformation
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
Sleep

user32

wsprintfW
SendMessageTimeoutW

advapi32

RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHFileOperationW

ole32

CoInitializeSecurity
CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantInit
VariantChangeType
SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUdateFromDate

shlwapi

StrToIntW
PathCanonicalizeW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathRemoveBackslashW
PathFindFileNameW

psapi

GetModuleFileNameExW
EnumProcesses

Exports

Exports

AppendPath
CheckInstallLog
CheckUpdate
ClearAndDelFolder
DoUpdate
EncodeBase64
EncodeURICompenet
ExecHide
GetChannelFromInstallerName
GetNowTime
GetPCID
GetParamValue
KillProcess
KillProcessByPath
KillThreadByID
MoveFolder
TP_SendProgress
UnLoadPlugin

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISCommon.dll
.dll windows:5 windows x86 arch:x86

365783e8f913e7058f73f65772d3e7a2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d2:51:a0:d7:94:4b:8e:91:a2:76:3e:c9:69:07:d9:c3:47:47:20:a0
Signer

Actual PE Digest

d2:51:a0:d7:94:4b:8e:91:a2:76:3e:c9:69:07:d9:c3:47:47:20:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\SVNServer\android_nsis_installer_proj\trunk\InstallerTools\NSISPlugin\Release_Unicode\NSISCommon.pdb

Imports

rpcrt4

UuidToStringA
UuidCreateSequential
RpcStringFreeA

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
GetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
WaitForSingleObject
CreateProcessW
lstrlenW
SetStdHandle
MultiByteToWideChar
lstrlenA
OpenProcess
GetVolumeInformationW
TerminateProcess
GetProcAddress
GetModuleHandleW
WritePrivateProfileStringW
FindClose
FindNextFileW
FindFirstFileW
GetConsoleMode
GetConsoleCP
WriteConsoleW
CreateFileW
WideCharToMultiByte
HeapReAlloc
SetFilePointer
LoadLibraryW
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
FlushFileBuffers
HeapSize
GetProcessHeap
RtlUnwind
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
Sleep
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount

user32

wsprintfW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

shlwapi

PathCanonicalizeW
PathAppendW
PathRemoveBackslashW
PathFileExistsW
PathFindFileNameW

psapi

EnumProcesses
GetModuleFileNameExW

Exports

Exports

AppendPath
CheckInstallInfo
DecodeBase64
Decrypt
DumpInstallInfo
DumpUninstallInfo
EncodeBase64
EncodeURICompenet
Encrypt
ExecHide
GetPCID
GetPCQQUIN
KillProcess

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QQPCB1AndroidJmp/PluginInfo.xml
$PLUGINSDIR/QQPCB1AndroidJmp/QQPCB1AndroidJmp.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b6adf1e4dc047540e8c3c77030866bf8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

13:35:5c:82:69:c8:2c:34:2e:73:23:40:0e:36:4f:eb:86:a3:a9:ef
Signer

Actual PE Digest

13:35:5c:82:69:c8:2c:34:2e:73:23:40:0e:36:4f:eb:86:a3:a9:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\work\qqmgrgf\Basic\Output\BinFinal\plugins\qqpcb1androidjmp\QQPCB1AndroidJmp.pdb

Imports

kernel32

lstrcmpiW
CloseHandle
CreateProcessW
GetModuleHandleW
MapViewOfFile
UnmapViewOfFile
InterlockedExchange
WideCharToMultiByte
SetLastError
OpenFileMappingW
InterlockedCompareExchange
OpenEventW
SetEvent
GetLocalTime
GetCurrentThreadId
GetPrivateProfileStringW
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
GetProcessHeap
GetPrivateProfileIntW
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
GetVersionExA
GetLocaleInfoA
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetACP
GetThreadLocale
SetThreadLocale
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameW
LeaveCriticalSection
lstrlenW
EnterCriticalSection
GetSystemTimeAsFileTime
HeapDestroy

user32

FindWindowA
SendMessageTimeoutW
UnregisterClassA
CharNextW

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoW

ole32

CoTaskMemFree
StringFromCLSID
CoCreateInstance

oleaut32

VarUI4FromStr
SysFreeString
SysStringLen
LoadRegTypeLi
LoadTypeLi

atl80

ord61
ord23
ord64
ord58
ord30
ord31
ord18
ord32
ord15
ord22

shlwapi

PathFileExistsW

msvcr80

__clean_type_info_names_internal
_crt_debugger_hook
??3@YAXPAX@Z
_purecall
free
_CxxThrowException
??_V@YAXPAX@Z
??_U@YAPAXI@Z
__CxxFrameHandler3
_recalloc
wcsrchr
memcpy_s
malloc
wcscpy_s
wcsncpy_s
wcscat_s
wcsncat_s
memset
memmove_s
_snwprintf_s
??2@YAPAXI@Z
strncpy_s
fwrite
strchr
strrchr
_snprintf_s
fflush
_memicmp
setlocale
_vsnwprintf_s
?terminate@@YAXXZ
_except_handler4_common
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QQPCB1AndroidJmp/QQPCB1AndroidJmp.png
.png
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:62:90:e5:8c:54:f0:f1:eb:17:34:1a:13:10:e6:a4
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

30/09/2010, 00:00

Not After

01/01/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13
Signer

Actual PE Digest

78:2b:69:d9:a6:d3:2b:02:2f:0d:f6:35:ca:3e:de:c8:b4:96:ab:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsThread.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Create
Join

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 1024B - Virtual size: 871B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 517B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/res/nsis_skin.gt
$_48_/$_48_/AdbModeConfigV2.xml
$_48_/$_48_/AdbTools.dll
.dll windows:5 windows x86 arch:x86

67e046b2349bc3bb9a5f5b5941a43afe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17
Signer

Actual PE Digest

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbTools.pdb

Imports

kernel32

ReadFile
GetFileSize
Sleep
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RaiseException
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreatePipe
CreateFileW
CreateProcessW
WaitForSingleObject
TerminateThread
TerminateProcess
lstrlenA
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LocalFree
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CloseHandle
GetLastError
SetHandleInformation
MultiByteToWideChar
EnterCriticalSection
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
QueryPerformanceCounter

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString
SysAllocStringByteLen

msvcr100

??_U@YAPAXI@Z
wcsspn
wcscspn
wcsstr
memmove_s
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
memset
?terminate@@YAXXZ
_malloc_crt
??1exception@std@@UAE@XZ
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??0exception@std@@QAE@ABQBD@Z
_encoded_null
free
vsprintf_s
strcat_s
strcpy_s
wmemcpy_s
strstr
perror
_time64
memcpy_s
??_V@YAXPAX@Z
??2@YAPAXI@Z
strtol
sprintf_s
??3@YAXPAX@Z
malloc
__CxxFrameHandler3
_CxxThrowException
_purecall
memcpy

msvcp100

?_Xlength_error@std@@YAXPBD@Z

ws2_32

getsockopt
closesocket
socket
setsockopt
WSAGetLastError
htons
ioctlsocket
connect
select
recv
inet_addr
send

Exports

Exports

??0Cddms@@QAE@XZ
??0Cddms_Callback@@QAE@ABV0@@Z
??0Cddms_Callback@@QAE@XZ
??1Cddms@@QAE@XZ
??4Cddms@@QAEAAV0@ABV0@@Z
??4Cddms_Callback@@QAEAAV0@ABV0@@Z
??_7Cddms_Callback@@6B@
?_shellExcute@Cddms@@AAEJIPAD0@Z
?backup@Cddms@@QAEJIPADEEHHPAPAD@Z
?close@Cddms@@QAEXI@Z
?close@Cddms@@QAEXXZ
?closeTempSocket@Cddms@@QAEXI@Z
?connectToADB@Cddms@@AAEJIJ@Z
?fnddms@@YAHXZ
?getConnectTimeOut@Cddms@@QAEJXZ
?getDevices@Cddms@@QAEHPADH@Z
?getDevicesOnSocket@Cddms@@QAEHIPADH@Z
?getFrameBuffer@Cddms@@QAEJIPADPAPAUIStream@@@Z
?getLastError@Cddms@@QAEJXZ
?getNextDevice@Cddms@@SAHPADPAHH0@Z
?getReadTimeOut@Cddms@@QAEJXZ
?getTempSocket@Cddms@@QAEIXZ
?getWriteTimeOut@Cddms@@QAEJXZ
?init@Cddms@@AAEXPADH@Z
?install4MIUI@Cddms@@QAEJIIIIIIPADPA_W0PAHEHHPAVCddms_Callback@@0@Z
?install@Cddms@@QAEJIIIIIIPADPA_W0PAHEHH@Z
?install@Cddms@@QAEJIIIPADPA_W0PAHEHH@Z
?installFromDevice@Cddms@@QAEJIPAD00PAHEHH@Z
?killserver@Cddms@@QAEJIPBD@Z
?log@Cddms@@QAEJIPAD0H@Z
?nddms@@3HA
?onError@Cddms@@AAEXJPAD@Z
?open@Cddms@@QAEIJ@Z
?openSync@Cddms@@AAEJI@Z
?pull@Cddms@@QAEJIPADPA_W10PAH@Z
?push@Cddms@@QAEJIPADPA_W10PAH@Z
?pushFolder@Cddms@@QAEJIPADPA_W1@Z
?reboot@Cddms@@QAEJIPADH@Z
?rebootInTime@Cddms@@QAEJIPADHH@Z
?rebootTo@Cddms@@QAEJIPAD0H@Z
?rebootToInTime@Cddms@@QAEJIPAD0HH@Z
?restore@Cddms@@QAEJIPAD@Z
?setConnectTimeOut@Cddms@@QAEXJ@Z
?setDevice@Cddms@@AAEJIPAD@Z
?setReadTimeOut@Cddms@@QAEXJ@Z
?setSocketReadTimeOut@Cddms@@QAEXIH@Z
?setSocketWriteTimeOut@Cddms@@QAEXIH@Z
?setWriteTimeOut@Cddms@@QAEXJ@Z
?shellExcute@Cddms@@QAEJIPAD0HHH@Z
?shellExcute@Cddms@@QAEJIPAD0PAH0H@Z
?shellExcuteInTime@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteInTimeFlow@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteNoConnect@Cddms@@QAEJIPAD0PAH0H@Z
?tcpForward@Cddms@@QAEJIPADHHH@Z
?tcpKillForward@Cddms@@QAEJIPADHHH@Z
?udpForward@Cddms@@QAEJIPADHHH@Z
?udpKillForward@Cddms@@QAEJIPADHHH@Z
?uninstall@Cddms@@QAEJIPAD00PAHEH@Z
?waitforDevice@Cddms@@QAEJIPADH@Z
DDMS_Close
DDMS_GetDevices
DDMS_Open
DDMS_SetReadTimeOut
DDMS_SetWriteTimeOut

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_48_/$_48_/AdbWinApi.dll
.dll windows:5 windows x86 arch:x86

cbc9193647317ee12954479e6c046085

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7
Signer

Actual PE Digest

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinApi.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
SetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileW
DeviceIoControl
CloseHandle
WideCharToMultiByte
ReadFile
WriteFile
GetOverlappedResult
Sleep
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
InterlockedExchange
EncodePointer

ole32

CoCreateInstance

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_CxxThrowException
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_vswprintf
_wcsnicmp
_purecall
malloc
free
memset
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy
?what@exception@std@@UBEPBDXZ

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_48_/$_48_/AdbWinUsbApi.dll
.dll windows:5 windows x86 arch:x86

04f25f128abbee374d598a5e7d56ce0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01
Signer

Actual PE Digest

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinUsbApi.pdb

Imports

adbwinapi

??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??1AdbEndpointObject@@MAE@XZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?AddRef@AdbObjectHandle@@UAEJXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??1AdbInterfaceObject@@MAE@XZ
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??1AdbIOCompletion@@MAE@XZ
?IsCompleted@AdbIOCompletion@@UAE_NXZ

winusb

WinUsb_Free
WinUsb_QueryPipe
WinUsb_QueryInterfaceSettings
WinUsb_GetDescriptor
WinUsb_GetCurrentAlternateSetting
WinUsb_Initialize
WinUsb_SetPipePolicy
WinUsb_GetOverlappedResult
WinUsb_WritePipe
WinUsb_ReadPipe

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
SetLastError
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
CreateEventW
CloseHandle
CreateFileW
WideCharToMultiByte
Sleep
InterlockedExchange
DecodePointer
EncodePointer

ole32

CoCreateInstance

msvcr100

??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy

Exports

Exports

InstantiateWinUsbInterface

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdbModeConfigV2.xml
AdbTools.dll
.dll windows:5 windows x86 arch:x86

67e046b2349bc3bb9a5f5b5941a43afe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17
Signer

Actual PE Digest

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbTools.pdb

Imports

kernel32

ReadFile
GetFileSize
Sleep
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
RaiseException
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
CreatePipe
CreateFileW
CreateProcessW
WaitForSingleObject
TerminateThread
TerminateProcess
lstrlenA
HeapDestroy
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
LocalFree
WideCharToMultiByte
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
CloseHandle
GetLastError
SetHandleInformation
MultiByteToWideChar
EnterCriticalSection
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
InterlockedExchange
InterlockedCompareExchange
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
QueryPerformanceCounter

oleaut32

VariantClear
SysFreeString
SysStringLen
SysAllocString
SysAllocStringByteLen

msvcr100

??_U@YAPAXI@Z
wcsspn
wcscspn
wcsstr
memmove_s
_recalloc
calloc
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
memset
?terminate@@YAXXZ
_malloc_crt
??1exception@std@@UAE@XZ
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_unlock
__dllonexit
_lock
_onexit
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??0exception@std@@QAE@ABQBD@Z
_encoded_null
free
vsprintf_s
strcat_s
strcpy_s
wmemcpy_s
strstr
perror
_time64
memcpy_s
??_V@YAXPAX@Z
??2@YAPAXI@Z
strtol
sprintf_s
??3@YAXPAX@Z
malloc
__CxxFrameHandler3
_CxxThrowException
_purecall
memcpy

msvcp100

?_Xlength_error@std@@YAXPBD@Z

ws2_32

getsockopt
closesocket
socket
setsockopt
WSAGetLastError
htons
ioctlsocket
connect
select
recv
inet_addr
send

Exports

Exports

??0Cddms@@QAE@XZ
??0Cddms_Callback@@QAE@ABV0@@Z
??0Cddms_Callback@@QAE@XZ
??1Cddms@@QAE@XZ
??4Cddms@@QAEAAV0@ABV0@@Z
??4Cddms_Callback@@QAEAAV0@ABV0@@Z
??_7Cddms_Callback@@6B@
?_shellExcute@Cddms@@AAEJIPAD0@Z
?backup@Cddms@@QAEJIPADEEHHPAPAD@Z
?close@Cddms@@QAEXI@Z
?close@Cddms@@QAEXXZ
?closeTempSocket@Cddms@@QAEXI@Z
?connectToADB@Cddms@@AAEJIJ@Z
?fnddms@@YAHXZ
?getConnectTimeOut@Cddms@@QAEJXZ
?getDevices@Cddms@@QAEHPADH@Z
?getDevicesOnSocket@Cddms@@QAEHIPADH@Z
?getFrameBuffer@Cddms@@QAEJIPADPAPAUIStream@@@Z
?getLastError@Cddms@@QAEJXZ
?getNextDevice@Cddms@@SAHPADPAHH0@Z
?getReadTimeOut@Cddms@@QAEJXZ
?getTempSocket@Cddms@@QAEIXZ
?getWriteTimeOut@Cddms@@QAEJXZ
?init@Cddms@@AAEXPADH@Z
?install4MIUI@Cddms@@QAEJIIIIIIPADPA_W0PAHEHHPAVCddms_Callback@@0@Z
?install@Cddms@@QAEJIIIIIIPADPA_W0PAHEHH@Z
?install@Cddms@@QAEJIIIPADPA_W0PAHEHH@Z
?installFromDevice@Cddms@@QAEJIPAD00PAHEHH@Z
?killserver@Cddms@@QAEJIPBD@Z
?log@Cddms@@QAEJIPAD0H@Z
?nddms@@3HA
?onError@Cddms@@AAEXJPAD@Z
?open@Cddms@@QAEIJ@Z
?openSync@Cddms@@AAEJI@Z
?pull@Cddms@@QAEJIPADPA_W10PAH@Z
?push@Cddms@@QAEJIPADPA_W10PAH@Z
?pushFolder@Cddms@@QAEJIPADPA_W1@Z
?reboot@Cddms@@QAEJIPADH@Z
?rebootInTime@Cddms@@QAEJIPADHH@Z
?rebootTo@Cddms@@QAEJIPAD0H@Z
?rebootToInTime@Cddms@@QAEJIPAD0HH@Z
?restore@Cddms@@QAEJIPAD@Z
?setConnectTimeOut@Cddms@@QAEXJ@Z
?setDevice@Cddms@@AAEJIPAD@Z
?setReadTimeOut@Cddms@@QAEXJ@Z
?setSocketReadTimeOut@Cddms@@QAEXIH@Z
?setSocketWriteTimeOut@Cddms@@QAEXIH@Z
?setWriteTimeOut@Cddms@@QAEXJ@Z
?shellExcute@Cddms@@QAEJIPAD0HHH@Z
?shellExcute@Cddms@@QAEJIPAD0PAH0H@Z
?shellExcuteInTime@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteInTimeFlow@Cddms@@QAEJIPAD0PAH0HH@Z
?shellExcuteNoConnect@Cddms@@QAEJIPAD0PAH0H@Z
?tcpForward@Cddms@@QAEJIPADHHH@Z
?tcpKillForward@Cddms@@QAEJIPADHHH@Z
?udpForward@Cddms@@QAEJIPADHHH@Z
?udpKillForward@Cddms@@QAEJIPADHHH@Z
?uninstall@Cddms@@QAEJIPAD00PAHEH@Z
?waitforDevice@Cddms@@QAEJIPADH@Z
DDMS_Close
DDMS_GetDevices
DDMS_Open
DDMS_SetReadTimeOut
DDMS_SetWriteTimeOut

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdbWinApi.dll
.dll windows:5 windows x86 arch:x86

cbc9193647317ee12954479e6c046085

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7
Signer

Actual PE Digest

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinApi.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

kernel32

GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryW
GetFileAttributesW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
SetLastError
EnterCriticalSection
LeaveCriticalSection
CreateFileW
DeviceIoControl
CloseHandle
WideCharToMultiByte
ReadFile
WriteFile
GetOverlappedResult
Sleep
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
DecodePointer
InterlockedExchange
EncodePointer

ole32

CoCreateInstance

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_CxxThrowException
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??2@YAPAXI@Z
memmove
_vswprintf
_wcsnicmp
_purecall
malloc
free
memset
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??0exception@std@@QAE@ABV01@@Z
??_V@YAXPAX@Z
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy
?what@exception@std@@UBEPBDXZ

Exports

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z
??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??0AdbIOCompletion@@QAE@ABV0@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??0AdbInterfaceObject@@QAE@ABV0@@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??0AdbObjectHandle@@QAE@ABV0@@Z
??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z
??1AdbEndpointObject@@MAE@XZ
??1AdbIOCompletion@@MAE@XZ
??1AdbInterfaceObject@@MAE@XZ
??1AdbObjectHandle@@MAE@XZ
??4AdbEndpointObject@@QAEAAV0@ABV0@@Z
??4AdbIOCompletion@@QAEAAV0@ABV0@@Z
??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z
??4AdbObjectHandle@@QAEAAV0@ABV0@@Z
??_7AdbEndpointObject@@6B@
??_7AdbIOCompletion@@6B@
??_7AdbInterfaceObject@@6B@
??_7AdbObjectHandle@@6B@
?AddRef@AdbObjectHandle@@UAEJXZ
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ
?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
?IsCompleted@AdbIOCompletion@@UAE_NXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?IsOpened@AdbObjectHandle@@QBE_NXZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?Lookup@AdbObjectHandle@@SAPAV1@PAX@Z
?Release@AdbObjectHandle@@UAEJXZ
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?Type@AdbEndpointObject@@SA?AW4AdbObjectType@@XZ
?Type@AdbIOCompletion@@SA?AW4AdbObjectType@@XZ
?Type@AdbInterfaceObject@@SA?AW4AdbObjectType@@XZ
?adb_handle@AdbObjectHandle@@QBEPAXXZ
?endpoint_id@AdbEndpointObject@@QBEEXZ
?endpoint_index@AdbEndpointObject@@QBEEXZ
?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@XZ
?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ
?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ
?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ
?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ
?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ
?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ
?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ
AdbCloseHandle
AdbCreateInterface
AdbCreateInterfaceByName
AdbEnumInterfaces
AdbGetDefaultBulkReadEndpointInformation
AdbGetDefaultBulkWriteEndpointInformation
AdbGetEndpointInformation
AdbGetEndpointInterface
AdbGetInterfaceName
AdbGetOvelappedIoResult
AdbGetSerialNumber
AdbGetUsbConfigurationDescriptor
AdbGetUsbDeviceDescriptor
AdbGetUsbInterfaceDescriptor
AdbHasOvelappedIoComplated
AdbNextInterface
AdbOpenDefaultBulkReadEndpoint
AdbOpenDefaultBulkWriteEndpoint
AdbOpenEndpoint
AdbQueryInformationEndpoint
AdbReadEndpointAsync
AdbReadEndpointSync
AdbResetInterfaceEnum
AdbWriteEndpointAsync
AdbWriteEndpointSync

