2953032d3e8083333fbbe91041feddc0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2953032d3e8083333fbbe91041feddc0_NeikiAnalytics.exe
Size

1.5MB
MD5

2953032d3e8083333fbbe91041feddc0
SHA1

82d01bd05f52dbc61256b9762e7bed31aaf97189
SHA256

61412215fb26d53852080768f435afcfa050319f0431cc1c4f0ac6e203eeb5e2
SHA512

8cb6f86eb9d9f5787940938e293cd17da4486c342ced77d4eae799c7532c35cd0575d803000d5799070c6ab516ac811aec9da3b1d236e61aa02e60be2e02f890
SSDEEP

49152:ycGccpccUccL7cc2ccOcc9cc4AcHc3+ck1VLiAAGlS8cPrNXjANND2bF1P01ILwf:ycGccpccUccL7cc2ccOcc9cc4AcHc3+X

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallHelper.dll
unpack002/$PLUGINSDIR/InstallHelper.dll

Files

2953032d3e8083333fbbe91041feddc0_NeikiAnalytics.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9c:8f:ef:fe:57:66:e1:b8:b8:8d:70:47:03:9f:91:88:e5:c9:cd:ff
Signer

Actual PE Digest

9c:8f:ef:fe:57:66:e1:b8:b8:8d:70:47:03:9f:91:88:e5:c9:cd:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

757a207c0ddc255c868ab28404d88d9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\XFPlugin\nsis_server\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

lstrcpynW
GlobalAlloc
Process32FirstW
lstrcmpiW
Process32NextW
CloseHandle
CreateToolhelp32Snapshot
OpenProcess
MultiByteToWideChar
lstrcpyW
GlobalFree
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
CreateFileA
InitializeCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

Exports

Exports

FireWallAddApp
IsProcessRunning
KillRunningProcess

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BDDLBHO.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ab018333833945702479f4393a1806ea

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e9:c7:3c:49:08:84:5f:ac:77:b4:79:d0:8f:1e:67:e0:79:ce:cf:50
Signer

Actual PE Digest

e9:c7:3c:49:08:84:5f:ac:77:b4:79:d0:8f:1e:67:e0:79:ce:cf:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\XFPlugin\Downloader_Nsis\Release\install\BDDLBHO.pdb

Imports

kernel32

MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
FreeLibrary
GetFileAttributesA
GetProcAddress
LoadLibraryW
SetDllDirectoryW
ExpandEnvironmentStringsA
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetFileAttributesW
lstrlenW
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetFilePointer
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
IsValidLocale
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
WideCharToMultiByte
Sleep
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
LCMapStringA
LCMapStringW
GetCPInfo
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetOEMCP
IsValidCodePage
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
CloseHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA

user32

UnregisterClassA
CharNextW

advapi32

RegSetValueExA
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

shell32

ShellExecuteW

ole32

CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BDIEHelper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

24afecf9ba80faee885a9520eacee7e5

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:c4:a6:99:ad:7f:c3:f5:9c:63:ee:2b:ce:d6:c3:37:ba:29:28:4e
Signer

Actual PE Digest

41:c4:a6:99:ad:7f:c3:f5:9c:63:ee:2b:ce:d6:c3:37:ba:29:28:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\XFPlugin\BDIEPlugin\BDIEHelper\Release\BDIEHelper01.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
LoadLibraryW
SetLastError
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
DisableThreadLibraryCalls
InterlockedIncrement
FreeLibrary
SizeofResource
LoadResource
FindResourceW
GetVersionExW
DebugBreak
OutputDebugStringW
GetModuleFileNameA
ProcessIdToSessionId
GetCurrentProcessId
Sleep
HeapFree
GetProcessHeap
CloseHandle
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoW
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
lstrlenA
lstrlenW
InterlockedDecrement
lstrcpynA
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
InterlockedCompareExchange
GetThreadLocale
LocalFree
CreateFileA
SetFilePointer
LoadLibraryA
CompareStringW
CompareStringA
FlushFileBuffers
IsValidLocale
GetTimeZoneInformation
WriteConsoleW
InterlockedExchange
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentThread
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapAlloc
RtlUnwind
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
FatalAppExitA
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

MsgWaitForMultipleObjects
RegisterWindowMessageW
GetForegroundWindow
GetWindowThreadProcessId
IsIconic
ShowWindow
AttachThreadInput
SetForegroundWindow
FindWindowExW
CharNextW
LoadStringW
UnregisterClassA

advapi32

ConvertSidToStringSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
LookupAccountNameW

shell32

ShellExecuteW

ole32

CoTaskMemAlloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysFreeString
CreateErrorInfo
SetErrorInfo
VariantInit
VariantChangeType
GetErrorInfo
VariantClear
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen

shlwapi

PathFileExistsW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BaiduMiniDL.exe
.exe windows:4 windows x86 arch:x86

aa9dce58b28ade196dbd4dd7503c2581

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c0:d1:25:df:99:10:87:07:ce:d1:4e:23:03:03:a2:bc:73:17:d7:7f
Signer

Actual PE Digest

c0:d1:25:df:99:10:87:07:ce:d1:4e:23:03:03:a2:bc:73:17:d7:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\MiniGameDL.pdb

Imports

basic

?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?Base64DecodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?GetSysTempPath@FileMisc@Base@@YAHPA_WK@Z
?WToA@StringUtils@Base@@YAPADPB_WPADH@Z

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

InitCommonControlsEx
_TrackMouseEvent

report

?ReleaseReportMgr@Report@@YAXPAVIReportMgr@1@@Z
?GetReportMgr@Report@@YAPAVIReportMgr@1@XZ

kernel32

LockResource
LoadResource
GetLastError
FindResourceW
IsBadReadPtr
OutputDebugStringW
TerminateThread
SetEvent
ResetEvent
CreateEventW
Sleep
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
ReadFile
SetEndOfFile
GetTimeZoneInformation
CreateFileA
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
SetConsoleCtrlHandler
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
FatalAppExitA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStdHandle
WriteFile
ExitProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
HeapReAlloc
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
CreateThread
ExitThread
HeapFree
GetSystemTimeAsFileTime
CreateDirectoryW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
InterlockedExchange
InterlockedCompareExchange
InterlockedDecrement
InterlockedIncrement
GetThreadLocale
FindFirstFileW
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SizeofResource
FreeResource
GlobalLock
GlobalUnlock
LoadLibraryW
GetProcAddress
FreeLibrary
WaitForSingleObject
MultiByteToWideChar
DeleteFileW
CopyFileW
GetVersionExW
GetFileAttributesW
GetModuleFileNameW
GlobalAlloc
GlobalFree
GetCurrentThread
CreateFileW
DeviceIoControl
CloseHandle
SetThreadLocale
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcpynW
lstrlenW
lstrcatW
WideCharToMultiByte
GetModuleHandleW
GetModuleFileNameA
GetLocalTime

user32

IsIconic
ShowWindow
LoadCursorW
WindowFromPoint
SendMessageTimeoutW
SendMessageW
DispatchMessageW
TranslateMessage
FindWindowA
UpdateWindow
SetRect
MessageBoxW
LoadImageW
EndDialog
CreateDialogParamW
DialogBoxParamW
EnumThreadWindows
DrawIcon
GetMessageW
IsZoomed
GetWindowRect
GetClassNameW
DrawAnimatedRects
EnumChildWindows
FindWindowW
PostMessageW
SetForegroundWindow
DestroyWindow
PostQuitMessage
IsWindow
FlashWindow
SetWindowPos
CallWindowProcW
SetWindowTextW
RegisterWindowMessageW
EndPaint
GetClientRect
BeginPaint
EnableWindow
GetDlgItem
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
SetFocus
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
SetTimer
KillTimer
LoadIconW
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
FindWindowExW
PtInRect
ReleaseDC
GetDC
DrawTextW
OffsetRect
InflateRect
SetWindowRgn
GetActiveWindow
RedrawWindow
GetClassInfoExW
GetSystemMetrics
DrawIconEx
GetSystemMenu
GetMenuState
GetWindowTextW
SetCursor
IsWindowVisible
GetClassInfoW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindow
SystemParametersInfoW
MapWindowPoints
DrawFocusRect
GetParent
ClientToScreen
DefWindowProcW
RegisterClassExW
SetWindowLongW
GetWindowLongW
IntersectRect
CreateWindowExW
InvalidateRect
GetWindowDC
GetCapture
SetCapture
ScreenToClient
ReleaseCapture

gdi32

CreateFontIndirectW
CreateSolidBrush
CombineRgn
CreateRoundRectRgn
CreateRectRgn
ExcludeClipRect
CreateDIBSection
GetClipBox
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
BitBlt
DeleteDC
Rectangle
SetBkColor
ExtTextOutW
CreateRectRgnIndirect
SelectClipRgn
RoundRect
MoveToEx
CreatePen
LineTo
SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
SetTextColor
SetBkMode

advapi32

RegCloseKey
MapGenericMask
RevertToSelf
OpenThreadToken
ImpersonateSelf
GetFileSecurityW
RegSetValueExW
RegOpenKeyW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
AccessCheck

shell32

SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW
ExtractIconExW
SHGetSpecialFolderPathW
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoMarshalInterThreadInterfaceInStream
CoUninitialize
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
CLSIDFromProgID
CoLoadLibrary
CoFreeLibrary
CoInitializeEx

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
SysStringLen

shlwapi

wnsprintfW

gdiplus

GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCloneImage
GdipCloneBrush
GdipCloneBitmapAreaI
GdipCreateFont
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipGetPropertyItemSize
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromHICON
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetPropertyItem
GdipDrawImageRectI
GdipLoadImageFromStreamICM
GdipBitmapLockBits

Sections

.text
Size: 452KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/Basic.dll
.dll windows:4 windows x86 arch:x86

1de3f519a06d8c888dfb8e63b37093bf

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

17:b2:c3:d4:a3:05:5b:a3:c9:e8:5e:9d:df:9e:00:4f:3d:95:90:c7
Signer

Actual PE Digest

17:b2:c3:d4:a3:05:5b:a3:c9:e8:5e:9d:df:9e:00:4f:3d:95:90:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\basic.pdb

Imports

psapi

GetModuleFileNameExW
EnumProcessModules
EnumProcesses
GetModuleBaseNameW

iphlpapi

GetIpForwardTable

wininet

InternetCrackUrlW

kernel32

GetFileTime
ReadFile
SetFilePointer
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
MoveFileExW
DeleteFileW
GlobalLock
GlobalUnlock
CopyFileW
GetCurrentDirectoryW
GlobalAlloc
RemoveDirectoryW
GetCurrentProcess
GetWindowsDirectoryW
WriteFile
GetModuleHandleW
GetProcessHeap
HeapAlloc
HeapFree
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTempPathW
Sleep
GetTickCount
GetSystemInfo
GetComputerNameW
GetVersionExW
GetDriveTypeW
LoadLibraryW
CreateFileA
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
VirtualFree
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileSizeEx
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetBinaryTypeW
IsBadReadPtr
GetSystemWow64DirectoryW
GetSystemWindowsDirectoryW
MoveFileW
DebugBreak
WaitForSingleObject
CreateMutexW
ReleaseMutex
SetFileAttributesW
lstrlenW
GetCommandLineW
SetUnhandledExceptionFilter
TlsAlloc
GetCurrentProcessId
GetCurrentThreadId
SetErrorMode
CreateEventW
SearchPathW
DuplicateHandle
CreateProcessW
WaitForMultipleObjects
TerminateProcess
ExitProcess
TlsGetValue
TlsSetValue
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GlobalMemoryStatusEx
RaiseException
VirtualAllocEx
OpenProcess
lstrcmpiW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
GetCurrentDirectoryA
GetFullPathNameW
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
HeapSize
SetLastError
LoadLibraryA
TlsFree
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
LCMapStringW
LCMapStringA
RtlUnwind
GetVersionExA
GetCommandLineA
HeapReAlloc
GetSystemTimeAsFileTime
GetFileAttributesW
CloseHandle
CreateFileW
lstrcpynW
lstrcpynA
CreateDirectoryW
FreeLibrary
InterlockedIncrement
GetProcAddress
SetEndOfFile
GetDriveTypeA
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
GetModuleFileNameW
FormatMessageW
IsDBCSLeadByte
GetCPInfo
FileTimeToSystemTime
WideCharToMultiByte
MultiByteToWideChar
GetLastError
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
GetStringTypeW
EnumSystemLocalesA
IsValidLocale
InterlockedDecrement
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
GetLocaleInfoW
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetUserDefaultLCID
GetLocaleInfoA
WriteConsoleW
GetConsoleOutputCP
GetStringTypeA

user32

GetParent
GetWindowLongW
SystemParametersInfoW
MessageBoxW
SetWindowLongW
EnableWindow
FindWindowExW
SetWindowTextW
SendMessageW
SetWindowPos
GetClientRect
SetActiveWindow
SetForegroundWindow
ExitWindowsEx
GetWindowRect
GetWindowTextW
GetClassNameW
GetDesktopWindow
IsWindowVisible
IsWindow
GetSystemMetrics
EnumWindows
IsIconic
LoadBitmapW
LoadImageW
SetClipboardData
CloseClipboard
EmptyClipboard
OpenClipboard
DestroyIcon
ShowWindow
UnregisterClassA

gdi32

CreateDCW
GetObjectW
DeleteDC
DeleteObject
GetDeviceCaps

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumValueW
GetUserNameW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
OpenProcessToken
SetFileSecurityW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHCreateDirectoryExW
ShellExecuteExW
ShellExecuteW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHBrowseForFolderW
SHGetSpecialFolderPathW
SHGetFolderPathW
DuplicateIcon

ole32

StgIsStorageFile
CoInitialize
CoUninitialize
StgOpenStorage
StgCreateDocfile
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

OleCreatePictureIndirect
SysStringLen
SysAllocStringLen

shlwapi

PathFileExistsW
PathIsDirectoryW
PathRemoveFileSpecW
StrCpyNW
StrRChrW
StrStrIW
PathAppendW
PathFindFileNameW
StrRChrIW
PathAddBackslashW
PathFindExtensionW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

netapi32

Netbios

Exports

Exports

??0?$EnableIntrusive@VCConfig@Config@Utils@@@@QAE@XZ
??0CConfig@Config@Utils@@QAE@XZ
??0CShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0CShortcut@FileMisc@Base@@QAE@H@Z
??0CShortcut@FileMisc@Base@@QAE@PB_WH@Z
??0CWin64Helper@Win64Helper@Base@@QAE@XZ
??0CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??0FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??0IShortcut@FileMisc@Base@@QAE@ABV012@@Z
??0IShortcut@FileMisc@Base@@QAE@XZ
??0md5_engine@Base@@QAE@XZ
??1CConfig@Config@Utils@@MAE@XZ
??1CShortcut@FileMisc@Base@@UAE@XZ
??1CWin64Helper@Win64Helper@Base@@QAE@XZ
??1CWow64FsRedrt@Win64Helper@Base@@QAE@XZ
??1FileDefaultIconPicker@FileMisc@Base@@QAE@XZ
??4CShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4CWin64Helper@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4CWow64FsRedrt@Win64Helper@Base@@QAEAAV012@ABV012@@Z
??4FileDefaultIconPicker@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4IShortcut@FileMisc@Base@@QAEAAV012@ABV012@@Z
??4tagLANGANDCODEPAGE@@QAEAAU0@ABU0@@Z
??_7CConfig@Config@Utils@@6B@
??_7CShortcut@FileMisc@Base@@6B@
??_7IShortcut@FileMisc@Base@@6B@
??_FCShortcut@FileMisc@Base@@QAEXXZ
?AToBSTR@StringUtils@Base@@YAPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AToBSTR@StringUtils@Base@@YAPA_WPBDI@Z
?AToUTF8@StringUtils@Base@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV?$vector@DV?$allocator@D@std@@@4@@Z
?AToW@StringUtils@Base@@YAPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_WH@Z
?AToW@StringUtils@Base@@YAPA_WPBDIPA_WH@Z
?AToW@StringUtils@Base@@YAPA_WPBDPA_WH@Z
?AToW@StringUtils@Base@@YAPB_WPBDHPA_WHK@Z
?AToW@StringUtils@Base@@YAPB_WPBDPA_WHK@Z
?ActivePopupChild@SysMisc@Base@@YAPAUHWND__@@PAU3@@Z
?AddFileToZip@ZipUnZip@Base@@YAHPAXPB_W1@Z
?AddMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0H@Z
?AddRef@CConfig@Config@Utils@@UAGKXZ
?AddZipMemoryToZip@ZipUnZip@Base@@YAHPAXPB_W0HH@Z
?BSTRToA@StringUtils@Base@@YAPADQA_WPADH@Z
?BSTRToW@StringUtils@Base@@YAPA_WQA_WPA_WH@Z
?Base64Decode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64DecodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?Base64Encode@Crypt@Base@@YAHPBEHPAEPAH@Z
?Base64EncodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z
?BuildEveryoneSD@FileMisc@Base@@YAPAXKPAX@Z
?ByteToHexA@StringUtils@Base@@YAHEPADH@Z
?ByteToHexW@StringUtils@Base@@YAHEPA_WH@Z
?BytesToStringW@StringUtils@Base@@YAHPBEIPA_WH@Z
?CRC32@MD5@Base@@YGKPBEHK@Z
?CRC32@MD5@Base@@YGKPB_WK@Z
?CheckFullScreenWindow@SysMisc@Base@@YAHAAHPAPAUHWND__@@@Z
?Close@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?CloseZipFile@ZipUnZip@Base@@YAXPAX@Z
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?CopyFilePath@FileMisc@Base@@YAXPB_W@Z
?CopyFilePath@FileMisc@Base@@YAXV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?CopyFileW@FileMisc@Base@@YAHPB_W0H@Z
?CopyTextToClipboard@SysMisc@Base@@YAHPB_W@Z
?CreateDir@FileMisc@Base@@YAHPB_W@Z
?CreateDirectoryNested@FileMisc@Base@@YAHPB_W@Z
?CreateFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEPAXPB_WKKPAU_SECURITY_ATTRIBUTES@@KKPAX@Z
?CreateShortCut@FileMisc@Base@@YAHPB_W00000HGH@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?CreateZipFile@ZipUnZip@Base@@YAPAXPB_W@Z
?DecryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?DeleteFileAfterReboot@FileMisc@Base@@YAXPA_W@Z
?DeleteFileEx@FileMisc@Base@@YAHPB_W@Z
?DeleteFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?DirSelectDlg@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@HPB_W333IPAH@Z
?DirSelectDlgSimple@SysMisc@Base@@YAHPAUHWND__@@PA_WHPAUHICON__@@PB_W3@Z
?DisableFileRedirect@CWin64Helper@Win64Helper@Base@@QAEHXZ
?DllGetVersion@FileMisc@Base@@YAHPB_WAAU_DLLVERSIONINFO@@@Z
?EncryptBuffer@CConfig@Config@Utils@@AAEHPAEK@Z
?EnumFileOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@HPA_W@Z
?EnumFolderOfDir@FileMisc@Base@@YAHPB_WAAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@V?$allocator@V?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@2@@std@@@Z
?FileGetDefaultIcon@FileDefaultIconPicker@FileMisc@Base@@SAPAUHICON__@@PB_W@Z
?FileSelectDlg@SysMisc@Base@@YAHPA_WPB_W11HPAUHWND__@@1@Z
?FlushDNS@SysMisc@Base@@YAHXZ
?ForbidLoadLibrarySearchCurrentDirectory@Library@Base@@YAXXZ
?FormatFileSize@FileMisc@Base@@YAHKPA_WK@Z
?FormatString@StringUtils@Base@@YAHPADHPBDZZ
?FormatString@StringUtils@Base@@YAHPA_WHPB_WZZ
?FormatString@StringUtils@Base@@YAXAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
?FormatString@StringUtils@Base@@YAXAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PB_WZZ
?FormatToSysTime@StringUtils@Base@@YAHPAU_SYSTEMTIME@@PBU_FILETIME@@@Z
?FormatToSysTime@StringUtils@Base@@YAHPAU_SYSTEMTIME@@PB_J@Z
?GetAccountStorePath@Misc@Utils@@YAHPA_W_K@Z
?GetAllAccessSecurityAttributes@SysMisc@Base@@YAPBU_SECURITY_ATTRIBUTES@@XZ
?GetAllAccessSecurityAttributesEx@SysMisc@Base@@YAHAAU_SECURITY_ATTRIBUTES@@AAU_SECURITY_DESCRIPTOR@@@Z
?GetAppdataFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetArgs@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetBitmapSize@FileMisc@Base@@YAHIPAJ0@Z
?GetBitmapSize@FileMisc@Base@@YAHPAUHBITMAP__@@PAJ1@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPAE@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPA_W@Z
?GetBufferMd5A@MD5@Base@@YGHPBEHPAD@Z
?GetBufferMd5W@MD5@Base@@YGHPBEHPA_W@Z
?GetBuildVer@Misc@Utils@@YAIXZ
?GetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?GetComputerNameW@SysMisc@Base@@YAHPA_WK@Z
?GetCrashCatcher@CrashCatcher@Utils@@YAPAVICrashCatcher@12@XZ
?GetCurFile@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetCurPEVersionA@FileMisc@Base@@YAHPADHPB_W@Z
?GetCurPathRootPath@FileMisc@Base@@YAHPA_WKK@Z
?GetCurrentProcessPath@FileMisc@Base@@YAHPA_WK@Z
?GetDefaultBrowser@SysMisc@Base@@YAHPA_WPAK@Z
?GetDesc@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDir@CShortcut@FileMisc@Base@@UAEHPA_WH@Z
?GetDrTempFile@FileMisc@Base@@YAHPA_WHPB_W1@Z
?GetDstVersionByStr@Misc@Utils@@YAIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?GetExeFileName@Misc@Utils@@YAPB_WXZ
?GetExeFolderNotWithSlash@Misc@Utils@@YAPB_WXZ
?GetFileInfo@FileMisc@Base@@YAHPB_WPA_W11@Z
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5@MD5@Base@@YGHPB_WPA_W@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAD@Z
?GetFileMD5A@MD5@Base@@YGHPBDPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPAE@Z
?GetFileMD5W@MD5@Base@@YGHPB_WPA_W@Z
?GetFileSingleInfo@FileMisc@Base@@YAHPB_W0PA_WPAH@Z
?GetFileSizeEx@FileMisc@Base@@YAKPB_W@Z
?GetFileSizeWow64@Win64Helper@Base@@YG_KPB_W@Z
?GetFileTimeFlex@FileMisc@Base@@YAHPB_WPAU_FILETIME@@11@Z
?GetFileVerInfoA@FileMisc@Base@@YAHPBDPADH@Z
?GetFileVerInfoW@FileMisc@Base@@YAHPB_WPA_WH@Z
?GetFileVersion@FileMisc@Base@@YAHPB_WAAI111@Z
?GetFolderSize@FileMisc@Base@@YA_KPB_WPAK1@Z
?GetGuid@GUID@Base@@YGHPAEH@Z
?GetGuid@GUID@Base@@YGHPA_WH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?GetGuidW@GUID@Base@@YGHPA_WH@Z
?GetHotKey@CShortcut@FileMisc@Base@@UAEHPAG@Z
?GetIEFullPath@SysMisc@Base@@YAHPA_WPAK@Z
?GetIEHistoryPath@FileMisc@Base@@YAHPA_WK@Z
?GetIETempPath@FileMisc@Base@@YAHPA_WK@Z
?GetIEVersion@FileMisc@Base@@YAJXZ
?GetIco@CShortcut@FileMisc@Base@@UAEHPA_WHPAH@Z
?GetIcon@FileMisc@Base@@YAPAUHICON__@@HI@Z
?GetInstallDir@Misc@Utils@@YAHPA_WK@Z
?GetInstallRegPath@Misc@Utils@@YAHPAPAUHKEY__@@PA_WK@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetInstallVer@Misc@Utils@@YAHPA_WK@Z
?GetKeyRedirectInfo@CWin64Helper@Win64Helper@Base@@QAEHPAUHKEY__@@PB_WAAI@Z
?GetLastErrorMessage@StringUtils@Base@@YAHKPA_WH@Z
?GetList@CShortcut@FileMisc@Base@@UAEHPAPAU_ITEMIDLIST@@@Z
?GetLocalPath@FileMisc@Base@@YAHPA_WPAK@Z
?GetMainPath@FileMisc@Base@@YAHPA_WKH@Z
?GetMaxCharSize@StringUtils@Base@@YAHXZ
?GetModuleDirectory@Misc@Utils@@YAPA_WPA_WH@Z
?GetModuleFileNameW@FileMisc@Base@@YAHPA_WKPAUHINSTANCE__@@@Z
?GetNativeSystemDir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GetNumberVerFromStringVer@FileMisc@Base@@YAHPAI000PB_W@Z
?GetOSVersion@SysMisc@Base@@YAHAAI0@Z
?GetOSVersion@SysMisc@Base@@YAJXZ
?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z
?GetPEVersion@FileMisc@Base@@YAHPAI000PB_W@Z
?GetPath@CShortcut@FileMisc@Base@@UAEHPA_WHPAU_WIN32_FIND_DATAW@@K@Z
?GetProcessorsCount@SysMisc@Base@@YAKXZ
?GetRealPathInX64@Win64Helper@Base@@YGHABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?GetScreenSize@SysMisc@Base@@YAJH@Z
?GetShortCutInfo@FileMisc@Base@@YAHPB_WPA_W1111PAHPAG2@Z
?GetShow@CShortcut@FileMisc@Base@@UAEHPAH@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSpecialPath@FileMisc@Base@@YAHPA_WH@Z
?GetStorePath@Misc@Utils@@YAHPA_W@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetSysTempPath@FileMisc@Base@@YAHPA_WK@Z
?GetSystemDirectoryW@FileMisc@Base@@YAHPA_WK@Z
?GetUserNameW@SysMisc@Base@@YAHPA_WK@Z
?GetUserStorePath@Misc@Utils@@YAHPA_W@Z
?GetWindowsVersion@SysMisc@Base@@YAHAAKPA_WH@Z
?GetWow64Dir@CWin64Helper@Win64Helper@Base@@QAEIPA_WI@Z
?GuidToStringA@StringUtils@Base@@YAHU_GUID@@PADH@Z
?GuidToStringW@StringUtils@Base@@YAHU_GUID@@PA_WH@Z
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Init@CShortcut@FileMisc@Base@@IAEHXZ
?Init@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Init@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?Is64BitModule2@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?Is64BitModule@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?Is64BitWindows@CWin64Helper@Win64Helper@Base@@QAEHXZ
?IsChange@CShortcut@FileMisc@Base@@UAEHXZ
?IsDirectoryExist@FileMisc@Base@@YAHPB_W@Z
?IsFileChangable@FileMisc@Base@@YAHPB_W@Z
?IsFileExist@FileMisc@Base@@YAHPB_W@Z
?IsFileUsing@FileMisc@Base@@YAHPB_W@Z
?IsFsRedirectEnabled@CWin64Helper@Win64Helper@Base@@QAEHXZ
?IsFullScreenWnd@SysMisc@Base@@YAHPAUHWND__@@@Z
?IsInternetOK@SysMisc@Base@@YAHXZ
?IsKeyRedirect@CWin64Helper@Win64Helper@Base@@QAEHPAUHKEY__@@PB_W@Z
?IsNetWorkOK@SysMisc@Base@@YAHXZ
?IsOSNeedElevate@SysMisc@Base@@YAHXZ
?IsPEFile@FileMisc@Base@@YAHPB_W@Z
?IsPathDir@FileMisc@Base@@YAHPB_WAAH@Z
?IsPathFile@FileMisc@Base@@YAHPB_WAAH@Z
?IsPathString@FileMisc@Base@@YAHPB_W@Z
?IsValidChar@StringUtils@Base@@YAH_W@Z
?IsValidEmail@StringUtils@Base@@YAHPB_W@Z
?IsVistaSystem@SysMisc@Base@@YAHXZ
?IsWin64Native@CWin64Helper@Win64Helper@Base@@QAEHXZ
?IsWoW64Process@CWin64Helper@Win64Helper@Base@@QAEHXZ
?IsX64System@Win64Helper@Base@@YGHAAH@Z
?Load@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?LoadIconWithSize@FileMisc@Base@@YAPAUHICON__@@IHHPAUHINSTANCE__@@@Z
?Md5ToString@MD5@Base@@YGXPBEPA_W@Z
?Md5ToStringA@MD5@Base@@YGXPBEPAD@Z
?Md5ToStringW@MD5@Base@@YGXPBEPA_W@Z
?ModifyShortCut@FileMisc@Base@@YAHPB_W000000HGH@Z
?MoveCompressedDataToMemory@ZipUnZip@Base@@YAHPB_WAAV?$vector@UZipCompressedData@@V?$allocator@UZipCompressedData@@@std@@@std@@@Z
?MoveDirectory@FileMisc@Base@@YAHPB_W0@Z
?MoveFileExNoRedirect@CWin64Helper@Win64Helper@Base@@QAEHPB_W0K@Z
?MoveFileNoRedirect@CWin64Helper@Win64Helper@Base@@QAEHPB_W0@Z
?MultiByteToUnicode@StringUtils@Base@@YGPA_WPA_WPBDH@Z
?MultiByteToUnicode@StringUtils@Base@@YGPA_WPA_WPBDHI@Z
?Open@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?OpenRecycle@FileMisc@Base@@YAHXZ
?OpenURL@SysMisc@Base@@YAHPB_W@Z
?PathFileExistsInX64@Win64Helper@Base@@YGHPB_W@Z
?PathIsRedirected@CWin64Helper@Win64Helper@Base@@QAEHPB_W@Z
?PowerOff@SysMisc@Base@@YAXXZ
?RC4Decrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?RC4Encrypt@Crypt@Base@@YGHPBEHPAEH0H@Z
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?ReadInternal@CConfig@Config@Utils@@AAEHPB_WPAXKPAK@Z
?RebootComputer@SysMisc@Base@@YAHXZ
?RegCreateKeyExNoRedirect@CWin64Helper@Win64Helper@Base@@QAEJPAUHKEY__@@PB_WKPA_WKKPAU_SECURITY_ATTRIBUTES@@PAPAU4@PAK@Z
?RegDeleteKeyNoRedirect@CWin64Helper@Win64Helper@Base@@QAEJPAUHKEY__@@PB_W@Z
?RegOpenKeyExNoRedirect@CWin64Helper@Win64Helper@Base@@QAEJPAUHKEY__@@PB_WKKPAPAU4@@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?RemoveCompatibleMode@SysMisc@Base@@YAHPB_W@Z
?ReplaceString@StringUtils@Base@@YAIAAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV34@1@Z
?Resolve@CShortcut@FileMisc@Base@@UAEHPAUHWND__@@K@Z
?RevertFileRedirect@CWin64Helper@Win64Helper@Base@@QAEHXZ
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?Save@CShortcut@FileMisc@Base@@UAEHPB_WH@Z
?SaveCompleted@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SaveIconToFile@FileMisc@Base@@YAHPAUHICON__@@PB_W@Z
?SetArgs@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SetAutoSave@CShortcut@FileMisc@Base@@UAEHH@Z
?SetClientSize@SysMisc@Base@@YAXPAUHWND__@@HH@Z
?SetCommonCfgContext@CConfig@Config@Utils@@AAEJPB_WPAXKPAK@Z
?SetConfigFilePath@CConfig@Config@Utils@@AAEJPA_WH@Z
?SetConfigRootDir@CConfig@Config@Utils@@CAXPB_W@Z
?SetDesc@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SetDir@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SetFileSecurityW@FileMisc@Base@@YAHPB_WK@Z
?SetHistoryPath@FileMisc@Base@@YAHPB_W@Z
?SetHotKey@CShortcut@FileMisc@Base@@UAEHG@Z
?SetIco@CShortcut@FileMisc@Base@@UAEHPB_WH@Z
?SetIconDefault@FileDefaultIconPicker@FileMisc@Base@@SAXPAUHICON__@@00@Z
?SetInternetCachePath@FileMisc@Base@@YAHPB_W@Z
?SetList@CShortcut@FileMisc@Base@@UAEHPBU_ITEMIDLIST@@@Z
?SetPath@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SetRelPath@CShortcut@FileMisc@Base@@UAEHPB_W@Z
?SetShow@CShortcut@FileMisc@Base@@UAEHH@Z
?SetSpecailFolderPath@FileMisc@Base@@YAHHPB_W@Z
?SplitStringW@StringUtils@Base@@YAHPB_W_WPA_WKPAKI@Z
?Sprintf@StringUtils@Base@@YAHPADHPBDZZ
?Sprintf@StringUtils@Base@@YAHPA_WHPB_WZZ
?Strcat@StringUtils@Base@@YAHPADHPBD@Z
?Strcat@StringUtils@Base@@YAHPA_WHPB_W@Z
?Strcpy@StringUtils@Base@@YAHPADHPBD@Z
?Strcpy@StringUtils@Base@@YAHPA_WHPB_W@Z
?StringToBytesW@StringUtils@Base@@YAXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PAEI@Z
?StringToDate@StringUtils@Base@@YAHPB_WAA_J@Z
?StringToGuid@StringUtils@Base@@YAHPB_WPAU_GUID@@@Z
?StringToMd5@MD5@Base@@YGXPB_WPAE@Z
?StripLeading@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WPA_WH@Z
?StripTrailing@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@_WPA_WH@Z
?Strlen@StringUtils@Base@@YAHPBD@Z
?Strlen@StringUtils@Base@@YAHPB_W@Z
?Strncpy@StringUtils@Base@@YAHPADHPBDH@Z
?Strncpy@StringUtils@Base@@YAHPA_WHPB_WH@Z
?TeaDecrypt4bytesAFrame@Crypt@Base@@YAXPAF0@Z
?TeaDecryptCBC2@Crypt@Base@@YAHPBEH0PAEPAH@Z
?TeaDecryptCBC2Len@Crypt@Base@@YAHPBEH0@Z
?TeaDecryptCBC@Crypt@Base@@YAHPBEH0PAEPAH@Z
?TeaDecryptECB@Crypt@Base@@YAXPBE0PAE@Z
?TeaEncrypt4bytesAFrame@Crypt@Base@@YAXPAF0@Z
?TeaEncryptCBC2@Crypt@Base@@YAXPBEH0PAEPAH@Z
?TeaEncryptCBC2Len@Crypt@Base@@YAHH@Z
?TeaEncryptCBC@Crypt@Base@@YAXPBEH0PAEPAH@Z
?TeaEncryptECB@Crypt@Base@@YAXPBE0PAE@Z
?ToLowerA@StringUtils@Base@@YAPADABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADH@Z
?ToLowerW@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?ToUpperA@StringUtils@Base@@YAPADABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADH@Z
?ToUpperW@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH@Z
?TrimString@StringUtils@Base@@YAIABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PA_WH_W@Z
?UTF8AToW@StringUtils@Base@@YAPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_WH@Z
?UTF8ToA@StringUtils@Base@@YAPADABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PADH@Z
?UTF8WToA@StringUtils@Base@@YAHPB_WAAV?$vector@DV?$allocator@D@std@@@std@@@Z
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Uncompress@ZipUnZip@Base@@YAXPBXHPAXHPAK@Z
?UnicodeToMultiByte@StringUtils@Base@@YGPADPADPB_WH@Z
?UnicodeToMultiByte@StringUtils@Base@@YGPADPADPB_WHI@Z
?Uninit@CShortcut@FileMisc@Base@@IAEHXZ
?Uninit@CWin64Helper@Win64Helper@Base@@QAEHXZ
?Uninit@CWow64FsRedrt@Win64Helper@Base@@QAEHXZ
?UnzipFileToDisk@ZipUnZip@Base@@YAHPB_W0@Z
?ViewFileFolderProperties@FileMisc@Base@@YAHPB_W@Z
?Vsprintf@StringUtils@Base@@YAHPADHPBD0@Z
?Vsprintf@StringUtils@Base@@YAHPA_WHPB_WPAD@Z
?WToA@StringUtils@Base@@YAPADABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@PADH@Z
?WToA@StringUtils@Base@@YAPADPB_WIPADH@Z
?WToA@StringUtils@Base@@YAPADPB_WPADH@Z
?WToA@StringUtils@Base@@YAPBDPB_WHPADHK@Z
?WToA@StringUtils@Base@@YAPBDPB_WPADHK@Z
?WToBSTR@StringUtils@Base@@YAPA_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Wildcmp@StringUtils@Base@@YAHPB_W0H@Z
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?WriteInternal@CConfig@Config@Utils@@AAEHPB_WPAXK@Z
?ZipCompress@ZipUnZip@Base@@YAHPAXPB_W_N@Z
?ZipExtract@ZipUnZip@Base@@YAHPAXPB_WK@Z
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?digest@md5_engine@Base@@QAEXPBXIPAX@Z
?final@md5_engine@Base@@QAEXPAX@Z
?init@md5_engine@Base@@QAEXXZ
?m_pFileDefaultIconPickerStub@FileDefaultIconPicker@FileMisc@Base@@0PAVFileDefaultIconPickerStub@123@A
?process_block@md5_engine@Base@@AAEXPAY0EA@$$CBE@Z
?ref_count@?$EnableIntrusive@VCConfig@Config@Utils@@@@QBEJXZ
?s_tszConfigRootDir@CConfig@Config@Utils@@0PA_WA
?update@md5_engine@Base@@QAEXPBXI@Z
?zAddFileToZip@ZipUnZip@Base@@YAHPAXPB_W1_N@Z
?zUnzipFileToDisk@ZipUnZip@Base@@YAHPAXPB_W1@Z

Sections

.text
Size: 308KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/BugReport.exe
.exe windows:4 windows x86 arch:x86

8c079918f03177c71ce7077540009e0c

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fd:32:d3:53:36:4f:26:aa:76:e2:28:f4:fc:ac:25:10:e8:c5:1f:40
Signer

Actual PE Digest

fd:32:d3:53:36:4f:26:aa:76:e2:28:f4:fc:ac:25:10:e8:c5:1f:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\BugReport.pdb

Imports

basic

?Release@CConfig@Config@Utils@@UAGKXZ
?AddRef@CConfig@Config@Utils@@UAGKXZ
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
??0CConfig@Config@Utils@@QAE@XZ
??1CConfig@Config@Utils@@MAE@XZ
?GetFileMD5@MD5@Base@@YGHPB_WPAE@Z
?Md5ToStringA@MD5@Base@@YGXPBEPAD@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Compress@ZipUnZip@Base@@YAHPBXHPAXHAAK@Z
?CreateZip@ZipUnZip@Base@@YAPAXPB_W_N@Z
?ZipCompress@ZipUnZip@Base@@YAHPAXPB_W_N@Z
?CloseZip@ZipUnZip@Base@@YAXPAX_N@Z
?GetBufferMd5@MD5@Base@@YGHPBEHPAE@Z
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?UnicodeToMultiByte@StringUtils@Base@@YGPADPADPB_WHI@Z
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ

dbghelp

SymGetModuleInfo
SymSetOptions
SymInitialize
SymGetSymFromAddr
SymLoadModule
SymGetLineFromAddr64
SymCleanup

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_ReplaceIcon
ImageList_Create
InitCommonControlsEx

kernel32

QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
SetStdHandle
VirtualQueryEx
ReadProcessMemory
GetThreadSelectorEntry
FindFirstFileW
FindNextFileW
FindClose
ExpandEnvironmentStringsW
GetTempPathW
CreateDirectoryW
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
DeleteFileW
CreateFileW
ReadFile
SetFilePointer
CloseHandle
WriteProcessMemory
FindResourceExW
GetVersionExW
SizeofResource
LockResource
FindResourceW
WideCharToMultiByte
LoadResource
GetProcessId
OpenThread
LocalAlloc
GetModuleFileNameW
LocalFree
GetProcAddress
GetModuleHandleW
CreateFileA
MultiByteToWideChar
SetEndOfFile
WaitForSingleObject
HeapAlloc
CreateEventW
GetProcessHeap
VirtualProtect
HeapFree
GetFileSize
OpenProcess
SetDllDirectoryW
SetCurrentDirectoryW
WriteConsoleA
CreateProcessW
InterlockedDecrement
InterlockedIncrement
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
InterlockedCompareExchange
InterlockedExchange
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetStartupInfoA
GetFileType
SetHandleCount
HeapCreate
VirtualAlloc
VirtualFree
LoadLibraryA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetModuleFileNameA
GetStdHandle
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
GetStartupInfoW
ExitProcess
GetModuleHandleA
CreateThread
GetLastError
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetConsoleOutputCP
WriteConsoleW
WriteFile
SetEvent
TerminateProcess
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
RaiseException
HeapSize
HeapReAlloc
HeapDestroy
FlushFileBuffers
GetStringTypeA
GetStringTypeW

user32

SetWindowLongW
CallWindowProcW
ClientToScreen
EndPaint
FillRect
BeginPaint
DrawIconEx
SetWindowTextW
GetWindow
SetWindowPos
LoadImageW
SendMessageW
LoadIconW
SetClipboardData
GetKeyState
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
SetDlgItemTextW
SendDlgItemMessageW
ShowWindow
GetWindowRect
GetDlgItem
DialogBoxParamW
GetParent
GetClassNameW
GetWindowThreadProcessId
EnumWindows
GetGuiResources
EnumChildWindows
CloseClipboard
ScreenToClient
EndDialog
UnregisterClassA

gdi32

SetBkColor
DeleteObject
CreateSolidBrush

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetDesktopFolder
ShellExecuteW
SHGetFileInfoW
ord155
SHBindToParent

ole32

OleInitialize
OleUninitialize
DoDragDrop

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysStringLen
SysAllocString
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 168KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/Protocol.dll
.dll windows:4 windows x86 arch:x86

4b7ed67d7c93435256b59aac300f544e

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6d:fa:d5:be:c3:44:b1:a7:06:c9:6c:cf:a5:06:ca:1d:86:d0:d8:b7
Signer

Actual PE Digest

6d:fa:d5:be:c3:44:b1:a7:06:c9:6c:cf:a5:06:ca:1d:86:d0:d8:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\Protocol.pdb

Imports

basic

?IsX64System@Win64Helper@Base@@YGHAAH@Z
?GetGuidA@GUID@Base@@YGHPADH@Z
?TeaDecryptCBC2@Crypt@Base@@YAHPBEH0PAEPAH@Z
?TeaEncryptCBC2Len@Crypt@Base@@YAHH@Z
?TeaDecryptCBC2Len@Crypt@Base@@YAHPBEH0@Z
?TeaEncryptCBC2@Crypt@Base@@YAXPBEH0PAEPAH@Z
?GetOSVersionEx@SysMisc@Base@@YAJAAK0@Z

kernel32

CreateEventA
WaitForSingleObject
SetEvent
CloseHandle
TlsGetValue
GetLastError
InterlockedExchange
InterlockedExchangeAdd
TlsAlloc
InterlockedIncrement
InterlockedDecrement
TlsFree
PostQueuedCompletionStatus
LeaveCriticalSection
EnterCriticalSection
QueueUserAPC
DeleteCriticalSection
TlsSetValue
SetLastError
SetWaitableTimer
SleepEx
TerminateThread
Sleep
CreateIoCompletionPort
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
CreateEventW
WaitForMultipleObjects
CreateWaitableTimerW
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
GetModuleFileNameA
VirtualQuery
CompareStringW
CompareStringA
SetEndOfFile
CreateFileW
CreateFileA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetLocaleInfoW
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetFullPathNameA
SetFilePointer
FlushFileBuffers
ReadFile
GetStartupInfoA
GetFileType
SetHandleCount
WideCharToMultiByte
InitializeCriticalSection
MultiByteToWideChar
GetSystemTimeAsFileTime
ReleaseSemaphore
GetCurrentThreadId
GetCurrentProcessId
OpenEventA
ResetEvent
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
LocalFree
FormatMessageA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
ExitThread
CreateThread
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
HeapSize
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA

ws2_32

WSARecv
closesocket
getsockname
connect
bind
WSAGetLastError
setsockopt
ioctlsocket
WSASend
listen
getaddrinfo
inet_addr
WSASocketW
__WSAFDIsSet
WSASetLastError
shutdown
accept
getsockopt
WSAStartup
WSACleanup
freeaddrinfo
select

winmm

timeGetTime

Exports

Exports

CreateAuroraService
InitProductParam
ResetAccountParam
SetAccountParam
SetServiceUrl

Sections

.text
Size: 396KB - Virtual size: 392KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Report.dll
.dll windows:4 windows x86 arch:x86

f65d6eff01b3756a977b22c277c47d4a

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

38:69:37:aa:98:1a:09:70:6a:1b:34:de:aa:1b:65:06:c6:12:01:d0
Signer

Actual PE Digest

38:69:37:aa:98:1a:09:70:6a:1b:34:de:aa:1b:65:06:c6:12:01:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\Report.pdb

Imports

basic

?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
?Release@CConfig@Config@Utils@@UAGKXZ
?AddRef@CConfig@Config@Utils@@UAGKXZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
??0CConfig@Config@Utils@@QAE@XZ
??1CConfig@Config@Utils@@MAE@XZ
?SafeLoadLibrary@Library@Base@@YAPAUHINSTANCE__@@PB_WH@Z
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSoftID@Misc@Utils@@YAIXZ
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?GetUserStorePath@Misc@Utils@@YAHPA_W@Z

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CloseHandle
WaitForSingleObject
GetTickCount
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetProcAddress
FreeLibrary
GetModuleFileNameW
CreateFileW
GetFileSize
ReadFile
ExpandEnvironmentStringsW
ResetEvent
SetFilePointer
SetEvent
WriteFile
SetEndOfFile
UnhandledExceptionFilter
Sleep
InterlockedCompareExchange
CreateFileA
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
ExitThread
GetCurrentThreadId
GetLastError
CreateThread
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

shlwapi

PathRemoveFileSpecW

Exports

Exports

?GetReportMgr@Report@@YAPAVIReportMgr@1@XZ
?ReleaseReportMgr@Report@@YAXPAVIReportMgr@1@@Z
GetReportMgr
ReleaseReportMgr

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Update.dll
.dll windows:4 windows x86 arch:x86

80873e216fac0fe7a21da3530b33bb73

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d8:31:e7:a6:98:52:73:3d:7e:2c:75:8f:0e:a0:65:1b:ab:98:46:4c
Signer

Actual PE Digest

d8:31:e7:a6:98:52:73:3d:7e:2c:75:8f:0e:a0:65:1b:ab:98:46:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\CloudControl.pdb

Imports

basic

?Read@CConfig@Config@Utils@@UAEHPB_WPAXKPAK@Z
?UnInit@CConfig@Config@Utils@@UAGJPAX@Z
?Init@CConfig@Config@Utils@@UAGJPAX@Z
??0CConfig@Config@Utils@@QAE@XZ
?Release@CConfig@Config@Utils@@UAGKXZ
?Write@CConfig@Config@Utils@@UAEHPB_WPAXK@Z
?AddRef@CConfig@Config@Utils@@UAGKXZ
?dec_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?add_ref@?$EnableIntrusive@VCConfig@Config@Utils@@@@QAEJXZ
?GetInstallVer@Misc@Utils@@YAHPADK@Z
?GetSupplyID@Misc@Utils@@YAHAAH@Z
?Init@CConfig@Config@Utils@@UAEHHPB_W@Z
??1CConfig@Config@Utils@@MAE@XZ
?Base64EncodeStr@Crypt@Base@@YAHPB_WPA_WHW4CodePage@@@Z

protocol

CreateAuroraService
InitProductParam
SetServiceUrl

kernel32

ResumeThread
GetFileAttributesW
MultiByteToWideChar
ExpandEnvironmentStringsW
CloseHandle
CreateEventW
PostQueuedCompletionStatus
TlsFree
TlsAlloc
SetEvent
GetLastError
SystemTimeToFileTime
InterlockedExchange
InterlockedDecrement
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
HeapFree
WaitForMultipleObjects
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TerminateThread
QueueUserAPC
CreateEventA
CreateIoCompletionPort
SetWaitableTimer
GetQueuedCompletionStatus
InterlockedCompareExchange
HeapAlloc
SetLastError
TlsGetValue
GetProcessHeap
TlsSetValue
InitializeCriticalSection
Sleep
CreateWaitableTimerA
ExitThread
InterlockedIncrement
ResetEvent
OpenEventA
ReleaseSemaphore
FormatMessageA
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcAddress
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LoadLibraryA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
LocalFree
CreateThread

advapi32

RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW

ws2_32

WSACleanup
WSAStartup

Exports

Exports

GetCloudControlService

Sections

.text
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Update.exe
.exe windows:4 windows x86 arch:x86

dc290de1c09a46fa61f2a29547f22312

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:e5:1c:ec:c1:d8:05:90:02:63:2b:bf:40:64:4a:73:c5:f9:6a:dc
Signer

Actual PE Digest

7c:e5:1c:ec:c1:d8:05:90:02:63:2b:bf:40:64:4a:73:c5:f9:6a:dc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\code\svn\download\GameDownloaderOld_Proj\NewDownload\bin\Update.pdb

Imports

update

GetCloudControlService

kernel32

HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RtlUnwind
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/config.ini
$_2_/dl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

01028d90a68cce5b4b4f2b26eab7d522

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:df:47:f7:cf:58:35:db:c8:f5:ff:ca:db:ca:0b:58:aa:0f:7a:29
Signer

Actual PE Digest

f5:df:47:f7:cf:58:35:db:c8:f5:ff:ca:db:ca:0b:58:aa:0f:7a:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vcoutput\NewCom\ReleaseStatic\xdownload\dl.pdb

Imports

ws2_32

recv
send
inet_addr
gethostbyname
bind
sendto
socket
recvfrom
setsockopt
__WSAFDIsSet
WSAGetLastError
WSAStartup
WSACleanup
gethostname
ioctlsocket
closesocket
inet_ntoa
ntohl
ntohs
htonl
connect
accept
WSASetLastError
select
getpeername
getsockname
listen
htons

kernel32

SetEnvironmentVariableA
GetDriveTypeA
SetEndOfFile
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetTickCount
CloseHandle
FindClose
FindFirstFileW
GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
DeleteFileW
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
InterlockedExchangeAdd
lstrlenA
ReleaseSemaphore
GetCurrentThreadId
OpenEventA
WaitForMultipleObjects
MoveFileW
CreateFileW
CopyFileA
GetDiskFreeSpaceExA
GetLogicalDrives
InterlockedExchange
OpenMutexA
GetLastError
CreateMutexA
ReleaseMutex
CopyFileW
DeleteFileA
ReadFile
GetFileSize
CreateFileA
RemoveDirectoryW
Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcessTimes
OpenProcess
WideCharToMultiByte
lstrlenW
RaiseException
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
GetModuleFileNameA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
GetLocaleInfoW
WriteConsoleW
SetFilePointerEx
GetVolumeInformationA
CreateSemaphoreA
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetVersionExA
GetModuleFileNameW
Module32Next
Module32First
GetCurrentProcessId
GetCurrentThread
GlobalFree
GlobalAlloc
GetCurrentDirectoryA
GetTempPathA
FlushFileBuffers
WriteFile
SetFilePointer
GetVolumeInformationW
GetProcAddress
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
LockResource
FindResourceExA
CompareStringA
CompareStringW
GetFileSizeEx
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileTime
GetFileAttributesA
FindNextFileA
FindFirstFileA
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
SetFileAttributesA
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
FileTimeToSystemTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize

user32

CharNextA
UnregisterClassA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
IsTextUnicode
RegCreateKeyA
RegOpenKeyA
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoFreeLibrary
CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
SafeArrayPutElement
GetErrorInfo
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayCreate

psapi

GetProcessMemoryInfo

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetOpenUrlA
InternetCloseHandle
InternetReadFile
InternetOpenA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/image/buttonPath.png
.png
$_2_/image/close.png
.png
$_2_/image/config.png
.png
$_2_/image/download.png
.png
$_2_/image/error.png
.png
$_2_/image/loading.png
.png
$_2_/image/logo.png
.png
$_2_/image/mainbnd.png
.png
$_2_/image/min.png
.png
$_2_/image/path.png
.png
$_2_/image/pause.png
.png
$_2_/image/progressbar_bk.png
.png
$_2_/image/softlogo.png
.png
$_2_/npBDDLPlug.dll
.dll windows:4 windows x86 arch:x86

94f77ebb746c9ef1a3ebdc0aee83fd70

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

06:80:4b:be:dd:e4:7a:aa:2f:ba:1a:3c:87:4d:e8:fd:27:e3:3f:a2
Signer

Actual PE Digest

06:80:4b:be:dd:e4:7a:aa:2f:ba:1a:3c:87:4d:e8:fd:27:e3:3f:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\XFPlugin\Downloader_Nsis\Release\install\npBDDLPlug.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
InterlockedExchange
GetLastError
FindResourceA
CloseHandle
FreeLibrary
LoadResource
Sleep
GetProcAddress
SizeofResource
FindResourceExA
GetCurrentThreadId
OutputDebugStringA
LoadLibraryA
GetModuleFileNameA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSection
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetThreadLocale
LockResource
HeapFree
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
GetLocaleInfoA
GetACP
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualAlloc
GetModuleHandleA
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
GetCPInfo

user32

SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
IsIconic
ShowWindow
RegisterWindowMessageA
AttachThreadInput
FindWindowExA
SetWindowLongA
DefWindowProcA
UnregisterClassA

shell32

ShellExecuteW

shlwapi

PathFileExistsA

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/uninstaller.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/02/2012, 00:00

Not After

26/02/2015, 23:59

Subject

CN=Beijing baidu Netcom science and technology co.ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing baidu Netcom science and technology co.ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ba:e0:ad:11:6f:02:cc:5f:65:38:18:f3:a9:39:9e:7a:bc:91:7f:cc
Signer

Actual PE Digest

ba:e0:ad:11:6f:02:cc:5f:65:38:18:f3:a9:39:9e:7a:bc:91:7f:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

757a207c0ddc255c868ab28404d88d9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\code\svn\download\XFPlugin\nsis_server\NSIS\Plugins\InstallHelper.pdb

Imports

kernel32

lstrcpynW
GlobalAlloc
Process32FirstW
lstrcmpiW
Process32NextW
CloseHandle
CreateToolhelp32Snapshot
OpenProcess
MultiByteToWideChar
lstrcpyW
GlobalFree
GetCurrentProcess
TerminateProcess
GetStringTypeW
GetStringTypeA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
CreateFileA
InitializeCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
LoadLibraryA
GetCPInfo
GetOEMCP
IsValidCodePage
SetFilePointer
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize

user32

MessageBoxW

advapi32

LookupPrivilegeValueW
OpenProcessToken
AdjustTokenPrivileges

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocString

Exports

Exports

FireWallAddApp
IsProcessRunning
KillRunningProcess

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

9c:8f:ef:fe:57:66:e1:b8:b8:8d:70:47:03:9f:91:88:e5:c9:cd:ffSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 4KB - Virtual size: 3KB

757a207c0ddc255c868ab28404d88d9f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 8KB - Virtual size: 5KB

ab018333833945702479f4393a1806ea

Code Sign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bfCertificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3aCertificate

Extended Key Usages

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

e9:c7:3c:49:08:84:5f:ac:77:b4:79:d0:8f:1e:67:e0:79:ce:cf:50Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

9c:8f:ef:fe:57:66:e1:b8:b8:8d:70:47:03:9f:91:88:e5:c9:cd:ff
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 8KB - Virtual size: 5KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

e9:c7:3c:49:08:84:5f:ac:77:b4:79:d0:8f:1e:67:e0:79:ce:cf:50
Signer

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 12KB - Virtual size: 10KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

41:c4:a6:99:ad:7f:c3:f5:9c:63:ee:2b:ce:d6:c3:37:ba:29:28:4e
Signer

.text
Size: 232KB - Virtual size: 229KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 12KB - Virtual size: 11KB

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

56:65:97:19:56:9b:e0:7b:77:5a:1b:22:75:e2:d8:3a
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

c0:d1:25:df:99:10:87:07:ce:d1:4e:23:03:03:a2:bc:73:17:d7:7f
Signer