5d86ebd9783210c6652279fd1551a990_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

5d86ebd9783210c6652279fd1551a990_NeikiAnalytics.exe
Size

3.8MB
MD5

5d86ebd9783210c6652279fd1551a990
SHA1

7c63eff8b0dcfe2e230d0fa81dd0865004664699
SHA256

09ea013b96cfc4d76f691a8fa8bd232e10518f3375f90d2df9a915be6d3fd641
SHA512

1f10dc70129173f7e863e382dab3658f6a11e21470479d76a1d540b1ff10222e33815526648dfb1e11a929efac80a46f8020fa9b9ac165c43b86b23ffe4c487e
SSDEEP

98304:pHeQ1EC+u/gp2jE6qNtHyJsYxGZLg44nGxT6T37NKx:JEC+u/g0IrvZM44Gxg7NKx

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
5d86ebd9783210c6652279fd1551a990_NeikiAnalytics.exe
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/SkinBtn.dll
unpack001/$PLUGINSDIR/StdUtils.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/BgWorker.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/SkinBtn.dll
unpack002/$PLUGINSDIR/SkinProgress.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/WndProc.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/nsDialogs.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

5d86ebd9783210c6652279fd1551a990_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
Sleep
lstrcmpiA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
GetCommandLineA
GetTempPathA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/License.rtf
.rtf
$PLUGINSDIR/SkinBtn.dll
.dll windows:4 windows x86 arch:x86

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpynA
GetModuleHandleA
GlobalFree

user32

InvalidateRect
GetParent
SetWindowLongA
CallWindowProcA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
RemovePropA
GetWindowLongA
SetPropA

gdi32

GetObjectA
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

Init
Set
onClick

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

ea9b3ea5cd9e2014ad3724e31f62cf5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

isspace
_msize
??2@YAPAXI@Z
iscntrl
isalpha
sscanf
abort
_beginthreadex
time
srand
rand
strncpy
isalnum
strchr
__getmainargs
_strnicmp
_stricmp
??3@YAXPAX@Z
calloc
free
_wcsicmp
_snprintf
memset
memcpy

shlwapi

ord176

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

GetVersion
InterlockedExchange
HeapValidate
InterlockedDecrement
InterlockedIncrement
GetSystemTime
OutputDebugStringA
DeleteCriticalSection
GetExitCodeProcess
InitializeCriticalSection
SystemTimeToFileTime
TerminateThread
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetCommandLineA
GetVersionExA
GetFileAttributesA
LoadLibraryW
GetModuleHandleW
FreeLibrary
CloseHandle
GetFileSizeEx
ReadFile
WriteFile
GlobalAlloc
lstrcpynA
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetTickCount
Sleep
VerSetConditionMask
GetVersionExW
VerifyVersionInfoW
GetLastError
LocalAlloc
LocalFree
CreateFileA
SetFilePointerEx
MultiByteToWideChar

user32

MessageBoxW
RegisterClassA
DispatchMessageA
UnregisterClassA
AllowSetForegroundWindow
SetTimer
DestroyWindow
wsprintfA
GetWindowThreadProcessId
LoadStringW
MessageBoxA
MsgWaitForMultipleObjects
KillTimer
PeekMessageA
CreateWindowExA

shell32

ShellExecuteExA
SHFileOperationA
ShellExecuteA

ole32

CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

Exports

Exports

AppendToFile
DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetOsEdition
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
HashFile
HashText
InvokeShellVerb
ParameterCnt
ParameterStr
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
TestParameter
Time
TimerCreate
TimerDestroy
TrimStr
TrimStrLeft
TrimStrRight
ValidFileName
ValidPathSpec
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/bg.bmp
$PLUGINSDIR/bgAgreement.bmp
$PLUGINSDIR/btn_agreement.bmp
$PLUGINSDIR/btn_close.bmp
$PLUGINSDIR/btn_custom.bmp
$PLUGINSDIR/btn_install.bmp
$PLUGINSDIR/btn_install1.bmp
$PLUGINSDIR/btn_next.bmp
$PLUGINSDIR/btn_ok1.bmp
$PLUGINSDIR/btn_path.bmp
$PLUGINSDIR/btn_return.bmp
$PLUGINSDIR/btn_run.bmp
$PLUGINSDIR/finish.bmp
$PLUGINSDIR/kv1.bmp
$PLUGINSDIR/loading1.bmp
$PLUGINSDIR/loading2.bmp
$PLUGINSDIR/welcome.bmp
$_47_/Head/1.png
.png
$_47_/Head/10.png
.png
$_47_/Head/10_login.png
.png
$_47_/Head/10_over.png
.png
$_47_/Head/11.png
.png
$_47_/Head/11_login.png
.png
$_47_/Head/11_over.png
.png
$_47_/Head/12.png
.png
$_47_/Head/12_login.png
.png
$_47_/Head/12_over.png
.png
$_47_/Head/13.png
.png
$_47_/Head/13_login.png
.png
$_47_/Head/13_over.png
.png
$_47_/Head/14.png
.png
$_47_/Head/14_login.png
.png
$_47_/Head/14_over.png
.png
$_47_/Head/15.png
.png
$_47_/Head/15_login.png
.png
$_47_/Head/15_over.png
.png
$_47_/Head/16.png
.png
$_47_/Head/16_login.png
.png
$_47_/Head/16_over.png
.png
$_47_/Head/17.png
.png
$_47_/Head/17_login.png
.png
$_47_/Head/17_over.png
.png
$_47_/Skin/37Ϸ.jpg
.jpg
$_47_/Skin/37Ϸ/form_standalone_border.png
.png
$_47_/Skin/37Ϸ/game_bottom.png
.png
$_47_/Skin/37Ϸ/game_top.png
.png
$_47_/Skin/37Ϸ/home_down.png
.png
$_47_/Skin/37Ϸ/home_normal.png
.png
$_47_/Skin/37Ϸ/home_over.png
.png
$_47_/Skin/37Ϸ/search_down.png
.png
$_47_/Skin/37Ϸ/search_normal.png
.png
$_47_/Skin/37Ϸ/search_over.png
.png
$_47_/Skin/37Ϸ/shop_down.png
.png
$_47_/Skin/37Ϸ/shop_normal.png
.png
$_47_/Skin/37Ϸ/shop_over.png
.png
$_47_/Skin/37Ϸ/tab_head_sel_normal.png
.png
$_47_/Skin/37Ϸ/tingtingtop_down.png
.png
$_47_/Skin/37Ϸ/tingtingtop_normal.png
.png
$_47_/Skin/37Ϸ/tingtingtop_over.png
.png
$_47_/Skin/37Ϸ/web_button_down.png
.png
$_47_/Skin/37Ϸ/web_button_normal.png
.png
$_47_/Skin/37Ϸ/web_button_over.png
.png
$_47_/Skin/Default.jpg
.jpg
$_47_/Skin/Default/BottomBackground.bmp
$_47_/Skin/Default/Clear_Background.png
.png
$_47_/Skin/Default/Clear_down.png
.png
$_47_/Skin/Default/DownLoadForm_BK.bmp
$_47_/Skin/Default/DownLoadForm_Progress1.bmp
$_47_/Skin/Default/DownLoadForm_Progress2.bmp
$_47_/Skin/Default/Entergame_Down.png
.png
$_47_/Skin/Default/Entergame_Normal.png
.png
$_47_/Skin/Default/Entergame_Over.png
.png
$_47_/Skin/Default/FloatForm_Body.png
.png
$_47_/Skin/Default/FloatForm_Left.png
.png
$_47_/Skin/Default/FormExitMenu_Exit.png
.png
$_47_/Skin/Default/FormExitMenu_ExitOver.png
.png
$_47_/Skin/Default/FormExitMenu_Open.png
.png
$_47_/Skin/Default/FormExitMenu_OpenOver.png
.png
$_47_/Skin/Default/FormExitMenu_Set.png
.png
$_47_/Skin/Default/FormExitMenu_SetOver.png
.png
$_47_/Skin/Default/FormMain_Background.png
.png
$_47_/Skin/Default/FormMain_Close_Down.png
.png
$_47_/Skin/Default/FormMain_Close_Normal.png
.png
$_47_/Skin/Default/FormMain_Close_Over.png
.png
$_47_/Skin/Default/FormMain_Min_Down.png
.png
$_47_/Skin/Default/FormMain_Min_Normal.png
.png
$_47_/Skin/Default/FormMain_Min_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Add_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Add_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Delete.png
.png
$_47_/Skin/Default/FormMulAccount_Delete_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Delete_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Edit.png
.png
$_47_/Skin/Default/FormMulAccount_Edit_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_Edit_Over.png
.png
$_47_/Skin/Default/FormMulAccount_EnterGame_Normal.png
.png
$_47_/Skin/Default/FormMulAccount_EnterGame_Over.png
.png
$_47_/Skin/Default/FormMulAccount_Icon.png
.png
$_47_/Skin/Default/FormMulAccount_Line.jpg
.jpg
$_47_/Skin/Default/FormMulAccount_Line.png
.png
$_47_/Skin/Default/FormSetMenu_About.png
.png
$_47_/Skin/Default/FormSetMenu_AboutOver.png
.png
$_47_/Skin/Default/FormSetMenu_Commonproblem.png
.png
$_47_/Skin/Default/FormSetMenu_CommonproblemOver.png
.png
$_47_/Skin/Default/FormSetMenu_FeedBack.png
.png
$_47_/Skin/Default/FormSetMenu_FeedBackOver.png
.png
$_47_/Skin/Default/FormSetMenu_Officical.png
.png
$_47_/Skin/Default/FormSetMenu_OfficicalOver.png
.png
$_47_/Skin/Default/FormSetMenu_Set.png
.png
$_47_/Skin/Default/FormSetMenu_SetOver.png
.png
$_47_/Skin/Default/FormSetMenu_Version.png
.png
$_47_/Skin/Default/FormSetMenu_VersionOver.png
.png
$_47_/Skin/Default/FormUserMenu_Change.png
.png
$_47_/Skin/Default/FormUserMenu_Change_Over.png
.png
$_47_/Skin/Default/FormUserMenu_Safe.png
.png
$_47_/Skin/Default/FormUserMenu_Safe_Over.png
.png
$_47_/Skin/Default/Form_About_Logo.png
.png
$_47_/Skin/Default/Form_AddClock_Down.png
.png
$_47_/Skin/Default/Form_AddClock_Normal.png
.png
$_47_/Skin/Default/Form_AddClock_Over.png
.png
$_47_/Skin/Default/Form_Background.png
.png
$_47_/Skin/Default/Form_Boder.png
.png
$_47_/Skin/Default/Form_Bottom_Round.png
.png
$_47_/Skin/Default/Form_Checked.png
.png
$_47_/Skin/Default/Form_Chrome_ProBack.png
.png
$_47_/Skin/Default/Form_Chrome_ProPercent.png
.png
$_47_/Skin/Default/Form_Close_Down.png
.png
$_47_/Skin/Default/Form_Close_Normal.png
.png
$_47_/Skin/Default/Form_Close_Over.png
.png
$_47_/Skin/Default/Form_Cutline.png
.png
$_47_/Skin/Default/Form_Delete.png
.png
$_47_/Skin/Default/Form_Delete_Squarely.png
.png
$_47_/Skin/Default/Form_Doctor_Down.png
.png
$_47_/Skin/Default/Form_Doctor_Normal.png
.png
$_47_/Skin/Default/Form_Doctor_Over.png
.png
$_47_/Skin/Default/Form_DropDown_Normal.png
.png
$_47_/Skin/Default/Form_DropDown_Over.png
.png
$_47_/Skin/Default/Form_EditBg.png
.png
$_47_/Skin/Default/Form_Edit_Round.png
.png
$_47_/Skin/Default/Form_Edit_Squarely.png
.png
$_47_/Skin/Default/Form_Forbit_Icon.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_Exit_down.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_Lock_down.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock_Over.png
.png
$_47_/Skin/Default/Form_FullScreen_UnLock_down.png
.png
$_47_/Skin/Default/Form_FullScreen_bg.png
.png
$_47_/Skin/Default/Form_Guide1.jpg
.jpg
$_47_/Skin/Default/Form_Help_Down.png
.png
$_47_/Skin/Default/Form_Help_Normal.png
.png
$_47_/Skin/Default/Form_Help_Over.png
.png
$_47_/Skin/Default/Form_Img_First.png
.png
$_47_/Skin/Default/Form_Img_Second.png
.png
$_47_/Skin/Default/Form_KMHook_Frame.png
.png
$_47_/Skin/Default/Form_Large_Clock.png
.png
$_47_/Skin/Default/Form_Left.png
.png
$_47_/Skin/Default/Form_Min1_Down.png
.png
$_47_/Skin/Default/Form_Min1_Normal.png
.png
$_47_/Skin/Default/Form_Min1_Over.png
.png
$_47_/Skin/Default/Form_Min_Down.png
.png
$_47_/Skin/Default/Form_Min_Normal.png
.png
$_47_/Skin/Default/Form_Min_Over.png
.png
$_47_/Skin/Default/Form_MulAccount_bg.png
.png
$_47_/Skin/Default/Form_OK_Down.png
.png
$_47_/Skin/Default/Form_OK_Down_Chrome.png
.png
$_47_/Skin/Default/Form_OK_Normal.png
.png
$_47_/Skin/Default/Form_OK_Normal_Chrome.png
.png
$_47_/Skin/Default/Form_OK_Over.png
.png
$_47_/Skin/Default/Form_OK_Over_Chrome.png
.png
$_47_/Skin/Default/Form_RemindBg.png
.png
$_47_/Skin/Default/Form_Restore_Hint.png
.png
$_47_/Skin/Default/Form_Right.png
.png
$_47_/Skin/Default/Form_ScanCode.png
.png
$_47_/Skin/Default/Form_Set_Background_Grey.png
.png
$_47_/Skin/Default/Form_Set_Background_White.png
.png
$_47_/Skin/Default/Form_Set_Bg_Down.png
.png
$_47_/Skin/Default/Form_Set_Bg_Normal.png
.png
$_47_/Skin/Default/Form_Set_Bg_Over.png
.png
$_47_/Skin/Default/Form_SideScanCode.png
.png
$_47_/Skin/Default/Form_Small_Clock.png
.png
$_47_/Skin/Default/Form_Stock_code.png
.png
$_47_/Skin/Default/Form_Tips_Icon.png
.png
$_47_/Skin/Default/Form_Title.png
.png
$_47_/Skin/Default/Form_Title1.png
.png
$_47_/Skin/Default/Form_Unchecked.png
.png
$_47_/Skin/Default/Form_Upgrade_Down.png
.png
$_47_/Skin/Default/Form_Upgrade_New.png
.png
$_47_/Skin/Default/Form_Upgrade_ProBack.png
.png
$_47_/Skin/Default/Form_Upgrade_ProPercent.png
.png
$_47_/Skin/Default/Form_Upgrade_Tips.png
.png
$_47_/Skin/Default/Frame_Boder.png
.png
$_47_/Skin/Default/Frame_Titlebg.png
.png
$_47_/Skin/Default/Frame_Titlebg1.png
.png
$_47_/Skin/Default/GameNews_Btn_Normal.png
.png
$_47_/Skin/Default/GameNews_Btn_Over.png
.png
$_47_/Skin/Default/Img_DownIcon.png
.png
$_47_/Skin/Default/KMHelp.jpg
.jpg
$_47_/Skin/Default/NetDisconTip.png
.png
$_47_/Skin/Default/NetProxyTip.png
.png
$_47_/Skin/Default/Progress_Back.png
.png
$_47_/Skin/Default/Progress_Point.png
.png
$_47_/Skin/Default/Progress_Roll.png
.png
$_47_/Skin/Default/Proxy_GameBlack.png
.png
$_47_/Skin/Default/Radio_Checked.png
.png
$_47_/Skin/Default/Radio_Unchecked.png
.png
$_47_/Skin/Default/Radiobtn_Checked.png
.png
$_47_/Skin/Default/Radiobtn_Unchecked.png
.png
$_47_/Skin/Default/Recharge_down.png
.png
$_47_/Skin/Default/Refresh_down.png
.png
$_47_/Skin/Default/ScrollBackground.png
.png
$_47_/Skin/Default/ScrollDown_Normal.png
.png
$_47_/Skin/Default/ScrollDown_Over.png
.png
$_47_/Skin/Default/ScrollDropdown_Normal.png
.png
$_47_/Skin/Default/ScrollDropdown_Over.png
.png
$_47_/Skin/Default/ScrollPercent_Normal.png
.png
$_47_/Skin/Default/ScrollPercent_Over.png
.png
$_47_/Skin/Default/ScrollUp_Normal.png
.png
$_47_/Skin/Default/ScrollUp_Over.png
.png
$_47_/Skin/Default/Signals0.png
.png
$_47_/Skin/Default/Signals1.png
.png
$_47_/Skin/Default/Signals2.png
.png
$_47_/Skin/Default/Signals3.png
.png
$_47_/Skin/Default/Signals4.png
.png
$_47_/Skin/Default/SkinDefine.xml
$_47_/Skin/Default/StandAlone_floating_background.png
.png
$_47_/Skin/Default/StandAlone_floating_button_close.png
.png
$_47_/Skin/Default/ThirdLogin11.png
.png
$_47_/Skin/Default/ThirdLogin12.png
.png
$_47_/Skin/Default/ThirdLogin13.png
.png
$_47_/Skin/Default/Tick_Off.png
.png
$_47_/Skin/Default/Tick_On.png
.png
$_47_/Skin/Default/UserMenu_Binding.png
.png
$_47_/Skin/Default/UserMenu_Binding_Over.png
.png
$_47_/Skin/Default/VIP0.png
.png
$_47_/Skin/Default/VIP1.png
.png
$_47_/Skin/Default/VIP2.png
.png
$_47_/Skin/Default/VIP3.png
.png
$_47_/Skin/Default/VIP4.png
.png
$_47_/Skin/Default/VIP5.png
.png
$_47_/Skin/Default/VIP6.png
.png
$_47_/Skin/Default/VIP7.png
.png
$_47_/Skin/Default/VIP8.png
.png
$_47_/Skin/Default/accelerate_b_down.png
.png
$_47_/Skin/Default/accelerate_b_normal.png
.png
$_47_/Skin/Default/accelerate_b_over.png
.png
$_47_/Skin/Default/accelerate_down.png
.png
$_47_/Skin/Default/accelerate_normal.png
.png
$_47_/Skin/Default/accelerate_over.png
.png
$_47_/Skin/Default/autoclear_normal.png
.png
$_47_/Skin/Default/autoclear_over.png
.png
$_47_/Skin/Default/autoclear_sel_normal.png
.png
$_47_/Skin/Default/autoclear_sel_over.png
.png
$_47_/Skin/Default/binding_floating_background.png
.png
$_47_/Skin/Default/btn_Clear_Down.png
.png
$_47_/Skin/Default/btn_Clear_Normal.png
.png
$_47_/Skin/Default/btn_Clear_Over.png
.png
$_47_/Skin/Default/btn_off.png
.png
$_47_/Skin/Default/btn_on.png
.png
$_47_/Skin/Default/bulletin_down.png
.png
$_47_/Skin/Default/bulletin_normal.png
.png
$_47_/Skin/Default/bulletin_over.png
.png
$_47_/Skin/Default/catechisml_down.png
.png
$_47_/Skin/Default/catechisml_normal.png
.png
$_47_/Skin/Default/catechisml_over.png
.png
$_47_/Skin/Default/chun_down.png
.png
$_47_/Skin/Default/chun_normal.png
.png
$_47_/Skin/Default/chun_over.png
.png
$_47_/Skin/Default/clear_icon.png
.png
$_47_/Skin/Default/clear_normal.png
.png
$_47_/Skin/Default/clear_over.png
.png
$_47_/Skin/Default/clock_down.png
.png
$_47_/Skin/Default/clock_icon.png
.png
$_47_/Skin/Default/clock_normal.png
.png
$_47_/Skin/Default/clock_over.png
.png
$_47_/Skin/Default/dns_icon.png
.png
$_47_/Skin/Default/dropdown_down.png
.png
$_47_/Skin/Default/dropdown_normal.png
.png
$_47_/Skin/Default/dropdown_over.png
.png
$_47_/Skin/Default/form_bottom.png
.png
$_47_/Skin/Default/form_remind_active.png
.png
$_47_/Skin/Default/form_remind_background.png
.png
$_47_/Skin/Default/form_remind_clock.png
.png
$_47_/Skin/Default/form_remind_close_down.png
.png
$_47_/Skin/Default/form_remind_close_normal.png
.png
$_47_/Skin/Default/form_remind_close_over.png
.png
$_47_/Skin/Default/form_remind_gift.png
.png
$_47_/Skin/Default/form_standalone_border.png
.png
$_47_/Skin/Default/form_standalone_boss.png
.png
$_47_/Skin/Default/form_standalone_button_down.png
.png
$_47_/Skin/Default/form_standalone_button_normal.png
.png
$_47_/Skin/Default/form_standalone_button_over.png
.png
$_47_/Skin/Default/form_standalone_mute.png
.png
$_47_/Skin/Default/form_standalone_recharge.png
.png
$_47_/Skin/Default/form_standalone_refresh.png
.png
$_47_/Skin/Default/form_standalone_standalone.png
.png
$_47_/Skin/Default/form_standalone_topmost.png
.png
$_47_/Skin/Default/form_standalone_topmost_sel.png
.png
$_47_/Skin/Default/form_standalone_voice.png
.png
$_47_/Skin/Default/formtt_Title.png
.png
$_47_/Skin/Default/formtt_boder.png
.png
$_47_/Skin/Default/formtt_close_down.png
.png
$_47_/Skin/Default/formtt_close_normal.png
.png
$_47_/Skin/Default/formtt_close_over.png
.png
$_47_/Skin/Default/formtt_min_down.png
.png
$_47_/Skin/Default/formtt_min_normal.png
.png
$_47_/Skin/Default/formtt_min_over.png
.png
$_47_/Skin/Default/formtt_top_down.png
.png
$_47_/Skin/Default/formtt_top_normal.png
.png
$_47_/Skin/Default/formtt_top_over.png
.png
$_47_/Skin/Default/formtt_under_down.png
.png
$_47_/Skin/Default/formtt_under_normal.png
.png
$_47_/Skin/Default/formtt_under_over.png
.png
$_47_/Skin/Default/fullscreen_down.png
.png
$_47_/Skin/Default/fullscreen_normal.png
.png
$_47_/Skin/Default/fullscreen_over.png
.png
$_47_/Skin/Default/fullscreen_sel_down.png
.png
$_47_/Skin/Default/fullscreen_sel_normal.png
.png
$_47_/Skin/Default/fullscreen_sel_over.png
.png
$_47_/Skin/Default/game_bbs_normal.png
.png
$_47_/Skin/Default/game_bbs_over.png
.png
$_47_/Skin/Default/game_boder.png
.png
$_47_/Skin/Default/game_boss_normal.png
.png
$_47_/Skin/Default/game_boss_over.png
.png
$_47_/Skin/Default/game_bottom.png
.png
$_47_/Skin/Default/game_close_down.bmp
$_47_/Skin/Default/game_close_down.png
.png
$_47_/Skin/Default/game_close_normal.png
.png
$_47_/Skin/Default/game_close_over.png
.png
$_47_/Skin/Default/game_doctor_down.png
.png
$_47_/Skin/Default/game_doctor_normal.png
.png
$_47_/Skin/Default/game_doctor_over.png
.png
$_47_/Skin/Default/game_left.bmp
$_47_/Skin/Default/game_max_down.png
.png
$_47_/Skin/Default/game_max_normal.png
.png
$_47_/Skin/Default/game_max_over.png
.png
$_47_/Skin/Default/game_message_down.png
.png
$_47_/Skin/Default/game_message_normal.png
.png
$_47_/Skin/Default/game_message_over.png
.png
$_47_/Skin/Default/game_min_down.png
.png
$_47_/Skin/Default/game_min_normal.png
.png
$_47_/Skin/Default/game_min_over.png
.png
$_47_/Skin/Default/game_nor_down.png
.png
$_47_/Skin/Default/game_nor_normal.png
.png
$_47_/Skin/Default/game_nor_over.png
.png
$_47_/Skin/Default/game_official_normal.png
.png
$_47_/Skin/Default/game_official_over.png
.png
$_47_/Skin/Default/game_right.bmp
$_47_/Skin/Default/game_right.png
.png
$_47_/Skin/Default/game_set_down.png
.png
$_47_/Skin/Default/game_set_normal.png
.png
$_47_/Skin/Default/game_set_over.png
.png
$_47_/Skin/Default/game_skin_down.png
.png
$_47_/Skin/Default/game_skin_normal.png
.png
$_47_/Skin/Default/game_skin_over.png
.png
$_47_/Skin/Default/game_top.png
.png
$_47_/Skin/Default/gift_down.png
.png
$_47_/Skin/Default/gift_normal.jpg
.jpg
$_47_/Skin/Default/gift_normal.png
.png
$_47_/Skin/Default/gift_over.jpg
.jpg
$_47_/Skin/Default/gift_over.png
.png
$_47_/Skin/Default/guide_close_normal.jpg
.jpg
$_47_/Skin/Default/guide_close_normal.png
.png
$_47_/Skin/Default/guide_close_over.jpg
.jpg
$_47_/Skin/Default/guide_close_over.png
.png
$_47_/Skin/Default/guide_next1_normal.jpg
.jpg
$_47_/Skin/Default/guide_next1_normal.png
.png
$_47_/Skin/Default/guide_next1_over.jpg
.jpg
$_47_/Skin/Default/guide_next1_over.png
.png
$_47_/Skin/Default/guide_next2 _over.png
.png
$_47_/Skin/Default/guide_next3_normal.jpg
.jpg
$_47_/Skin/Default/guide_next3_normal.png
.png
$_47_/Skin/Default/guide_next3_over.jpg
.jpg
$_47_/Skin/Default/guide_next3_over.png
.png
$_47_/Skin/Default/hidden_down.png
.png
$_47_/Skin/Default/hidden_normal.png
.png
$_47_/Skin/Default/hidden_over.png
.png
$_47_/Skin/Default/home_down.png
.png
$_47_/Skin/Default/home_normal.png
.png
$_47_/Skin/Default/home_over.png
.png
$_47_/Skin/Default/icon.png
.png
$_47_/Skin/Default/ie_icon.png
.png
$_47_/Skin/Default/img_kernel_tips1.png
.png
$_47_/Skin/Default/img_kernel_tips2.png
.png
$_47_/Skin/Default/kernel_icon_normal.png
.png
$_47_/Skin/Default/kernel_icon_over.png
.png
$_47_/Skin/Default/keyelves_down.png
.png
$_47_/Skin/Default/keyelves_normal.png
.png
$_47_/Skin/Default/keyelves_over.png
.png
$_47_/Skin/Default/keyelves_stop_down.png
.png
$_47_/Skin/Default/keyelves_stop_normal.png
.png
$_47_/Skin/Default/keyelves_stop_over.png
.png
$_47_/Skin/Default/menu_button_normal.png
.png
$_47_/Skin/Default/menu_button_over.png
.png
$_47_/Skin/Default/more_down.png
.png
$_47_/Skin/Default/more_normal.png
.png
$_47_/Skin/Default/more_over.png
.png
$_47_/Skin/Default/more_sel_down.png
.png
$_47_/Skin/Default/more_sel_normal.png
.png
$_47_/Skin/Default/more_sel_over.png
.png
$_47_/Skin/Default/multaccount_down.png
.png
$_47_/Skin/Default/multaccount_normal.png
.png
$_47_/Skin/Default/multaccount_over.png
.png
$_47_/Skin/Default/official_down.png
.png
$_47_/Skin/Default/official_normal.png
.png
$_47_/Skin/Default/official_over.png
.png
$_47_/Skin/Default/opensocks_down.png
.png
$_47_/Skin/Default/opensocks_normal.png
.png
$_47_/Skin/Default/opensocks_over.png
.png
$_47_/Skin/Default/progressbar.png
.png
$_47_/Skin/Default/progressbar_bg.png
.png
$_47_/Skin/Default/recharge_normal.png
.png
$_47_/Skin/Default/recharge_over.png
.png
$_47_/Skin/Default/record_down.png
.png
$_47_/Skin/Default/record_normal.png
.png
$_47_/Skin/Default/record_over.png
.png
$_47_/Skin/Default/record_unable.png
.png
$_47_/Skin/Default/refresh_normal.png
.png
$_47_/Skin/Default/refresh_over.png
.png
$_47_/Skin/Default/remind_down.png
.png
$_47_/Skin/Default/remind_normal.png
.png
$_47_/Skin/Default/remind_over.png
.png
$_47_/Skin/Default/replay_down.png
.png
$_47_/Skin/Default/replay_normal.png
.png
$_47_/Skin/Default/replay_over.png
.png
$_47_/Skin/Default/replay_unable.png
.png
$_47_/Skin/Default/right.bmp
$_47_/Skin/Default/search_down.png
.png
$_47_/Skin/Default/search_normal.png
.png
$_47_/Skin/Default/search_over.png
.png
$_47_/Skin/Default/service_down.png
.png
$_47_/Skin/Default/service_normal.png
.png
$_47_/Skin/Default/service_over.png
.png
$_47_/Skin/Default/shadow_frame.png
.png
$_47_/Skin/Default/shop_down.png
.png
$_47_/Skin/Default/shop_normal.png
.png
$_47_/Skin/Default/shop_over.png
.png
$_47_/Skin/Default/shortcut_down.png
.png
$_47_/Skin/Default/shortcut_normal.png
.png
$_47_/Skin/Default/shortcut_over.png
.png
$_47_/Skin/Default/shutdown_down.png
.png
$_47_/Skin/Default/shutdown_down_b.png
.png
$_47_/Skin/Default/shutdown_normal.png
.png
$_47_/Skin/Default/shutdown_normal_b.png
.png
$_47_/Skin/Default/shutdown_over.png
.png
$_47_/Skin/Default/shutdown_over_b.png
.png
$_47_/Skin/Default/sign_floating_background.png
.png
$_47_/Skin/Default/sign_floating_button_close.png
.png
$_47_/Skin/Default/signin_down.png
.png
$_47_/Skin/Default/signin_normal.png
.png
$_47_/Skin/Default/signin_over.png
.png
$_47_/Skin/Default/skin_over_frame.png
.png
$_47_/Skin/Default/skin_selected.png
.png
$_47_/Skin/Default/standalone_down.png
.png
$_47_/Skin/Default/standalone_normal.png
.png
$_47_/Skin/Default/standalone_over.png
.png
$_47_/Skin/Default/stop_down.png
.png
$_47_/Skin/Default/stop_normal.png
.png
$_47_/Skin/Default/stop_over.png
.png
$_47_/Skin/Default/stop_record_down.png
.png
$_47_/Skin/Default/stop_record_normal.png
.png
$_47_/Skin/Default/stop_record_over.png
.png
$_47_/Skin/Default/stop_replay_down.png
.png
$_47_/Skin/Default/stop_replay_normal.png
.png
$_47_/Skin/Default/stop_replay_over.png
.png
$_47_/Skin/Default/stop_unable.png
.png
$_47_/Skin/Default/switchkernel_b_normal.png
.png
$_47_/Skin/Default/switchkernel_b_over.png
.png
$_47_/Skin/Default/switchkernel_normal.png
.png
$_47_/Skin/Default/switchkernel_over.png
.png
$_47_/Skin/Default/tab_head_close_normal.png
.png
$_47_/Skin/Default/tab_head_close_over.png
.png
$_47_/Skin/Default/tab_head_normal.png
.png
$_47_/Skin/Default/tab_head_over.png
.png
$_47_/Skin/Default/tab_head_sel_normal.png
.png
$_47_/Skin/Default/taccelerate_down.png
.png
$_47_/Skin/Default/taccelerate_normal.png
.png
$_47_/Skin/Default/taccelerate_over.png
.png
$_47_/Skin/Default/tcatechisml_down.png
.png
$_47_/Skin/Default/tcatechisml_normal.png
.png
$_47_/Skin/Default/tcatechisml_over.png
.png
$_47_/Skin/Default/tclock_down.png
.png
$_47_/Skin/Default/tclock_normal.png
.png
$_47_/Skin/Default/tclock_over.png
.png
$_47_/Skin/Default/tick.png
.png
$_47_/Skin/Default/tingting_down.png
.png
$_47_/Skin/Default/tingting_floating_background.png
.png
$_47_/Skin/Default/tingting_floating_button_close.png
.png
$_47_/Skin/Default/tingting_normal.png
.png
$_47_/Skin/Default/tingting_over.png
.png
$_47_/Skin/Default/tingtingtop_down.png
.png
$_47_/Skin/Default/tingtingtop_normal.png
.png
$_47_/Skin/Default/tingtingtop_over.png
.png
$_47_/Skin/Default/tips_reddot.png
.png
$_47_/Skin/Default/tips_reddot2.png
.png
$_47_/Skin/Default/tkeyelves_down.png
.png
$_47_/Skin/Default/tkeyelves_normal.png
.png
$_47_/Skin/Default/tkeyelves_over.png
.png
$_47_/Skin/Default/tmultaccount_down.png
.png
$_47_/Skin/Default/tmultaccount_normal.png
.png
$_47_/Skin/Default/tmultaccount_over.png
.png
$_47_/Skin/Default/tool_button_down.png
.png
$_47_/Skin/Default/tool_button_normal.png
.png
$_47_/Skin/Default/tool_button_over.png
.png
$_47_/Skin/Default/tool_menu_normal.png
.png
$_47_/Skin/Default/tool_menu_over.png
.png
$_47_/Skin/Default/toolmanage_down.png
.png
$_47_/Skin/Default/toolmanage_normal.png
.png
$_47_/Skin/Default/toolmanage_over.png
.png
$_47_/Skin/Default/tshutdown_down.png
.png
$_47_/Skin/Default/tshutdown_normal.png
.png
$_47_/Skin/Default/tshutdown_over.png
.png
$_47_/Skin/Default/tvoice_down.png
.png
$_47_/Skin/Default/tvoice_normal.png
.png
$_47_/Skin/Default/tvoice_over.png
.png
$_47_/Skin/Default/voice_down.png
.png
$_47_/Skin/Default/voice_mute_down.png
.png
$_47_/Skin/Default/voice_mute_normal.png
.png
$_47_/Skin/Default/voice_mute_over.png
.png
$_47_/Skin/Default/voice_normal.png
.png
$_47_/Skin/Default/voice_over.png
.png
$_47_/Skin/Default/web_button_down.png
.png
$_47_/Skin/Default/web_button_normal.png
.png
$_47_/Skin/Default/web_button_over.png
.png
$_47_/Skin/Default/yx_down.png
.png
$_47_/Skin/Default/yx_normal.png
.png
$_47_/Skin/Default/yx_over.png
.png
$_47_/Skin/Waiting.jpg
.jpg
$_47_/Skin/ʹ֮ר.jpg
.jpg
$_47_/Skin/ʹ֮ר/form_standalone_border.png
.png
$_47_/Skin/ʹ֮ר/game_boder.png
.png
$_47_/Skin/ʹ֮ר/game_bottom.png
.png
$_47_/Skin/ʹ֮ר/game_top.png
.png
$_47_/Skin/ʹ֮ר/home_down.png
.png
$_47_/Skin/ʹ֮ר/home_normal.png
.png
$_47_/Skin/ʹ֮ר/home_over.png
.png
$_47_/Skin/ʹ֮ר/search_down.png
.png
$_47_/Skin/ʹ֮ר/search_normal.png
.png
$_47_/Skin/ʹ֮ר/search_over.png
.png
$_47_/Skin/ʹ֮ר/shop_down.png
.png
$_47_/Skin/ʹ֮ר/shop_normal.png
.png
$_47_/Skin/ʹ֮ר/shop_over.png
.png
$_47_/Skin/ʹ֮ר/tab_head_close_normal.png
.png
$_47_/Skin/ʹ֮ר/tab_head_normal.png
.png
$_47_/Skin/ʹ֮ר/tab_head_over.png
.png
$_47_/Skin/ʹ֮ר/tab_head_sel_normal.png
.png
$_47_/Skin/ʹ֮ר/tingtingtop_down.png
.png
$_47_/Skin/ʹ֮ר/tingtingtop_normal.png
.png
$_47_/Skin/ʹ֮ר/tingtingtop_over.png
.png
$_47_/Skin/ʹ֮ר/web_button_down.png
.png
$_47_/Skin/ʹ֮ר/web_button_normal.png
.png
$_47_/Skin/ʹ֮ר/web_button_over.png
.png
$_47_/Skin/.jpg
.jpg
$_47_/Skin//form_standalone_border.png
.png
$_47_/Skin//game_bottom.png
.png
$_47_/Skin//game_top.png
.png
$_47_/Skin//home_down.png
.png
$_47_/Skin//home_normal.png
.png
$_47_/Skin//home_over.png
.png
$_47_/Skin//search_down.png
.png
$_47_/Skin//search_normal.png
.png
$_47_/Skin//search_over.png
.png
$_47_/Skin//shop_down.png
.png
$_47_/Skin//shop_normal.png
.png
$_47_/Skin//shop_over.png
.png
$_47_/Skin//tab_head_close_normal.png
.png
$_47_/Skin//tab_head_sel_normal.png
.png
$_47_/Skin//tingtingtop_down.png
.png
$_47_/Skin//tingtingtop_normal.png
.png
$_47_/Skin//tingtingtop_over.png
.png
$_47_/Skin//web_button_down.png
.png
$_47_/Skin//web_button_normal.png
.png
$_47_/Skin//web_button_over.png
.png
$_47_/Skin/Լר.jpg
.jpg
$_47_/Skin/Լר/form_standalone_border.png
.png
$_47_/Skin/Լר/game_boder.png
.png
$_47_/Skin/Լר/game_bottom.png
.png
$_47_/Skin/Լר/game_top.png
.png
$_47_/Skin/Լר/home_down.png
.png
$_47_/Skin/Լר/home_normal.png
.png
$_47_/Skin/Լר/home_over.png
.png
$_47_/Skin/Լר/search_down.png
.png
$_47_/Skin/Լר/search_normal.png
.png
$_47_/Skin/Լר/search_over.png
.png
$_47_/Skin/Լר/shop_down.png
.png
$_47_/Skin/Լר/shop_normal.png
.png
$_47_/Skin/Լר/shop_over.png
.png
$_47_/Skin/Լר/tab_head_close_normal.png
.png
$_47_/Skin/Լר/tab_head_normal.png
.png
$_47_/Skin/Լר/tab_head_over.png
.png
$_47_/Skin/Լר/tab_head_sel_normal.png
.png
$_47_/Skin/Լר/tingtingtop_down.png
.png
$_47_/Skin/Լר/tingtingtop_normal.png
.png
$_47_/Skin/Լר/tingtingtop_over.png
.png
$_47_/Skin/Լר/tool_button_down.png
.png
$_47_/Skin/Լר/tool_button_normal.png
.png
$_47_/Skin/Լר/tool_button_over.png
.png
$_47_/Skin/Լר/web_button_down.png
.png
$_47_/Skin/Լר/web_button_normal.png
.png
$_47_/Skin/Լר/web_button_over.png
.png
$_47_/Skin/Ҷ.jpg
.jpg
$_47_/Skin/Ҷ/form_standalone_border.png
.png
$_47_/Skin/Ҷ/game_bottom.png
.png
$_47_/Skin/Ҷ/game_top.png
.png
$_47_/Skin/Ҷ/home_down.png
.png
$_47_/Skin/Ҷ/home_normal.png
.png
$_47_/Skin/Ҷ/home_over.png
.png
$_47_/Skin/Ҷ/search_down.png
.png
$_47_/Skin/Ҷ/search_normal.png
.png
$_47_/Skin/Ҷ/search_over.png
.png
$_47_/Skin/Ҷ/shop_down.png
.png
$_47_/Skin/Ҷ/shop_normal.png
.png
$_47_/Skin/Ҷ/shop_over.png
.png
$_47_/Skin/Ҷ/tab_head_close_normal.png
.png
$_47_/Skin/Ҷ/tab_head_sel_normal.png
.png
$_47_/Skin/Ҷ/tingtingtop_down.png
.png
$_47_/Skin/Ҷ/tingtingtop_normal.png
.png
$_47_/Skin/Ҷ/tingtingtop_over.png
.png
$_47_/Skin/Ҷ/web_button_down.png
.png
$_47_/Skin/Ҷ/web_button_normal.png
.png
$_47_/Skin/Ҷ/web_button_over.png
.png
$_47_/Skin/.jpg
.jpg
$_47_/Skin//form_standalone_border.png
.png
$_47_/Skin//game_bottom.png
.png
$_47_/Skin//game_top.png
.png
$_47_/Skin//home_down.png
.png
$_47_/Skin//home_normal.png
.png
$_47_/Skin//home_over.png
.png
$_47_/Skin//search_down.png
.png
$_47_/Skin//search_normal.png
.png
$_47_/Skin//search_over.png
.png
$_47_/Skin//shop_down.png
.png
$_47_/Skin//shop_normal.png
.png
$_47_/Skin//shop_over.png
.png
$_47_/Skin//tab_head_close_normal.png
.png
$_47_/Skin//tab_head_sel_normal.png
.png
$_47_/Skin//tingtingtop_down.png
.png
$_47_/Skin//tingtingtop_normal.png
.png
$_47_/Skin//tingtingtop_over.png
.png
$_47_/Skin//web_button_down.png
.png
$_47_/Skin//web_button_normal.png
.png
$_47_/Skin//web_button_over.png
.png
$_47_/Skin/ִ.jpg
.jpg
$_47_/Skin/ִ/form_standalone_border.png
.png
$_47_/Skin/ִ/game_bottom.png
.png
$_47_/Skin/ִ/game_top.png
.png
$_47_/Skin/ִ/home_down.png
.png
$_47_/Skin/ִ/home_normal.png
.png
$_47_/Skin/ִ/home_over.png
.png
$_47_/Skin/ִ/search_down.png
.png
$_47_/Skin/ִ/search_normal.png
.png
$_47_/Skin/ִ/search_over.png
.png
$_47_/Skin/ִ/shop_down.png
.png
$_47_/Skin/ִ/shop_normal.png
.png
$_47_/Skin/ִ/shop_over.png
.png
$_47_/Skin/ִ/tab_head_close_normal.png
.png
$_47_/Skin/ִ/tab_head_sel_normal.png
.png
$_47_/Skin/ִ/tingtingtop_down.png
.png
$_47_/Skin/ִ/tingtingtop_normal.png
.png
$_47_/Skin/ִ/tingtingtop_over.png
.png
$_47_/Skin/ִ/web_button_down.png
.png
$_47_/Skin/ִ/web_button_normal.png
.png
$_47_/Skin/ִ/web_button_over.png
.png
$_47_/Skin/´.jpg
.jpg
$_47_/Skin/´/form_standalone_border.png
.png
$_47_/Skin/´/game_bottom.png
.png
$_47_/Skin/´/game_top.png
.png
$_47_/Skin/´/home_down.png
.png
$_47_/Skin/´/home_normal.png
.png
$_47_/Skin/´/home_over.png
.png
$_47_/Skin/´/search_down.png
.png
$_47_/Skin/´/search_normal.png
.png
$_47_/Skin/´/search_over.png
.png
$_47_/Skin/´/shop_down.png
.png
$_47_/Skin/´/shop_normal.png
.png
$_47_/Skin/´/shop_over.png
.png
$_47_/Skin/´/tab_head_close_normal.png
.png
$_47_/Skin/´/tab_head_sel_normal.png
.png
$_47_/Skin/´/tingtingtop_down.png
.png
$_47_/Skin/´/tingtingtop_normal.png
.png
$_47_/Skin/´/tingtingtop_over.png
.png
$_47_/Skin/´/web_button_down.png
.png
$_47_/Skin/´/web_button_normal.png
.png
$_47_/Skin/´/web_button_over.png
.png
$_47_/Skin/ǿ.jpg
.jpg
$_47_/Skin/ǿ/form_standalone_border.png
.png
$_47_/Skin/ǿ/game_bottom.png
.png
$_47_/Skin/ǿ/game_top.png
.png
$_47_/Skin/ǿ/home_down.png
.png
$_47_/Skin/ǿ/home_normal.png
.png
$_47_/Skin/ǿ/home_over.png
.png
$_47_/Skin/ǿ/search_down.png
.png
$_47_/Skin/ǿ/search_normal.png
.png
$_47_/Skin/ǿ/search_over.png
.png
$_47_/Skin/ǿ/shop_down.png
.png
$_47_/Skin/ǿ/shop_normal.png
.png
$_47_/Skin/ǿ/shop_over.png
.png
$_47_/Skin/ǿ/tab_head_sel_normal.png
.png
$_47_/Skin/ǿ/tingtingtop_down.png
.png
$_47_/Skin/ǿ/tingtingtop_normal.png
.png
$_47_/Skin/ǿ/tingtingtop_over.png
.png
$_47_/Skin/ǿ/web_button_down.png
.png
$_47_/Skin/ǿ/web_button_normal.png
.png
$_47_/Skin/ǿ/web_button_over.png
.png
$_47_/config.ini
Accelerator.dll
.dll windows:5 windows x86 arch:x86

3f2ced7d7b9c010c80ec0afab62fe1a1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10
Signer

Actual PE Digest

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

user32

LoadStringW
MessageBoxA
CharNextW
UnhookWindowsHookEx
SetWindowsHookExW
SendMessageW
MessageBoxW
LoadStringW
GetSystemMetrics
CharUpperBuffW
CharNextW
CallNextHookEx

kernel32

lstrcmpiA
LoadLibraryA
LocalFree
LocalAlloc
GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
IsValidLocale
GetSystemDefaultUILanguage
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
GetLastError
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
CloseHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WideCharToMultiByte
WaitForSingleObject
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
SignalObjectAndWait
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
QueryPerformanceCounter
MultiByteToWideChar
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentProcess
GetCPInfo
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateMutexW
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

winmm

timeGetTime

Exports

Exports

EnterPoint
GetSpeed
HookAccelerate
SetCallHandle
StartHook
StopHook
UnHookAccelerate

Sections

.text
Size: 222KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 748B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 211B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Basicsurvey.exe
.exe windows:5 windows x86 arch:x86

057688bdacc3d74557e2caf58750e2c6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e3:2f:f0:4b:bd:5d:e4:26:ce:4d:67:1e:cb:0a:d8:ff:f2:85:71:09
Signer

Actual PE Digest

e3:2f:f0:4b:bd:5d:e4:26:ce:4d:67:1e:cb:0a:d8:ff:f2:85:71:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\Basicsurvey.pdb

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
Sleep
GetCurrentProcessId
GetLocalTime
SystemTimeToFileTime
HeapAlloc
GetProcessHeap
HeapFree
GetTempPathW
CreateDirectoryW
WideCharToMultiByte
CreateEventW
SetEvent
CreateFileW
WriteFile
DeleteFileW
TerminateThread
LoadLibraryExW
MultiByteToWideChar
GetLastError
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
FlushInstructionCache
GetUserDefaultLCID
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
ReadFile
SetFilePointer
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetCurrentProcess
SetLastError
IsBadWritePtr
GetTickCount
FindResourceExW
LockResource
CloseHandle
TerminateProcess
WaitForSingleObject
OpenProcess
ReleaseMutex
CreateMutexW
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
SizeofResource
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineW
GetLocaleInfoA
GetModuleFileNameW
InterlockedDecrement
InitializeCriticalSectionAndSpinCount

user32

LoadStringW
UnregisterClassA
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
CharNextW
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
SetTimer
ShowWindow
UpdateWindow
GetWindowThreadProcessId
PostMessageW
BeginPaint
EndPaint
EnumWindows
PostQuitMessage
DefWindowProcW
SendMessageW
PeekMessageW
GetKeyState
IsChild
SetWindowPos
CallWindowProcW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetWindowLongW
SetWindowLongW
DestroyWindow
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetFocus
SetFocus
GetWindow
GetDlgItem
IsWindow
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateAcceleratorTableW
ClientToScreen
GetParent

gdi32

CreateCompatibleBitmap
GetObjectW
GetStockObject
CreateSolidBrush
CreateCompatibleDC
GetDeviceCaps
SelectObject
DeleteObject
BitBlt
DeleteDC

advapi32

RegDeleteValueW
CryptReleaseContext
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoInitialize
OleInitialize
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoUninitialize
OleUninitialize

oleaut32

SysAllocStringLen
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SysFreeString
VarUI4FromStr
SysAllocString
SysStringLen
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc

shlwapi

PathFileExistsW

iphlpapi

IcmpSendEcho
GetNetworkParams
IcmpCreateFile

ws2_32

WSASocketW
ntohl
ntohs
recvfrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
sendto
htons
WSAEventSelect
WSACreateEvent
socket
WSACleanup
inet_ntoa
WSAStartup
gethostbyname
inet_addr

winmm

timeGetTime

wininet

InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetCrackUrlW

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BoxDoctor.exe
.exe windows:5 windows x86 arch:x86

e964480215557682038c6e7af2b2b06b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

83:82:18:36:9f:83:08:24:92:7b:88:0a:8f:f8:d0:55:c8:7f:25:04
Signer

Actual PE Digest

83:82:18:36:9f:83:08:24:92:7b:88:0a:8f:f8:d0:55:c8:7f:25:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\37Work\pc_code\gamebox\gamebox\04代码\Bin\BoxDoctor.pdb

Imports

kernel32

FindResourceExW
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryW
WideCharToMultiByte
ResumeThread
GetCurrentProcessId
GetCommandLineW
SetLocalTime
GlobalAlloc
GlobalFree
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentProcess
CloseHandle
InterlockedDecrement
LockResource
Sleep
WaitForSingleObject
TerminateThread
GetTickCount
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
GetModuleFileNameW
InitializeCriticalSection
LoadLibraryExW
GetCurrentThreadId
SetEvent
InterlockedIncrement
MultiByteToWideChar
GetLastError
RaiseException
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
SizeofResource
lstrlenW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection

user32

EnableWindow
SetWindowRgn
PtInRect
SetCursor
RedrawWindow
CharNextW
DestroyWindow
LoadIconW
LoadCursorW
RegisterClassExW
CreateWindowExW
ShowWindow
UpdateWindow
ScreenToClient
EndPaint
BeginPaint
SetForegroundWindow
IsIconic
SetWindowPos
SystemParametersInfoW
SetFocus
SetWindowTextW
OffsetRect
GetClientRect
SendMessageW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
GetWindowLongW
SetWindowLongW
DefWindowProcW
PostQuitMessage
SetParent

gdi32

CreateRoundRectRgn
DeleteObject

advapi32

RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

VariantChangeType
VarUI4FromStr
SafeArrayPutElement
SafeArrayCreateVector
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msvcp90

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??_D?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr90

_CxxThrowException
_strrev
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
memset
??0exception@std@@QAE@XZ
__CxxFrameHandler3
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
free
malloc
memcpy_s
_recalloc
wcsncpy_s
wcsstr
memmove_s
sprintf
_beginthreadex
atol
_localtime64
_invalid_parameter_noinfo

iphlpapi

GetInterfaceInfo
GetNetworkParams

mprapi

MprConfigGetFriendlyName
MprConfigServerConnect

wininet

InternetCheckConnectionW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 874KB - Virtual size: 873KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MouseHook.dll
.dll windows:5 windows x86 arch:x86

2ec69b2244de641991caee6a5bdb9daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:81:dd:3a:18:b3:58:71:b0:e1:8e:07:30:a4:c9:d4:8e:08:2a:28
Signer

Actual PE Digest

1f:81:dd:3a:18:b3:58:71:b0:e1:8e:07:30:a4:c9:d4:8e:08:2a:28

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\MouseHook.pdb

Imports

kernel32

Sleep
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
TerminateProcess
InterlockedExchange

user32

GetSystemMetrics
SendInput
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetCursorPos
keybd_event
mouse_event

msvcp90

?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?close@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?close@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?open@?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXPB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
?getline@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_WH@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??_D?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?uncaught_exception@std@@YA_NXZ

msvcr90

??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
_invalid_parameter_noinfo
setlocale
wcstombs
mbstowcs
clock
_itoa_s
atoi
?what@exception@std@@UBEPBDXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
_CxxThrowException
__CxxFrameHandler3
memset

Exports

Exports

Consecutive
KmSimulate
StartHook
StopHook

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Service.ico
Socks.dll
.dll windows:5 windows x86 arch:x86

fdfcb45602dc273638950b32bd46d44e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e6:30:5f:b7:05:d0:61:f7:b3:5d:c2:50:ff:b1:c7:99:ca:c8:ef:ac
Signer

Actual PE Digest

e6:30:5f:b7:05:d0:61:f7:b3:5d:c2:50:ff:b1:c7:99:ca:c8:ef:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\Socks.pdb

Imports

kernel32

Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
GetCurrentThread
GetCurrentProcessId
InterlockedIncrement
InterlockedDecrement
CreateEventW
OutputDebugStringW
LoadLibraryW
SetLastError
GetProcAddress
WideCharToMultiByte
VirtualQuery
GetCurrentProcess
GetModuleHandleW
VirtualFree
SetThreadPriority
FlushInstructionCache
VirtualAlloc
OpenThread
GetSystemInfo
GetThreadPriority
VirtualProtect
GetCurrentThreadId
SuspendThread
ResumeThread
SetEvent
InitializeCriticalSection
GetTickCount
GetThreadContext
CreateFileA
GetLocaleInfoW
GetModuleHandleA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
HeapFree
HeapAlloc
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapCreate
HeapDestroy
HeapReAlloc
ExitProcess
WriteFile
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
SetFilePointer
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WaitForSingleObject

user32

PostMessageW

ws2_32

socket
gethostbyname
inet_ntoa
getsockopt
WSAGetLastError
htons
ntohs
WSASetLastError
__WSAFDIsSet
inet_addr

advapi32

CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

Exports

Exports

ClearProxyException
PingCurrentSocks5Proxy
PingSocks5Proxy
SetConnectToProxyErrorCallback
SetConnectionReportCallback
SetHttpErroReportCallback
SetProxyException
SetProxyStatus
SetSocks5Proxy
TestCurrentProxy

Sections

.text
Size: 589KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
clock.wav
gamebox.exe
.exe windows:5 windows x86 arch:x86

82faec54e1c7bf5aa6437276ff9b1187

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:ce:2a:0a:e0:16:f1:03:69:11:31:18:57:68:d7:84:89:63:09:89
Signer

Actual PE Digest

da:ce:2a:0a:e0:16:f1:03:69:11:31:18:57:68:d7:84:89:63:09:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\lander.pdb

Imports

kernel32

OpenFileMappingW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
GetSystemInfo
LocalAlloc
LocalFree
WriteFile
TerminateThread
ReadFile
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetStringTypeA
ReleaseMutex
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
ExitProcess
VirtualQuery
VirtualProtect
GetFileAttributesA
GetDateFormatA
GetTimeFormatA
IsDebuggerPresent
UnhandledExceptionFilter
GetSystemTimeAsFileTime
ExitThread
lstrlenA
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateMutexW
lstrcmpiW
LoadLibraryExW
SetUnhandledExceptionFilter
WriteProcessMemory
GetCurrentProcessId
CreateFileW
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
CreateDirectoryW
CreateProcessW
lstrcpyA
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MoveFileW
GetCommandLineW
CreateThread
GlobalFree
WinExec
GlobalAddAtomW
TerminateProcess
DeleteFileW
CopyFileW
GetLocalTime
Sleep
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
GetModuleFileNameW
IsBadWritePtr
InterlockedDecrement
InterlockedIncrement
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
GlobalMemoryStatusEx
Process32NextW
SetProcessWorkingSetSize
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
OutputDebugStringW
ResumeThread
GetTickCount
WaitForSingleObject
CloseHandle
SetEvent
EnterCriticalSection
CreateEventW
InterlockedExchange
LeaveCriticalSection
IsValidLocale

user32

UpdateWindow
SetCapture
ReleaseCapture
SetFocus
SetWindowPos
GetWindowPlacement
GetSystemMetrics
SetWindowPlacement
EnableWindow
SetWindowRgn
PostQuitMessage
LoadStringW
GetWindowLongW
TranslateMessage
GetMessageW
PeekMessageW
ExitWindowsEx
EqualRect
GetAncestor
SetParent
SetCursor
LoadImageW
DrawTextW
GetAsyncKeyState
SetWindowLongW
SendMessageW
DefWindowProcW
ShowWindow
SetTimer
KillTimer
DispatchMessageW
GetDC
GetForegroundWindow
IsIconic
SystemParametersInfoW
GetWindowRect
UnregisterHotKey
RegisterHotKey
EnumDisplaySettingsW
MessageBoxW
IsChild
GetParent
PostMessageW
GetKeyState
PtInRect
IsWindow
UpdateLayeredWindow
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
MoveWindow
ScreenToClient
TrackPopupMenu
GetCursorPos
DestroyMenu
ClientToScreen
CreateAcceleratorTableW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RedrawWindow
UnregisterClassA
OffsetRect
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
GetFocus
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetLayeredWindowAttributes
CopyRect
InflateRect
SetRect
UnionRect
IsWindowVisible
LoadIconW
SetForegroundWindow
LoadMenuW
GetSubMenu
RemoveMenu

gdi32

GetStockObject
GetDeviceCaps
RestoreDC
CreateCompatibleBitmap
SaveDC
GetObjectW
GetPixel
CreateSolidBrush
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
CreateFontW
SetBkColor
ExtTextOutW
CreateRoundRectRgn
GetDIBColorTable
SetDIBColorTable
SetBkMode
SetTextColor
StretchBlt
SelectObject

advapi32

OpenProcessToken
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
IsTextUnicode
GetUserNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
LookupAccountSidW
GetTokenInformation
RegOpenKeyExW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize

oleaut32

VariantChangeType
SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VarUI4FromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
OleCreateFontIndirect
DispCallFunc
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString

socks

SetConnectToProxyErrorCallback
SetProxyStatus
PingSocks5Proxy
SetConnectionReportCallback
SetHttpErroReportCallback
SetSocks5Proxy

shlwapi

StrCpyW
StrToIntW
StrCmpW
PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdipBitmapUnlockBits

iphlpapi

GetNetworkParams
GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

dbghelp

MiniDumpWriteDump

sensapi

IsNetworkAlive

wininet

HttpAddRequestHeadersW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache
InternetGetConnectedState
InternetGetCookieExW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW

winmm

PlaySoundW
waveOutOpen
waveOutSetVolume
waveOutClose
waveOutGetVolume

ws2_32

gethostbyname
inet_addr
WSACleanup
WSAStartup
htons
shutdown
connect
socket
inet_ntoa

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 366KB - Virtual size: 366KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 301KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lander.ico
tabGame.exe
.exe windows:5 windows x86 arch:x86

f565af5b47d4819f66ff2b6236ef56a8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:14:ee:9d:5b:63:17:8c:ca:73:45:12:55:8f:60:9f:f1:c3:cd:70
Signer

Actual PE Digest

da:14:ee:9d:5b:63:17:8c:ca:73:45:12:55:8f:60:9f:f1:c3:cd:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\tabGame.pdb

Imports

kernel32

FindResourceW
FindResourceExW
OutputDebugStringW
CreateFileW
WriteProcessMemory
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
InterlockedExchange
WriteFile
Sleep
TerminateThread
GetTickCount
ReadFile
GetVersionExW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetModuleHandleW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
LoadResource
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
VirtualProtect
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemTimeAsFileTime
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
LockResource
SizeofResource
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetTempPathW
DeleteFileW
GetCommandLineW
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
lstrcpyA
CloseHandle
SetEvent
CreateEventW
GetCurrentProcessId
WaitForSingleObject
IsBadWritePtr
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
GetModuleFileNameW
DeleteCriticalSection
GetLocaleInfoA

user32

SendMessageW
SetCursor
SetWindowPos
UnregisterClassA
SetWindowLongW
GetWindowLongW
IsWindow
SetFocus
DestroyWindow
SetTimer
PostMessageW
PostQuitMessage
KillTimer
DefWindowProcW
ShowWindow
UpdateWindow
GetKeyState
GetAncestor
GetFocus
SetForegroundWindow
SetParent
GetClientRect
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
SetWindowRgn
IsIconic
SystemParametersInfoW
InflateRect
DrawTextW
OffsetRect
RegisterWindowMessageW
PtInRect
LoadIconW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
IsChild

gdi32

GetDIBColorTable
CreateFontW
SetBkColor
CreateRoundRectRgn
RestoreDC
SetTextColor
SetBkMode
SaveDC
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom

shell32

SHGetSpecialFolderPathW

ole32

OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject

oleaut32

SafeArrayAccessData
VarUI4FromStr
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayGetUBound

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth

dbghelp

MiniDumpWriteDump

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

winmm

waveOutSetVolume
waveOutClose
waveOutGetVolume
waveOutOpen

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tabGame_cef.exe
.exe windows:5 windows x86 arch:x86

0e730887710d59d256191ecb6fb46e51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1c:eb:f7:42:ae:27:d5:cb:37:d4:c1:69:a7:8c:49:b2:18:9e:da:92
Signer

Actual PE Digest

1c:eb:f7:42:ae:27:d5:cb:37:d4:c1:69:a7:8c:49:b2:18:9e:da:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\tabGame_cef.pdb

Imports

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoCreateGuid
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoUninitialize

oleaut32

SafeArrayUnaccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
VarUI4FromStr
SysAllocStringLen
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SafeArrayPutElement
SafeArrayCreate
VariantClear
VariantInit
SysFreeString
SysStringLen
SysAllocString
DispCallFunc

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA

libcef

cef_cookie_manager_get_global_manager
cef_string_multimap_free
cef_string_multimap_alloc
cef_request_create
cef_post_data_create
cef_post_data_element_create
cef_process_message_create
cef_v8context_get_current_context
cef_string_list_append
cef_string_map_append
cef_string_multimap_append
cef_string_map_value
cef_string_map_key
cef_string_map_size
cef_string_multimap_value
cef_string_multimap_key
cef_string_multimap_size
cef_string_list_value
cef_string_list_size
cef_v8value_create_bool
cef_v8value_create_int
cef_v8value_create_string
cef_v8value_create_function
cef_string_list_copy
cef_string_map_alloc
cef_string_map_free
cef_string_userfree_utf16_free
cef_browser_host_create_browser
cef_string_list_alloc
cef_command_line_create
cef_register_extension
cef_post_task
cef_parse_csscolor
cef_base64encode
cef_get_mime_type
cef_string_utf16_cmp
cef_get_current_platform_thread_id
cef_time_to_timet
cef_string_list_free
cef_string_ascii_to_utf16
cef_string_utf16_set
cef_string_utf16_to_utf8
cef_string_utf8_clear
cef_string_utf16_clear
cef_string_utf8_to_utf16
cef_initialize
cef_execute_process
cef_currently_on
cef_quit_message_loop
cef_run_message_loop
cef_shutdown
cef_command_line_get_global
cef_api_hash

comctl32

_TrackMouseEvent

shlwapi

PathFileExistsW

kernel32

GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
GetFullPathNameA
GetDriveTypeA
VirtualQuery
GetFileType
GetStartupInfoA
VirtualProtect
DeleteFileA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrlenW
InterlockedIncrement
InterlockedDecrement
IsBadWritePtr
WaitForSingleObject
GetCurrentProcessId
CreateEventW
SetEvent
CloseHandle
lstrcpyA
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetLastError
GetCurrentThreadId
RaiseException
SetLastError
GetCurrentProcess
FlushInstructionCache
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
lstrcmpW
MultiByteToWideChar
GetCommandLineW
DeleteFileW
OpenFileMappingW
CreateFileMappingW
GetConsoleCP
UnmapViewOfFile
GetTempPathW
CreateDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
WideCharToMultiByte
GetStdHandle
FindClose
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateFileW
WriteProcessMemory
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
InterlockedExchange
WriteFile
Sleep
TerminateThread
GetTickCount
ReadFile
GetVersionExW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileA
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemTimeAsFileTime
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetConsoleMode
SetFilePointer
FlushFileBuffers
FindFirstFileW
ExitProcess
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetCurrentDirectoryA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
CreateFileA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
MapViewOfFile

user32

GetDlgItem
GetClassNameW
GetSysColor
CharNextW
RedrawWindow
GetClassInfoExW
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
GetParent
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
UnregisterClassA
RegisterWindowMessageW
LoadStringW
TranslateAcceleratorW
GetWindow
LoadAcceleratorsW
MessageBoxW
EnableWindow
SetWindowRgn
IsIconic
SystemParametersInfoW
InflateRect
DrawTextW
OffsetRect
SetCursor
FillRect
InvalidateRgn
InvalidateRect
GetDC
ReleaseDC
GetDesktopWindow
PtInRect
LoadIconW
EndPaint
IsDialogMessageW
IsChild
SendMessageW
SetWindowPos
SetWindowLongW
GetWindowLongW
IsWindow
SetFocus
DestroyWindow
SetTimer
PostMessageW
PostQuitMessage
KillTimer
DefWindowProcW
GetClientRect
DestroyAcceleratorTable
LoadCursorW
PeekMessageW
GetMessageW
TranslateMessage
BeginPaint
RegisterClassExW
CallWindowProcW
SetParent
ShowWindow
UpdateWindow
GetKeyState
GetAncestor
GetFocus
SetForegroundWindow
DispatchMessageW

gdi32

CreateFontW
SetBkColor
CreateRoundRectRgn
RestoreDC
DeleteDC
SetBkMode
SaveDC
SetDIBColorTable
GetDIBColorTable
CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC
SetTextColor

msimg32

AlphaBlend
TransparentBlt

gdiplus

GdipBitmapUnlockBits
GdiplusShutdown
GdiplusStartup
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageI
GdipDeleteGraphics
GdipFree
GdipAlloc
GdipGetImageGraphicsContext
GdipDisposeImage

easyhook32

_LhWaitForPendingRemovals@0
_LhUninstallHook@4
_LhInstallHook@16
_LhSetExclusiveACL@12
_LhUninstallAllHooks@0

dbghelp

MiniDumpWriteDump

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetOpenW
InternetConnectW
InternetCloseHandle
InternetReadFile
InternetGetConnectedState
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW

winmm

waveOutSetVolume
waveOutClose
waveOutOpen
waveOutGetVolume

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 989KB - Virtual size: 989KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tabGame_ie.exe
.exe windows:5 windows x86 arch:x86

f565af5b47d4819f66ff2b6236ef56a8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

da:14:ee:9d:5b:63:17:8c:ca:73:45:12:55:8f:60:9f:f1:c3:cd:70
Signer

Actual PE Digest

da:14:ee:9d:5b:63:17:8c:ca:73:45:12:55:8f:60:9f:f1:c3:cd:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\37Work\pc_code\gamebox\gamebox\04代码\bin\tabGame.pdb

Imports

kernel32

FindResourceW
FindResourceExW
OutputDebugStringW
CreateFileW
WriteProcessMemory
SetUnhandledExceptionFilter
lstrcmpiW
LoadLibraryExW
InterlockedExchange
WriteFile
Sleep
TerminateThread
GetTickCount
ReadFile
GetVersionExW
GetProcessAffinityMask
SetProcessAffinityMask
SetPriorityClass
DeviceIoControl
GetSystemInfo
FreeLibrary
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetModuleHandleW
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
GetDateFormatA
GetTimeFormatA
FlushFileBuffers
LoadResource
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
VirtualQuery
VirtualProtect
GetTimeZoneInformation
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
GetSystemTimeAsFileTime
lstrlenA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
LockResource
SizeofResource
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateDirectoryW
GetTempPathW
DeleteFileW
GetCommandLineW
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FlushInstructionCache
GetCurrentProcess
SetLastError
RaiseException
GetCurrentThreadId
GetLastError
lstrcpyA
CloseHandle
SetEvent
CreateEventW
GetCurrentProcessId
WaitForSingleObject
IsBadWritePtr
InterlockedDecrement
InitializeCriticalSection
InterlockedIncrement
lstrlenW
LeaveCriticalSection
EnterCriticalSection
InterlockedCompareExchange
QueryPerformanceFrequency
QueryPerformanceCounter
SetFilePointer
GetModuleFileNameW
DeleteCriticalSection
GetLocaleInfoA

user32

SendMessageW
SetCursor
SetWindowPos
UnregisterClassA
SetWindowLongW
GetWindowLongW
IsWindow
SetFocus
DestroyWindow
SetTimer
PostMessageW
PostQuitMessage
KillTimer
DefWindowProcW
ShowWindow
UpdateWindow
GetKeyState
GetAncestor
GetFocus
SetForegroundWindow
SetParent
GetClientRect
CallWindowProcW
RegisterClassExW
LoadCursorW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
GetClassInfoExW
RedrawWindow
CharNextW
GetSysColor
GetClassNameW
GetDlgItem
GetWindow
EndPaint
BeginPaint
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
EnableWindow
SetWindowRgn
IsIconic
SystemParametersInfoW
InflateRect
DrawTextW
OffsetRect
RegisterWindowMessageW
PtInRect
LoadIconW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
IsChild

gdi32

GetDIBColorTable
CreateFontW
SetBkColor
CreateRoundRectRgn
RestoreDC
SetTextColor
SetBkMode
SaveDC
SetDIBColorTable
DeleteDC
CreateDIBSection
CreateSolidBrush
CreateCompatibleBitmap
GetStockObject
GetDeviceCaps
GetObjectW
SelectObject
DeleteObject
BitBlt
CreateCompatibleDC

advapi32

CryptReleaseContext
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptAcquireContextA
CryptGenRandom

shell32

SHGetSpecialFolderPathW

ole32

OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoCreateGuid
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject

oleaut32

SafeArrayAccessData
VarUI4FromStr
SafeArrayGetLBound
SafeArrayUnaccessData
SysAllocString
SysStringLen
SysFreeString
VariantInit
VariantClear
SafeArrayCreate
SafeArrayPutElement
LoadRegTypeLi
LoadTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen
SafeArrayGetUBound

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt
AlphaBlend

gdiplus

GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth

dbghelp

MiniDumpWriteDump

wininet

InternetGetConnectedState
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

winmm

waveOutSetVolume
waveOutClose
waveOutGetVolume
waveOutOpen

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

b76363e9cb88bf9390860da8e50999d2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/04/2019, 00:00

Not After

03/05/2021, 23:59

Subject

CN=上海硬通网络科技有限公司,OU=IT DEPT,O=上海硬通网络科技有限公司,L=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:75:c4:e7:43:ff:89:02:97:78:e8:73:2f:e1:6f:b2:ac:fc:38:c3
Signer

Actual PE Digest

90:75:c4:e7:43:ff:89:02:97:78:e8:73:2f:e1:6f:b2:ac:fc:38:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
SetFileAttributesA
CompareFileTime
SearchPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
GetTempPathA
Sleep
lstrcmpiA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrcatA
GetSystemDirectoryA
WaitForSingleObject
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
lstrlenA
GetCommandLineA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
MultiByteToWideChar
LoadLibraryExA
GetModuleHandleA
FreeLibrary

user32

SetCursor
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
EndDialog
ScreenToClient
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
GetWindowLongA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
SetTimer
PostQuitMessage
SetWindowLongA
SendMessageTimeoutA
LoadImageA
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
CreateDialogParamA
DestroyWindow
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA
ShellExecuteA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_AddMasked
ImageList_Destroy
ImageList_Create
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 293KB - Virtual size: 293KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinBtn.dll
.dll windows:4 windows x86 arch:x86

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpynA
GetModuleHandleA
GlobalFree

user32

InvalidateRect
GetParent
SetWindowLongA
CallWindowProcA
GetPropA
SendMessageA
DrawTextA
DrawStateA
LoadImageA
RemovePropA
GetWindowLongA
SetPropA

gdi32

GetObjectA
CreateCompatibleDC
DeleteObject
SelectObject
DeleteDC
SetBkMode

msimg32

TransparentBlt

comctl32

_TrackMouseEvent

Exports

Exports

Init
Set
onClick

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 947B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinProgress.dll
.dll windows:4 windows x86 arch:x86

df38729be926f91d3390389029adf53b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalAlloc
GlobalFree
GetModuleHandleA

user32

GetWindowRect
BeginPaint
GetWindowDC
CallWindowProcA
ReleaseDC
EndPaint
GetWindowLongA
GetPropA
SetPropA
SetWindowLongA
RemovePropA
LoadImageA
SendMessageA

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC
GetObjectA
DeleteObject

Exports

Exports

Set

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 797B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 254B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WndProc.dll
.dll windows:4 windows x86 arch:x86

b3f659d7637a91b4fec12ff9b930080d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyA
GlobalAlloc

user32

CallWindowProcA
SetWindowLongA
GetPropA
SetPropA
wsprintfA

Exports

Exports

onCallback

Sections

.text
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/btn_cancel.bmp
$PLUGINSDIR/btn_close.bmp
$PLUGINSDIR/btn_keepon.bmp
$PLUGINSDIR/btn_ok.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/loading1.bmp
$PLUGINSDIR/loading2.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

f03b2bab186574d8892d3d73fa9fd3fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
lstrcpyA
GetCurrentDirectoryA
HeapFree
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
GetProcessHeap

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
MapWindowPoints
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
RemovePropA
DrawFocusRect
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/unbg.bmp
$PLUGINSDIR/uninstall1.bmp
$PLUGINSDIR/uninstall2.bmp
$PLUGINSDIR/uninstall3.bmp

Sharing

General

Malware Config

Signatures

Files

b1a57b635b23ffd553b3fd1e0960b2bd

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 104KB

.rsrc Size: 293KB - Virtual size: 293KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

baf2d405231cd43dae48df474a521d01

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

msimg32

comctl32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 947B

.data Size: - Virtual size: 24B

.reloc Size: 512B - Virtual size: 284B

ea9b3ea5cd9e2014ad3724e31f62cf5e

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

version

kernel32

user32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 11KB - Virtual size: 10KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 104KB

.rsrc
Size: 293KB - Virtual size: 293KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 947B

.data
Size: - Virtual size: 24B

.reloc
Size: 512B - Virtual size: 284B

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 904B

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 510B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

5d:6d:af:f0:11:b2:47:7d:02:1d:95:b1:8a:99:9a:93:e8:65:0f:10
Signer

.text
Size: 222KB - Virtual size: 222KB

.itext
Size: 1024B - Virtual size: 748B

.data
Size: 5KB - Virtual size: 4KB

.bss
Size: - Virtual size: 19KB

.idata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 211B

.reloc
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 45KB - Virtual size: 45KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0c:51:9d:ba:3e:e2:05:ca:75:d5:0f:3c:b9:75:4a:c8
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

e3:2f:f0:4b:bd:5d:e4:26:ce:4d:67:1e:cb:0a:d8:ff:f2:85:71:09
Signer