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AdbWinUsbApi.dll
.dll windows:5 windows x86 arch:x86

04f25f128abbee374d598a5e7d56ce0a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01
Signer

Actual PE Digest

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\4773\source\Running\Release\AdbWinUsbApi.pdb

Imports

adbwinapi

??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z
??1AdbEndpointObject@@MAE@XZ
?LastReferenceReleased@AdbObjectHandle@@MAEXXZ
?CreateHandle@AdbObjectHandle@@UAEPAXXZ
?CloseHandle@AdbObjectHandle@@UAE_NXZ
?AddRef@AdbObjectHandle@@UAEJXZ
?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z
?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z
?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z
?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z
?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z
??0AdbInterfaceObject@@QAE@PB_W@Z
??1AdbInterfaceObject@@MAE@XZ
?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z
?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z
?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z
?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z
??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z
??1AdbIOCompletion@@MAE@XZ
?IsCompleted@AdbIOCompletion@@UAE_NXZ

winusb

WinUsb_Free
WinUsb_QueryPipe
WinUsb_QueryInterfaceSettings
WinUsb_GetDescriptor
WinUsb_GetCurrentAlternateSetting
WinUsb_Initialize
WinUsb_SetPipePolicy
WinUsb_GetOverlappedResult
WinUsb_WritePipe
WinUsb_ReadPipe

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
SetLastError
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
CreateEventW
CloseHandle
CreateFileW
WideCharToMultiByte
Sleep
InterlockedExchange
DecodePointer
EncodePointer

ole32

CoCreateInstance

msvcr100

??2@YAPAXI@Z
??_V@YAXPAX@Z
memset
_unlock
__dllonexit
_lock
_onexit
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
??3@YAXPAX@Z
__CxxFrameHandler3
memcpy

Exports

Exports

InstantiateWinUsbInterface

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.7MB

.rsrc Size: 23KB - Virtual size: 22KB

.reloc Size: 4KB - Virtual size: 3KB

67e046b2349bc3bb9a5f5b5941a43afe

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

oleaut32

msvcr100

msvcp100

ws2_32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 2KB

cbc9193647317ee12954479e6c046085

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7Signer

Headers

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.7MB

.rsrc
Size: 23KB - Virtual size: 22KB

.reloc
Size: 4KB - Virtual size: 3KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

11:d7:13:bb:06:74:27:13:c7:69:f8:5e:db:3f:c5:b0:81:89:c8:17
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

d3:ec:ed:af:28:b0:51:7c:d7:d4:36:12:62:f1:e8:c5:c3:b0:03:c7
Signer

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

93:a5:de:d7:7c:55:88:65:f8:ed:2a:12:2a:77:b1:4d:2c:96:16:01
Signer

.text
Size: 6KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 251KB - Virtual size: 267KB

.rsrc
Size: 92KB - Virtual size: 91KB

.reloc
Size: 548KB - Virtual size: 547KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate