83650332d81cfb178995141718d21241_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83650332d81cfb178995141718d21241_JaffaCakes118
Size

705KB
MD5

83650332d81cfb178995141718d21241
SHA1

3a17ec1479bbf19183df24c580d3dfeaee859a3d
SHA256

728d2069007bce048b949151a3821ac7f1b910af37ea83c731a762ab5d204f2a
SHA512

04aa9af5f2db3d4e170b93384996b7b725db94629650d798e999dbf2cbd20c786faafc28caa75fc16ee869c8bd4d18219403add26a7259e09c4e52d4d28590cf
SSDEEP

12288:W1HTBws6vFhIEYJOumaIb2AFIfDa1O+nx47CTUXm:WPuLIODrb5If21O+x4wU2

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

Files

83650332d81cfb178995141718d21241_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee90b300161ad563b7387f4d64789dc2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:34:a4:80:0a:26:1e:33:83:34:33:25:c0:71:0f:5e:c7:44:74:5b
Signer

Actual PE Digest

e4:34:a4:80:0a:26:1e:33:83:34:33:25:c0:71:0f:5e:c7:44:74:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
CloseHandle
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
GlobalHandle
GlobalReAlloc
GetSystemDefaultLCID
GetVolumeInformationA
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameA
lstrcatA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GlobalUnlock
MulDiv

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
SetWindowLongW

gdi32

CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
SelectObject
CreateFontIndirectW
SetBkMode
SetTextColor

shell32

SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegDeleteValueW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA

wininet

InternetReadFile
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA

shlwapi

PathFindFileNameA
StrStrIA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 2.2MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KuWoNsis_new.dll
.dll windows:5 windows x86 arch:x86

fd3a14f85d6fa3f425c6ad31b3dfc012

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:98:70:9f:66:6d:d6:54:dc:ac:01:d7:9f:62:53:38:fe:a4:83:41
Signer

Actual PE Digest

f0:98:70:9f:66:6d:d6:54:dc:ac:01:d7:9f:62:53:38:fe:a4:83:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\正式打包勿动_项目\MusicBox-Dev\KwResource\install_plugin_src\KuWoNsis_new\KuWoNsis\Release\KuWoNsis_new.pdb

Imports

kernel32

FindClose
lstrcpynW
lstrcpyW
LoadLibraryW
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
MoveFileExW
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
OpenProcess
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
CreateThread
GetExitCodeThread
WaitForSingleObject
WaitForMultipleObjects
CreateProcessW
GetVersionExW
CreateToolhelp32Snapshot
GetLastError
Process32NextW
ReleaseMutex
SetFileTime
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
CreateMutexW
OutputDebugStringW
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
MoveFileW
GetUserDefaultUILanguage
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
SetFilePointer
CreateFileA
SetEndOfFile
WriteConsoleW
SetStdHandle
LoadLibraryExW
LocalFree
GlobalFree
GlobalAlloc
CreateFileW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
CloseHandle
DeviceIoControl
Process32FirstW
GetLogicalDrives
HeapReAlloc
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetModuleFileNameA
ReadConsoleW
SetFilePointerEx
GetFileType
GetStdHandle
GetConsoleMode
GetConsoleCP
GetProcessHeap
GetOEMCP
GetACP
IsValidCodePage
HeapSize
AreFileApisANSI
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetProcAddress
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
RtlUnwind
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
GetCurrentThreadId
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW

user32

RegisterWindowMessageW
SendMessageTimeoutW
FindWindowW
wsprintfA
LoadStringW
GetWindowThreadProcessId

advapi32

SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
FreeSid
AllocateAndInitializeSid
BuildExplicitAccessWithNameW

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
SysFreeString

shlwapi

PathRemoveBackslashW
PathIsDirectoryEmptyW
PathFindFileNameW
PathRemoveBlanksW
StrCmpIW
StrStrIW
ord176
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
PathFileExistsA
PathRemoveBackslashA
PathAddBackslashW

psapi

GetModuleFileNameExW

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AddDirAccessRights
AddRegAccessRights
Base64D
ClearDirAttrReadOnlyAndHidden
ClearInstDir
CloseMusicBox
CopyLocalPlayList
CreateCachePath
Decode64
DecodePath
Decryptx
DelDirByShell
DeleteOldSetupPath
EnsureOneInstance
FinalFreeLibrary
ForTestDll
GetFileName
GetInstallDate
GetTodayTime
GetUserMac
GetUserUID
IsDirEmpty
IsDirEmptyExcept
IsEngOrTwSystem
IsHasOtherProgramfiles
IsNewFileByVersion
IsReadOnlyOrHiddenFile
IsSubFoler
IsUnderXPSP2
KwCopyDir
KwKillProc
KwKillProcEx
KwKillProcsByDir
KwMoveFile
ModP2PCachePath
ModifyCacheFileAsNow
PinToTaskBar
ReadIniStr
RenameDeletePathAllFiles
RenameeleteFile
SendLog
SetFileAttrNormal
SetInstInfo
SetUserUID
UnPinFromTaskBar
UpdateHotKeyConfig
WriteIniSection
WriteIniStr
XORBase64
XORBase64D

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KwMusicNsis.dll
.dll windows:5 windows x86 arch:x86

b1260e2156427fb490b84e7b85d11ab5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

90:95:4a:0a:47:8c:f2:2c:9b:54:8d:bb:86:c0:a5:d7:28:e3:16:2f
Signer

Actual PE Digest

90:95:4a:0a:47:8c:f2:2c:9b:54:8d:bb:86:c0:a5:d7:28:e3:16:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

n:\正式打包勿动_项目\MusicBox_AB_DEV_16-06-07_Q2.1\KwResource\install_plugin_src\KwMusicNsis\KuWoNsis\Release\KwMusicNsis.pdb

Imports

kernel32

WriteFile
lstrlenW
GetTempFileNameW
GetTempPathW
lstrcmpW
GetModuleHandleW
WideCharToMultiByte
OutputDebugStringW
GetTickCount
FlushInstructionCache
GetCurrentProcess
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetConsoleMode
GetConsoleCP
MultiByteToWideChar
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
lstrcpynW
lstrcpyW
GlobalFree
CopyFileW
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
CreateFileW
InterlockedCompareExchange
CloseHandle
IsProcessorFeaturePresent
LoadLibraryW
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
VirtualAlloc
VirtualFree
WaitForSingleObject
GetExitCodeProcess
GetACP
ExitProcess
Sleep
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
CreateThread
GetCurrentThreadId
ExitThread
GetStartupInfoW
CreateProcessW
GetLastError
SetLastError
TerminateProcess
SetFilePointer

user32

IsWindow
SetWindowLongW
GetWindowLongW
GetDlgCtrlID
MapWindowPoints
GetParent
BringWindowToTop
UpdateWindow
InvalidateRgn
SystemParametersInfoW
MoveWindow
GetClientRect
InvalidateRect
SendMessageW
EndPaint
BeginPaint
GetDC
GetDlgItem
PtInRect
ShowWindow
SetWindowRgn
EnableWindow
IsWindowEnabled
SetWindowTextW
CreateWindowExW
SetRect
DialogBoxParamW
PostMessageW
EndDialog
GetWindowTextW
DrawTextW
GetWindowRect
CallWindowProcW
GetCursorPos
ScreenToClient
IsWindowVisible
UpdateLayeredWindow
ReleaseDC
InflateRect
DefWindowProcW
SetCursor
LoadCursorW
GetKeyState
GetDesktopWindow
FillRect
SetFocus
SetWindowPos
SetTimer
KillTimer

gdi32

RoundRect
CreateSolidBrush
CombineRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreatePen
MoveToEx
LineTo
GetStockObject
GetObjectW
CreateFontIndirectW
OffsetWindowOrgEx
SetWindowOrgEx
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkMode
SetTextColor
BitBlt
DeleteDC
DeleteObject

shell32

ShellExecuteW

ole32

CreateStreamOnHGlobal

gdiplus

GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawImageRectI
GdipDisposeImage
GdipSetTextRenderingHint
GdipGetImageWidth
GdipGetImageHeight
GdiplusStartup
GdipDeleteBrush
GdipDeleteGraphics
GdipCreateFromHDC
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipCloneBrush
GdipCloneImage
GdiplusShutdown
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipSetImageAttributesWrapMode
GdipDrawImageRectRect
GdipCreateSolidFill

shlwapi

PathIsURLW
PathFileExistsW

comctl32

ImageList_Destroy
ImageList_LoadImageW
ImageList_Draw
ImageList_GetImageCount
ImageList_GetImageInfo

wininet

InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle

Exports

Exports

EnCodePostValue
FinalFreeLibrary
GotoUninstConfirm
Initialize
IsClickCustomBtn
IsClickReInstll
IsRepairSucceed
IsSkipInstDirPage
IsStartupNow
IsUpgradeSuccess
JmpToNewPage
MoveBtn
Release
SetBtnEnable
SetCompVisible
SetFeedBackEdit
SetFeedBackEdit2Font
SetFeedBackPhoneEdit
SetForceShowWelcomeBk
SetLicenseFile
SetNoneBindItems
SetStaticFont
StartRepair
StartUpgrade
TrimString

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISArray.dll
.dll windows:5 windows x86 arch:x86

812688d08c0d4a81ed86daeebcf15c55

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:37:b8:2e:c2:8e:fe:17:cc:5e:7d:ec:66:05:3b:fe:10:ce:28:9f
Signer

Actual PE Digest

00:37:b8:2e:c2:8e:fe:17:cc:5e:7d:ec:66:05:3b:fe:10:ce:28:9f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GlobalFree
GlobalAlloc
lstrcmpW
lstrcatW
lstrcpyW
lstrcpynW

user32

wsprintfW
CharLowerW
MessageBoxW
SendMessageW
GetDlgItem
FindWindowExW
EnableWindow
SetWindowTextW
EndDialog
RedrawWindow
DialogBoxParamW

Exports

Exports

ArrayCount
ArrayExists
Clear
Concat
Copy
Cut
Debug
Delete
ErrorStyle
Exists
ExistsI
FreeUnusedMem
Join
New
Pop
Push
Put
ReDim
Read
ReadToStack
Reverse
Search
SearchI
SetAutoReDim
SetSize
Shift
SizeOf
Sort
Splice
Subtract
Swap
Unshift
Write
WriteList
WriteListC

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6
Signer

Actual PE Digest

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:6 windows x86 arch:x86

3907333ed0258fd761f45695b76b5c4e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bc:46:19:6f:15:8c:90:62:79:38:a2:78:8a:34:79:02:25:aa:6c:6e
Signer

Actual PE Digest

bc:46:19:6f:15:8c:90:62:79:38:a2:78:8a:34:79:02:25:aa:6c:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\正式打包勿动_项目\ChenShan_15_12_JenkinsAB\KwResource\install_plugin_src\Inetc\Plugins\inetc.pdb

Imports

wininet

HttpEndRequestW
HttpQueryInfoW
InternetErrorDlg
HttpSendRequestExW
HttpSendRequestW
HttpAddRequestHeadersW
HttpAddRequestHeadersA
HttpOpenRequestW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetConnectW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW

comctl32

ord17

kernel32

TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetLastError
GetStartupInfoW
IsProcessorFeaturePresent
IsDebuggerPresent
VirtualQuery
RtlUnwind
GlobalFree
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
DeleteFileW
GetProcAddress
LocalAlloc
LocalFree
VirtualProtect
GetCurrentProcess
SetUnhandledExceptionFilter
CreateThread
TerminateThread
GetLastError
WriteProcessMemory
WaitForSingleObject
GetFileSize
WriteFile
ReadFile
SetFilePointer
CloseHandle
MulDiv
GetTickCount
lstrcmpW
lstrcmpiW
lstrcpynW
lstrcpyW
lstrcatW
lstrlenA
lstrlenW
SleepEx
LoadLibraryA
LoadLibraryW
GetModuleHandleW
OutputDebugStringW
CreateFileA
CreateFileW
CreateSemaphoreW

user32

GetWindowTextW
SystemParametersInfoW
IsDialogMessageW
LoadIconW
FindWindowExW
wsprintfA
wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostMessageW
IsWindow
DestroyWindow
ShowWindow
SetWindowPos
IsWindowVisible
CreateDialogParamW
GetDlgItem
SetDlgItemTextW
SendDlgItemMessageW
SetTimer
KillTimer
EnableWindow
UpdateWindow
RedrawWindow
SetWindowTextW
GetParent
GetClientRect
GetWindowRect
MessageBoxW
GetWindowLongW
SetWindowLongW

Exports

Exports

FinalFreeLibrary
get
head
post
put

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

25a5640a89eb79c57f60a91d10524b18

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
lstrcpyW
GetFileAttributesW
lstrcmpiW
GlobalAlloc
MulDiv
lstrlenW
SetCurrentDirectoryW
GetProcessHeap
HeapAlloc
HeapReAlloc
lstrcpynW
HeapFree
GlobalFree

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetClientRect
DrawFocusRect
GetWindowLongW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharPrevW
MapDialogRect
CharNextW
SendMessageW
RemovePropW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/kwuninsthelper.exe
.exe windows:4 windows x86 arch:x86

ee90b300161ad563b7387f4d64789dc2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04/11/2013, 00:00

Not After

02/01/2017, 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=KUWO MUSIC,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:89:a3:e8:09:fd:53:12:ff:a7:95:5a:2d:3f:3b:43:27:86:4b:44
Signer

Actual PE Digest

7e:89:a3:e8:09:fd:53:12:ff:a7:95:5a:2d:3f:3b:43:27:86:4b:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
CloseHandle
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
GlobalHandle
GlobalReAlloc
GetSystemDefaultLCID
GetVolumeInformationA
QueryPerformanceFrequency
GlobalMemoryStatusEx
GetSystemInfo
GetModuleFileNameA
lstrcatA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GlobalUnlock
MulDiv

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
ScreenToClient
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
SetWindowLongW

gdi32

CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor
SelectObject
CreateFontIndirectW
SetBkMode
SetTextColor

shell32

SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetSpecialFolderLocation
ShellExecuteW

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyW
RegOpenKeyExW
RegDeleteValueW

comctl32

ImageList_Destroy
ImageList_AddMasked
ImageList_Create
ord17

ole32

OleUninitialize
CoCreateInstance
CoTaskMemFree
OleInitialize

version

GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoA

wininet

InternetReadFile
InternetConnectA
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpQueryInfoA
HttpSendRequestA
InternetSetOptionA

shlwapi

PathFindFileNameA
StrStrIA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee90b300161ad563b7387f4d64789dc2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

e4:34:a4:80:0a:26:1e:33:83:34:33:25:c0:71:0f:5e:c7:44:74:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

wininet

shlwapi

iphlpapi

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 2.2MB

.rsrc Size: 234KB - Virtual size: 234KB

fd3a14f85d6fa3f425c6ad31b3dfc012

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

f0:98:70:9f:66:6d:d6:54:dc:ac:01:d7:9f:62:53:38:fe:a4:83:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

psapi

version

Exports

Exports

Sections

.text Size: 213KB - Virtual size: 212KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 9KB - Virtual size: 9KB

b1260e2156427fb490b84e7b85d11ab5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

e4:34:a4:80:0a:26:1e:33:83:34:33:25:c0:71:0f:5e:c7:44:74:5b
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 2.2MB

.rsrc
Size: 234KB - Virtual size: 234KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

f0:98:70:9f:66:6d:d6:54:dc:ac:01:d7:9f:62:53:38:fe:a4:83:41
Signer

.text
Size: 213KB - Virtual size: 212KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 9KB - Virtual size: 9KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

90:95:4a:0a:47:8c:f2:2c:9b:54:8d:bb:86:c0:a5:d7:28:e3:16:2f
Signer

.text
Size: 153KB - Virtual size: 153KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 234KB - Virtual size: 234KB

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

50:da:15:04:90:9f:72:73:48:6d:47:ac:0a:b7:46:75
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

00:37:b8:2e:c2:8e:fe:17:cc:5e:7d:ec:66:05:3b:fe:10:ce:28:9f
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: - Virtual size: 744B

.rsrc
Size: 512B - Virtual size: 432B

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate