8a8322becd5a1eee98a776a6aa573f03_JaffaCakes118

resource	yara_rule
static1/unpack001/tssafeedit.dat	acprotect

resource	yara_rule
static1/unpack001/tssafeedit.dat	upx

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/QQMusicAddin/atl80.dll
unpack003/$PLUGINSDIR/InstallHelper.dll
unpack003/$PLUGINSDIR/System.dll
unpack001/atl80.dll
unpack004/out.upx

.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4f:7a:2a:bf:54:92:1f:46:ef:83:e3:21:cf:e2:b4:a4:5a:f9:8c:8c
Signer

Actual PE Digest

4f:7a:2a:bf:54:92:1f:46:ef:83:e3:21:cf:e2:b4:a4:5a:f9:8c:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime

CompareFileTime

SearchPathW

GetShortPathNameW

GetFullPathNameW

MoveFileW

SetCurrentDirectoryW

GetFileAttributesW

GetLastError

CreateDirectoryW

SetFileAttributesW

Sleep

GetTickCount

CreateFileW

GetFileSize

GetModuleFileNameW

GetCurrentProcess

CopyFileW

ExitProcess

GetWindowsDirectoryW

GetTempPathW

GetCommandLineW

SetErrorMode

CloseHandle

lstrlenW

lstrcpynW

GetDiskFreeSpaceW

GlobalUnlock

GlobalLock

CreateThread

LoadLibraryW

CreateProcessW

lstrcmpiA

GetTempFileNameW

lstrcatW

GetProcAddress

LoadLibraryA

GetModuleHandleA

OpenProcess

lstrcpyW

GetVersionExW

GetSystemDirectoryW

GetVersion

lstrcpyA

RemoveDirectoryW

lstrcmpA

lstrcmpiW

lstrcmpW

ExpandEnvironmentStringsW

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

GlobalFree

GetModuleHandleW

LoadLibraryExW

FreeLibrary

WritePrivateProfileStringW

GetPrivateProfileStringW

WideCharToMultiByte

lstrlenA

MulDiv

WriteFile

ReadFile

MultiByteToWideChar

SetFilePointer

FindClose

FindNextFileW

FindFirstFileW

DeleteFileW

lstrcpynA

user32

GetAsyncKeyState

IsDlgButtonChecked

ScreenToClient

GetMessagePos

CallWindowProcW

IsWindowVisible

LoadBitmapW

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

TrackPopupMenu

GetWindowRect

AppendMenuW

CreatePopupMenu

GetSystemMetrics

EndDialog

EnableMenuItem

GetSystemMenu

SetClassLongW

IsWindowEnabled

SetWindowPos

DialogBoxParamW

CheckDlgButton

CreateWindowExW

SystemParametersInfoW

RegisterClassW

SetDlgItemTextW

GetDlgItemTextW

MessageBoxIndirectW

CharNextA

CharUpperW

CharPrevW

wvsprintfW

DispatchMessageW

PeekMessageW

wsprintfA

DestroyWindow

CreateDialogParamW

SetTimer

SetWindowTextW

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfW

SendMessageTimeoutW

LoadCursorW

SetCursor

GetWindowLongW

GetSysColor

CharNextW

GetClassInfoW

ExitWindowsEx

IsWindow

GetDlgItem

SetWindowLongW

LoadImageW

GetDC

EnableWindow

InvalidateRect

SendMessageW

DefWindowProcW

BeginPaint

GetClientRect

FillRect

DrawTextW

EndPaint

FindWindowExW

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectW

SetBkMode

SetTextColor

SelectObject

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

SHGetFileInfoW

ShellExecuteW

SHFileOperationW

SHGetSpecialFolderLocation

advapi32

RegEnumKeyW

RegOpenKeyExW

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegCreateKeyExW

RegSetValueExW

RegQueryValueExW

RegEnumValueW

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

CoTaskMemFree

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeW

GetFileVersionInfoW

VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 964KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallHelper.dll

.dll windows:5 windows x86 arch:x86

3896366eb0bee0e448a3ff1f0cf5621e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

ad:73:7e:86:3b:45:f0:82:21:b4:71:dd:02:1f:f2:60:29:ca:bc:8c
Signer

Actual PE Digest

ad:73:7e:86:3b:45:f0:82:21:b4:71:dd:02:1f:f2:60:29:ca:bc:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

E:\svn\QQMusicV9.20.3083.0704-920-last\Setup\InstallHelper\Release\InstallHelper.pdb

Imports

psapi

GetModuleFileNameExW

EnumProcessModules

GetModuleBaseNameW

kernel32

lstrcpyW

SetFileAttributesW

GlobalAlloc

lstrcpynW

MapViewOfFile

UnmapViewOfFile

GetModuleHandleExW

OutputDebugStringW

InitializeCriticalSection

LeaveCriticalSection

GetModuleFileNameW

EnterCriticalSection

GetLocalTime

CreateFileMappingW

DeleteCriticalSection

GetCurrentThreadId

GetSystemDirectoryW

IsBadReadPtr

IsBadWritePtr

ReadFile

GetStdHandle

CreatePipe

WideCharToMultiByte

lstrlenW

lstrcmpiW

CreateTimerQueueTimer

DeleteTimerQueueTimer

GetCPInfo

FreeLibrary

CreateProcessW

SetEndOfFile

SetStdHandle

WriteConsoleW

IsValidLocale

EnumSystemLocalesA

GetLocaleInfoA

GetUserDefaultLCID

GetStringTypeW

GetTickCount

QueryPerformanceCounter

LocalFree

FreeEnvironmentStringsW

GetModuleFileNameA

GetStartupInfoW

GetFileType

SetHandleCount

GetLocaleInfoW

SetFilePointer

FlushFileBuffers

GetConsoleMode

GetConsoleCP

IsProcessorFeaturePresent

SetLastError

TlsFree

TlsSetValue

TlsGetValue

TlsAlloc

IsValidCodePage

GetOEMCP

GetACP

WriteFile

ExitProcess

HeapCreate

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

LCMapStringW

RtlUnwind

GetCommandLineA

GetSystemTimeAsFileTime

ExitThread

Sleep

DecodePointer

EncodePointer

InterlockedExchange

InterlockedIncrement

InitializeCriticalSectionAndSpinCount

RaiseException

HeapSize

HeapReAlloc

HeapDestroy

HeapAlloc

HeapFree

GetProcessHeap

OpenProcess

LoadLibraryW

GetLastError

GetProcAddress

LoadLibraryA

CloseHandle

CreateToolhelp32Snapshot

FindNextFileW

Process32NextW

WaitForMultipleObjects

LockResource

Process32FirstW

GetCurrentProcessId

FindClose

GlobalFree

GetLongPathNameW

TerminateProcess

GetFileAttributesW

SizeofResource

InterlockedDecrement

MoveFileExW

LoadResource

FindResourceW

FindResourceExW

FindFirstFileW

DeviceIoControl

MultiByteToWideChar

CreateFileW

GetVersionExW

CreateThread

DuplicateHandle

CreateEventW

TerminateThread

GetModuleHandleW

SetEvent

WaitForSingleObject

GetCurrentProcess

GetEnvironmentStringsW

user32

GetMonitorInfoW

FindWindowW

SetWindowRgn

IsZoomed

GetWindowThreadProcessId

GetWindow

SetCursor

GetFocus

LoadCursorW

SetWindowTextW

MapWindowPoints

SendMessageW

IsWindow

SetWindowPos

GetDesktopWindow

EndDialog

GetDlgItem

MonitorFromWindow

GetWindowLongW

BringWindowToTop

GetClientRect

GetParent

DialogBoxParamW

GetWindowRect

MoveWindow

wsprintfW

SetFocus

PostMessageW

DestroyWindow

DefWindowProcW

CallWindowProcW

CreateWindowExW

ShowWindow

SetWindowLongW

InvalidateRect

TrackMouseEvent

EnableWindow

DrawTextW

GetDlgItemTextW

CallNextHookEx

GetAncestor

SetWindowsHookExW

UnhookWindowsHookEx

GetSystemMetrics

EnumThreadWindows

IsWindowVisible

RegisterClassExW

EndPaint

ClientToScreen

UpdateLayeredWindow

SetTimer

ScreenToClient

GetWindowDC

IsIconic

FillRect

KillTimer

BeginPaint

PtInRect

GetDC

GetWindowTextW

SetScrollPos

GetClassNameW

ReleaseDC

MessageBoxW

gdi32

CreateRoundRectRgn

SetStretchBltMode

GetStretchBltMode

GetTextMetricsW

CreateRectRgnIndirect

Rectangle

SetDCPenColor

CreateFontW

CreatePatternBrush

ExtSelectClipRgn

TextOutW

GetStockObject

SetTextColor

BitBlt

DeleteDC

DeleteObject

SelectObject

CreateCompatibleDC

CreateCompatibleBitmap

SetBkMode

advapi32

RegQueryValueExW

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

RegQueryValueExA

AdjustTokenPrivileges

DuplicateTokenEx

LookupPrivilegeValueW

GetTokenInformation

GetSidSubAuthorityCount

GetSidSubAuthority

OpenProcessToken

shell32

ShellExecuteW

CommandLineToArgvW

SHGetSpecialFolderPathW

SHCreateDirectoryExW

ole32

CoCreateGuid

CoInitializeEx

OleRun

CLSIDFromProgID

CoUninitialize

CoCreateInstance

CoInitialize

oleaut32

SysAllocString

SysFreeString

GetErrorInfo

shlwapi

StrStrIW

PathFileExistsW

msimg32

AlphaBlend

ws2_32

socket

WSACleanup

sendto

closesocket

WSAGetLastError

WSAStartup

gethostbyname

ntohl

htons

htonl

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

gdiplus

GdipGetImageHeight

GdipDrawImageRectRectI

GdipDeleteGraphics

GdipAlloc

GdipDisposeImage

GdipCreateBitmapFromFile

GdipCreateFromHDC

GdipCloneImage

GdipGetImageWidth

GdipCreateHBITMAPFromBitmap

GdiplusShutdown

GdiplusStartup

GdipFree

netapi32

NetWkstaTransportEnum

NetApiBufferFree

Netbios

Exports

AddRule

CheckClickFastInstall

CheckFileLocked

CheckInstallCmd

CreateCustomPage

CreateFinishPage

CreateInstallPage

CreateWelcomePage

DelayDeleteFile

DestroyWnd

DirVerify

GentlyKillQQMusic

GetCheck

GetFileVersion

GetGUID

GetNetCardID

GetOSVersionStringInfo

GetParentProcessName

InitSkin

IsQQMusicRunning

KillProcessbyPath

Log

MoveWindowRect

NeedRunAfterInstall

RemoveRule

Report

RunAppAsUser

SetCheck

SetFocusWnd

UIUpdateInstallProgress

UnInitSkin

WaitForWorkerChildrenProcesses

Sections

.text
Size: 239KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 660B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW

GetModuleHandleW

GlobalLock

GlobalUnlock

GetCurrentDirectoryW

SetCurrentDirectoryW

GetPrivateProfileIntW

GetPrivateProfileStringW

lstrcatW

WritePrivateProfileStringW

lstrcpynW

lstrlenW

lstrcpyW

GlobalFree

GlobalAlloc

user32

OpenClipboard

DestroyIcon

LoadCursorW

DispatchMessageW

TranslateMessage

GetMessageW

IsDialogMessageW

ShowWindow

SetWindowLongW

GetClientRect

SetWindowRgn

LoadIconW

LoadImageW

CreateWindowExW

MapDialogRect

GetClipboardData

GetWindowRect

CreateDialogParamW

EnableMenuItem

GetSystemMenu

EnableWindow

GetDlgItem

SetCursor

DrawTextW

GetWindowLongW

DrawFocusRect

CallWindowProcW

PostMessageW

wsprintfW

CharNextW

MessageBoxW

CloseClipboard

GetDlgCtrlID

MapWindowPoints

SetWindowPos

PtInRect

GetWindowTextW

SetWindowTextW

SendMessageW

DestroyWindow

gdi32

SelectObject

CreateRectRgn

GetObjectW

CombineRgn

DeleteObject

CreateCompatibleDC

GetDIBits

SetTextColor

shell32

SHBrowseForFolderW

SHGetPathFromIDListW

ShellExecuteW

SHGetDesktopFolder

comdlg32

GetOpenFileNameW

CommDlgExtendedError

GetSaveFileNameW

ole32

CoTaskMemFree

Exports

dialog

initDialog

show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallingBG01.png

.png

$PLUGINSDIR/InstallingBG02.png

.png

$PLUGINSDIR/InstallingBG03.png

.png

$PLUGINSDIR/QQMusicResource.dll

.dll windows:4 windows x86 arch:x86

b71c9a3640f5b9df6f34d9205b185326

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4c:d1:7c:10:7d:9b:77:7f:60:ce:04:3f:74:94:2f:94:3e:6a:82:05
Signer

Actual PE Digest

4c:d1:7c:10:7d:9b:77:7f:60:ce:04:3f:74:94:2f:94:3e:6a:82:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\svn\QQMusicV9.20.3083.0704-920-last\PDB\QQMusicResource.pdb

Imports

kernel32

LockResource

SizeofResource

FindResourceW

LoadResource

GetCurrentThreadId

GetCommandLineA

HeapFree

GetVersionExA

HeapAlloc

GetProcessHeap

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetProcAddress

GetModuleHandleA

ExitProcess

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetLastError

InterlockedDecrement

Sleep

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

WriteFile

LeaveCriticalSection

EnterCriticalSection

LoadLibraryA

InitializeCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

VirtualAlloc

HeapReAlloc

RtlUnwind

HeapSize

MultiByteToWideChar

GetLocaleInfoA

GetStringTypeA

GetStringTypeW

LCMapStringA

LCMapStringW

Exports

DllGetLicQQMusic

DllGetLicQQMusicThirdPart

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

GetLastError

lstrcpyW

lstrcpynW

GetProcAddress

WideCharToMultiByte

lstrcatW

lstrlenW

lstrcmpiW

LoadLibraryW

GetModuleHandleW

MultiByteToWideChar

VirtualAlloc

VirtualProtect

FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString

StringFromGUID2

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/bg1.png

.png

$PLUGINSDIR/bg2.png

.png

$PLUGINSDIR/bg3.png

.png

http://y.qq.com/i/d

$PLUGINSDIR/browse.png

.png

$PLUGINSDIR/checkbox.png

.png

$PLUGINSDIR/close.png

.png

$PLUGINSDIR/custom.png

.png

$PLUGINSDIR/empty_bg.png

.png

$PLUGINSDIR/express.png

.png

$PLUGINSDIR/finish.png

.png

$PLUGINSDIR/full_bg.png

.png

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/logo.png

.png

$PLUGINSDIR/modern-header.bmp

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/onekey.png

.png

$PLUGINSDIR/shadow_active.png

.png

$PLUGINSDIR/shadow_deactive.png

.png

$PLUGINSDIR/slogan.png

.png

$PLUGINSDIR/strongbtn.png

.png

$PLUGINSDIR/weakbtn.png

.png

$PROGRAMFILES/Tencent/QZoneMusic/$_24_/QzoneMusic.dll

.dll regsvr32 windows:4 windows x86 arch:x86

bf6d7b8d64ac2f205c45c350a71abc76

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

21:0a:6d:c7:7b:b0:36:63:a5:3c:ff:36:1c:48:0a:6b:9b:88:14:5c
Signer

Actual PE Digest

21:0a:6d:c7:7b:b0:36:63:a5:3c:ff:36:1c:48:0a:6b:9b:88:14:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\svn\QQMusicV9.20.3083.0704-920-last\Pdb\QzonePlayer.pdb

Imports

shlwapi

PathFileExistsW

qqplayer

?Encode16@qzonemusic@@YA?AVCQmString@@PB_W@Z

??BCQmString@@QAEPB_WXZ

?Open@CMyMutex@@QAEHKHPB_W@Z

?FormatString@@YA?AVCQmString@@PB_WZZ

?DoLog@@YAHPB_WZZ

?GetTempFile@qzonemusic@@YA?AVCQmString@@PB_W@Z

?RemoveDomain@CQmApprovedDomain@@QAEXPBD@Z

?AddDomain@CQmApprovedDomain@@QAEXPBD@Z

?Destroy@CMyMutex@@QAEXXZ

?Lock@CMyMutex@@QAEHK@Z

?InitLog@@YAHPB_W@Z

?Unlock@CMyMutex@@QAEXXZ

?EndLog@@YAXXZ

?GetAppDataFolder@qzonemusic@@YA?AVCQmString@@XZ

?CheckParentDirectory@qzonemusic@@YAHPB_W@Z

??0CQmString@@QAE@ABV0@@Z

??YCQmString@@QAEXABV0@@Z

??0CQmString@@QAE@PB_W@Z

?GetExeFolder@qzonemusic@@YA?AVCQmString@@XZ

?CreateObjectFromFile@@YAJPB_WPAUIUnknown@@ABU_GUID@@2PAPAX@Z

?CreatePicture@qzonemusic@@YAJPAUHINSTANCE__@@IPAPAUIPicture@@@Z

?GetVersionInfoFromFile@qzonemusic@@YAHPB_WAAE1AAK2@Z

??0CMyMutex@@QAE@XZ

??1CQmString@@QAE@XZ

?UTF8URLEncode@qzonemusic@@YA?AVCQmString@@PB_W@Z

?UTF8URLDecode@qzonemusic@@YA?AVCQmString@@PB_W@Z

?TrimString@qzonemusic@@YAXAAVCQmString@@@Z

??0CQmApprovedDomain@@QAE@XZ

??1CQmApprovedDomain@@QAE@XZ

?GetApprovedDomainsCount@CQmApprovedDomain@@QBEIXZ

?GetApprovedDomain@CQmApprovedDomain@@QBEPBDH@Z

??1CMyMutex@@QAE@XZ

psapi

GetModuleFileNameExW

kernel32

lstrlenW

WideCharToMultiByte

WaitForSingleObject

ResetEvent

WaitForMultipleObjects

Sleep

InterlockedDecrement

CreateEventW

OpenFileMappingW

MapViewOfFile

UnmapViewOfFile

SetEvent

lstrlenA

SizeofResource

LockResource

LoadResource

FindResourceExW

Process32NextW

FreeLibrary

GetModuleFileNameW

LoadLibraryW

GetProcAddress

OpenProcess

FindResourceW

CreateToolhelp32Snapshot

GetCurrentProcessId

GetTempPathW

GetTempFileNameW

SetLastError

GetCurrentProcess

FlushInstructionCache

GetModuleHandleW

MulDiv

InterlockedIncrement

DisableThreadLibraryCalls

lstrcmpiA

ReadFile

SetFilePointer

RaiseException

CreateFileW

GetTickCount

LeaveCriticalSection

EnterCriticalSection

DeleteCriticalSection

InitializeCriticalSection

DeleteFileW

GetPrivateProfileIntW

GetPrivateProfileStringW

CloseHandle

GetLastError

MultiByteToWideChar

WriteFile

InterlockedCompareExchange

HeapFree

GetProcessHeap

HeapAlloc

LoadLibraryA

IsProcessorFeaturePresent

VirtualFree

VirtualAlloc

InterlockedExchange

GetACP

GetLocaleInfoA

GetThreadLocale

GetVersionExA

HeapDestroy

HeapReAlloc

HeapSize

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

QueryPerformanceCounter

GetCurrentThreadId

GetSystemTimeAsFileTime

Process32FirstW

user32

SetRectEmpty

UnregisterHotKey

IsDialogMessageW

DrawTextW

ShowWindow

CreateWindowExW

KillTimer

SetRect

IsChild

GetFocus

DestroyWindow

SetTimer

SetFocus

PostMessageW

IsWindow

DefWindowProcW

GetWindowLongW

SetWindowLongW

LoadCursorW

GetClassInfoExW

RegisterClassExW

CallWindowProcW

SendMessageTimeoutW

SetWindowRgn

GetWindowRect

PtInRect

BeginPaint

GetKeyState

InvalidateRect

IsWindowVisible

LoadBitmapW

SetWindowPos

LoadStringW

GetDesktopWindow

SendMessageW

GetDC

GetCursorPos

ScreenToClient

ReleaseDC

SetCursor

DestroyCursor

SystemParametersInfoW

UnionRect

OffsetRect

EqualRect

IntersectRect

EndPaint

GetClientRect

UnregisterClassA

InflateRect

gdi32

DeleteObject

Rectangle

LPtoDP

SaveDC

SetMapMode

SetWindowOrgEx

SetViewportOrgEx

RestoreDC

CreateRectRgnIndirect

SetTextAlign

TextOutW

GetDeviceCaps

SetBkColor

CreateBitmap

CreateSolidBrush

CreatePen

GetObjectW

GetStockObject

CreateFontIndirectW

SetBkMode

SetTextColor

CreatePolygonRgn

CreateCompatibleDC

BitBlt

DeleteDC

CreateCompatibleBitmap

StretchBlt

SelectObject

advapi32

RegSetValueExW

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

shell32

ShellExecuteW

ole32

CoCreateGuid

CoCreateInstance

OleRegEnumVerbs

OleRegGetUserType

StringFromCLSID

CoTaskMemFree

CreateOleAdviseHolder

CLSIDFromString

oleaut32

SafeArrayCopy

SafeArrayDestroy

SafeArrayCreate

SafeArrayLock

SafeArrayGetLBound

SafeArrayUnlock

SafeArrayRedim

SafeArrayGetUBound

VariantCopyInd

VariantCopy

OleCreatePropertyFrame

DispCallFunc

LoadTypeLi

LoadRegTypeLi

SysStringLen

VariantClear

VariantInit

SysAllocString

SysFreeString

SysAllocStringByteLen

SysStringByteLen

atl80

ord18

ord23

ord15

ord26

ord58

ord32

ord30

ord43

ord44

ord11

ord40

ord42

ord48

ord10

ord61

ord22

ord31

ord49

ord27

ord64

msvcp80

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z

?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ

??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z

?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@0@Z

?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z

??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z

msvcr80

??3@YAXPAX@Z

_recalloc

atof

??0exception@std@@QAE@XZ

_vsnwprintf_s

??0exception@std@@QAE@ABQBD@Z

atol

??0exception@std@@QAE@ABV01@@Z

??1exception@std@@UAE@XZ

srand

?what@exception@std@@UBEPBDXZ

_time64

??2@YAPAXI@Z

_invalid_parameter_noinfo

swprintf_s

atoi

rand

free

calloc

??_V@YAXPAX@Z

_endthread

_beginthread

wcsncpy_s

strchr

strstr

strncmp

_vsnprintf_s

_wcslwr_s

_vscwprintf

vswprintf_s

_purecall

memcpy_s

memmove_s

_wcsicmp

_wtoi

_difftime64

wcsrchr

_resetstkoflw

malloc

memchr

_waccess

strtoul

memset

__CxxFrameHandler3

_CxxThrowException

_unlock

__dllonexit

_encode_pointer

_lock

_onexit

_decode_pointer

?terminate@@YAXXZ

_malloc_crt

_encoded_null

_initterm

_initterm_e

_amsg_exit

_adjust_fdiv

__CppXcptFilter

_except_handler4_common

_crt_debugger_hook

?_type_info_dtor_internal_method@type_info@@QAEXXZ

__clean_type_info_names_internal

memcpy

wininet

InternetCrackUrlA

Exports

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

Sections

.text
Size: 216KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PROGRAMFILES/Tencent/QZoneMusic/$_24_/QzoneMusic.exe

.exe windows:4 windows x86 arch:x86

b492b5f70fdcd7ff94ae655701f6eba4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

Extended Key Usages

ExtKeyUsageServerAuth

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17/01/2013, 00:00

Not After

16/02/2016, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

4b:12:27:16:47:60:58:18:9d:ae:05:fa:ba:38:63:80:88:d7:c1:f7
Signer

Actual PE Digest

4b:12:27:16:47:60:58:18:9d:ae:05:fa:ba:38:63:80:88:d7:c1:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\QQMusicV9.20.3083.0704-920-last\Pdb\QzoneMusic.pdb

Imports

atl80

ord11

ord49

ord17

ord27

ord58

ord20

ord10

ord26

ord64

ord23

ord61

ord22

ord18

ord43

ord44

ord32

ord31

ord30

shlwapi

PathFileExistsW

wininet

InternetConnectW

HttpOpenRequestW

InternetSetOptionW

HttpQueryInfoW

HttpSendRequestW

InternetReadFileExA

InternetCloseHandle

InternetSetStatusCallbackW

InternetOpenW

InternetCrackUrlW

InternetCanonicalizeUrlW

InternetQueryOptionW

HttpAddRequestHeadersW

HttpSendRequestExW

HttpEndRequestW

InternetSetCookieW

InternetCrackUrlA

InternetWriteFile

qqplayer

??0CQmString@@QAE@ABV0@@Z

?DoLog@@YAHPB_WZZ

??1CMyMutex@@QAE@XZ

??1CQmString@@QAE@XZ

??YCQmString@@QAEXABV0@@Z

??0CQmString@@QAE@PB_W@Z

??BCQmString@@QAEPB_WXZ

?GetAppDataFolder@qzonemusic@@YA?AVCQmString@@XZ

?Create@CMyMutex@@QAEHPAU_SECURITY_ATTRIBUTES@@HPB_W@Z

??0CMyMutex@@QAE@XZ

?CreateObjectFromFile@@YAJPB_WPAUIUnknown@@ABU_GUID@@2PAPAX@Z

?Lock@CMyMutex@@QAEHK@Z

?Unlock@CMyMutex@@QAEXXZ

?GetTempFile@qzonemusic@@YA?AVCQmString@@PB_W@Z

?STR2DWORD@qzonemusic@@YAHPB_WAAK@Z

?SetQQUin@@YAXI@Z

?GetExeFolder@qzonemusic@@YA?AVCQmString@@XZ

?EndLog@@YAXXZ

?GetVersionInfoFromFile@qzonemusic@@YAHPB_WAAE1AAK2@Z

?SetExceptionCatcher@@YAXPB_W0H@Z

?InitLog@@YAHPB_W@Z

?UTF8URLEncode@qzonemusic@@YA?AVCQmString@@PB_W@Z

?GetFileText@qzonemusic@@YA?AVCQmString@@PB_W@Z

?TrimString@qzonemusic@@YAXAAVCQmString@@@Z

kernel32

GetProcessHeap

HeapSize

HeapReAlloc

HeapFree

HeapAlloc

HeapDestroy

GetVersionExA

InterlockedCompareExchange

LoadLibraryA

IsProcessorFeaturePresent

VirtualFree

VirtualAlloc

GetACP

GetLocaleInfoA

GetThreadLocale

GetStartupInfoW

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

QueryPerformanceCounter

GetCurrentProcessId

InterlockedExchange

WriteFile

SetFilePointer

VirtualQuery

GetPrivateProfileStringW

FindResourceW

EnterCriticalSection

SizeofResource

LeaveCriticalSection

LockResource

LoadResource

FindResourceExW

WideCharToMultiByte

MultiByteToWideChar

FormatMessageW

GetLastError

MapViewOfFile

UnmapViewOfFile

OpenProcess

OpenEventW

InitializeCriticalSection

CreateEventW

Sleep

WaitForMultipleObjects

ResetEvent

SetEvent

GetTickCount

WaitForSingleObject

TerminateThread

CloseHandle

OpenFileMappingW

DeleteCriticalSection

CreateFileMappingW

lstrlenW

InterlockedDecrement

lstrlenA

SetLastError

GetCurrentProcess

FlushInstructionCache

GetSystemInfo

GetSystemTimeAsFileTime

GetProcessTimes

GlobalMemoryStatusEx

CreateToolhelp32Snapshot

Process32FirstW

Process32NextW

LoadLibraryW

GetProcAddress

DeleteFileW

GetTempPathW

GetTempFileNameW

CreateFileW

GetFileSize

ReadFile

GetModuleFileNameW

InterlockedIncrement

CreateThread

GetCommandLineW

GetCurrentThreadId

lstrcmpiW

CreateDirectoryW

RaiseException

user32

DestroyWindow

DefWindowProcW

GetClassInfoExW

PostMessageW

KillTimer

SetTimer

RegisterClassExW

LoadCursorW

GetWindowLongW

CallWindowProcW

MsgWaitForMultipleObjects

PeekMessageW

TranslateMessage

DispatchMessageW

LoadStringW

SetWindowLongW

UnregisterClassA

GetMessageW

CharNextW

EndPaint

GetClientRect

BeginPaint

GetFocus

IsChild

SendMessageW

SetRect

IsWindow

CreateWindowExW

SetRectEmpty

PostThreadMessageW

gdi32

LPtoDP

GetDeviceCaps

TextOutW

SetTextAlign

RestoreDC

SetMapMode

SetWindowOrgEx

SetViewportOrgEx

DeleteDC

SaveDC

advapi32

RegSetValueExW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

shell32

SHGetSpecialFolderPathW

ole32

CoUninitialize

CoInitialize

CoCreateGuid

CoRevokeClassObject

CoCreateInstance

StringFromCLSID

CoTaskMemFree

CoRegisterClassObject

oleaut32

LoadTypeLi

LoadRegTypeLi

DispCallFunc

VariantInit

SysAllocString

VariantClear

SysAllocStringByteLen

SysStringByteLen

SysFreeString

SysStringLen

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z