b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd

Sharing

Copy URL

Twitter E-mail

General

Target

b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
Size

4.8MB
MD5

a35512a9f32638b946315b98fbb2bae8
SHA1

5e63dcf72a6a6ef62b6cc6a154019b4ce8931724
SHA256

b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
SHA512

a3ebf1626de001c8bedc514ee9278484008ed43329be7087707b8ad525f2019ab4143cc5eaf35ab636cc5a573f26059206a48cd5565220b7a098f803c64b7cd7
SSDEEP

98304:HbGOC/hCLjrg5bDuobo/ozBmz9+77Ez6d/dWH25TR+YEinJ5rJUgZX8Q97:HCO2hCLj4fo/oVk+szaVv+YEqJ5rJD8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
unpack001/$PLUGINSDIR/InstallHelper.dll
unpack001/$PLUGINSDIR/ProcDll.dll
unpack001/$PLUGINSDIR/Statistics.exe
unpack001/ADManage.dll
unpack001/Statistics.exe

Files

b622013c43ce8d926d5adad74ba9364c37d31b8343510e36dc5d43962b6e92dd
.exe windows:5 windows x86 arch:x86

5efd74892a893f15c566623cc8a8cc76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
LocalFree
OutputDebugStringW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
GetClassInfoW
ScreenToClient
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
CheckDlgButton
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
CreateWindowExW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

bb20e349058311b07ff29c2fc59e2351

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\source_code\qqlive_svn_with_dev\Setup\PluginSource\InstallHelper\Release\InstallHelper.pdb

Imports

kernel32

InitializeCriticalSection
UnmapViewOfFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
MapViewOfFileEx
OpenFileMappingW
GetCPInfo
IsDBCSLeadByte
CreateDirectoryW
CreateFileW
GetCurrentThread
ExpandEnvironmentStringsW
LocalFree
GetFileSize
OpenMutexW
CreateMutexW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
WriteFile
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
FatalAppExitA
ExitProcess
Sleep
IsValidCodePage
GetOEMCP
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
DisconnectNamedPipe
GetCurrentProcess
GetModuleHandleExW
MapViewOfFile
GetLocalTime
CreateFileMappingW
ConnectNamedPipe
CreateNamedPipeW
GetCurrentThreadId
CreateTimerQueueTimer
GetVersionExW
DeleteTimerQueueTimer
lstrcmpiW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalAlloc
lstrcpynW
lstrcpyW
GlobalFree
GetCurrentProcessId
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
FindResourceExW
CreateToolhelp32Snapshot
LoadResource
LockResource
SizeofResource
FindResourceW
TerminateProcess
GetLastError
GetTickCount
InterlockedExchange
GetVersionExA
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

IsWindow
GetWindowLongW
MoveWindow
GetClientRect
DestroyWindow
SetWindowPos
PostMessageW
GetCapture
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow
GetWindowRect
wsprintfW
MapWindowPoints
SendMessageW
GetWindow
GetParent
SetFocus
SetTimer
PostThreadMessageW
GetAncestor
IsZoomed
SetWindowsHookExW
GetFocus
CallNextHookEx
EnumThreadWindows
UnhookWindowsHookEx
GetSystemMetrics
SetWindowRgn
LoadCursorW
UpdateLayeredWindow
RegisterClassExW
SetCursor
IsWindowVisible
ClientToScreen
EndPaint
UnregisterClassA
PtInRect
BeginPaint
GetClassNameW
MessageBoxW
GetWindowTextW
SetScrollPos
GetDlgItemTextW
ScreenToClient
GetDlgItem
FillRect
GetWindowDC
ReleaseDC
IsIconic
GetDC
SetWindowTextW
UpdateWindow
KillTimer
EnableWindow
DrawTextW
TrackMouseEvent
InvalidateRect
DefWindowProcW
CallWindowProcW
SetWindowLongW
ShowWindow
CreateWindowExW
GetCursorPos
ReleaseCapture

gdi32

CreateRoundRectRgn
CombineRgn
SetStretchBltMode
GetStretchBltMode
TextOutW
Rectangle
SetDCPenColor
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
CreateFontW
CreatePatternBrush
SetTextColor
SetBkMode
DeleteDC
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetTextMetricsW

advapi32

GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
GetTokenInformation
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsTextUnicode
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

oleaut32

SysFreeString

shlwapi

PathFileExistsW

msimg32

AlphaBlend

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

gdiplus

GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipDeleteGraphics
GdiplusStartup
GdiplusShutdown
GdipAlloc

psapi

GetModuleBaseNameW

Exports

Exports

CheckClickFastInstall
CreateCustomPage
CreateFinishPage
CreateInstallPage
CreateWelcomePage
DestroyWnd
GetCheck
GetFileVersion
GetOSVersionStringInfo
GetParentProcessName
InitSkin
Log
MoveWindowRect
MyReleaseCapture
NeedRunAfterInstall
NeedRunOnStartup
SetCheck
SetFocusWnd
UIUpdateInstallProgress
UIUpdateInstallStatus
UnInitSkin

Sections

.text
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:5 windows x86 arch:x86

cd90e33ffbc335413a25300c682c83df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:0b:e6:87:5a:58:3b:a5:f7:26:16:b3:c1:52:3e:8b:63:dd:07:aa
Signer

Actual PE Digest

35:0b:e6:87:5a:58:3b:a5:f7:26:16:b3:c1:52:3e:8b:63:dd:07:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiW
GetModuleHandleW
GlobalLock
GlobalUnlock
GetCurrentDirectoryW
SetCurrentDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrcpynW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc

user32

OpenClipboard
DestroyIcon
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
GetClipboardData
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
wsprintfW
CharNextW
MessageBoxW
CloseClipboard
GetDlgCtrlID
MapWindowPoints
SetWindowPos
PtInRect
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyWindow

gdi32

SelectObject
CreateRectRgn
GetObjectW
CombineRgn
DeleteObject
CreateCompatibleDC
GetDIBits
SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comdlg32

GetOpenFileNameW
CommDlgExtendedError
GetSaveFileNameW

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ProcDll.dll
.dll windows:4 windows x86 arch:x86

8a03bd546d60122256eadac46e032c54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\QQLive_proj\branches\QQLive9.16.x\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb

Imports

kernel32

LocalFree
DuplicateHandle
QueryDosDeviceW
TerminateThread
VirtualFree
VirtualAlloc
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetLongPathNameW
TerminateProcess
GetTickCount
OutputDebugStringW
GlobalSize
GlobalUnlock
GlobalLock
FindClose
FindNextFileW
FindFirstFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
SetFilePointer
GetFileType
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
WriteFile
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetLocalTime
GetSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetCurrentDirectoryA
GetCurrentDirectoryA
FileTimeToLocalFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CopyFileW
GetCurrentThreadId
Sleep
WideCharToMultiByte
SuspendThread
SetThreadContext
GetThreadContext
FlushInstructionCache
GlobalAlloc
GetVersion
OpenSemaphoreW
CreateNamedPipeW
OpenMutexW
VirtualProtect
IsBadWritePtr
WaitForMultipleObjects
SetErrorMode
GetExitCodeProcess
LocalFileTimeToFileTime
CreatePipe
ResetEvent
IsBadReadPtr
GlobalDeleteAtom
GlobalFindAtomW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
CreateEventW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionNamesW
SetEnvironmentVariableW
SetEvent
OpenEventW
VirtualQuery
GetSystemDefaultLangID
GetProcessTimes
GlobalAddAtomW
GetSystemDirectoryW
MoveFileExW
GetCommandLineW
SleepEx
FreeResource
GetPrivateProfileIntW
lstrcpynA
lstrcpyA
SetEndOfFile
GetDiskFreeSpaceW
UnlockFile
DeleteFileA
LockFileEx
CreateDirectoryW
SetFileAttributesW
DeleteFileW
GetModuleFileNameW
LoadLibraryExW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
GetModuleHandleW
FindResourceExW
lstrcpyW
GlobalFree
DeviceIoControl
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
LoadLibraryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
GetVersionExW
CreateFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcpynW
OpenProcess
lstrcmpiW
CloseHandle
AreFileApisANSI
GetFullPathNameA
GetSystemInfo
GetTempPathA
GetFullPathNameW
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
FormatMessageA
HeapCompact
CreateMutexW
GetTempPathW
OutputDebugStringA
UnlockFileEx
GetDriveTypeA
FormatMessageW
CreateFileMappingA
WaitForSingleObjectEx
GetFileAttributesExW
LockFile
FlushViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
FreeLibrary
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
InterlockedCompareExchange
InterlockedExchange
HeapDestroy
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetSystemTimeAsFileTime
ExitThread
ResumeThread
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

SetPropW
GetPropW
PostQuitMessage
DefWindowProcW
GetWindowLongW
FindWindowW
GetWindowThreadProcessId
RegisterClassExW
UnregisterClassW
MessageBoxW
PeekMessageW
EnumChildWindows
GetDesktopWindow
wsprintfW
EndPaint
GetClientRect
BeginPaint
CallWindowProcW
SendMessageW
IsIconic
FindWindowA
SetWindowLongW
SetWindowPos
EndDialog
LoadImageW
DialogBoxParamW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDlgItem
UpdateWindow
ScreenToClient
MoveWindow
SetTimer
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
RemovePropW
SendMessageTimeoutW
KillTimer
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
ClientToScreen
OffsetRect
FindWindowExW
EnumWindows
GetWindowTextW
CharNextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
IsWindow
PostMessageW
UnregisterClassA
CharUpperW
RedrawWindow

gdi32

CreateSolidBrush
SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
GetStockObject

advapi32

RegQueryValueExA
OpenSCManagerW
OpenServiceW
CloseServiceHandle
ControlService
QueryServiceStatusEx
DeleteService
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
QueryServiceConfigW
RegCloseKey
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupAccountNameW
LookupAccountSidW
GetSidIdentifierAuthority
GetSecurityInfo
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetSecurityInfo

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
CommandLineToArgvW
SHGetFolderPathW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoLoadLibrary
StringFromGUID2
CoTaskMemAlloc
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoInitialize
CoUninitialize
CoCreateInstance
CoFreeLibrary

oleaut32

SysFreeString
SysAllocString
SysStringLen
VarUI4FromStr
SysAllocStringByteLen

shlwapi

PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
PathAddBackslashW
PathRemoveBackslashW
PathIsDirectoryW
PathFileExistsW
wnsprintfW
PathStripPathW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

urlmon

URLDownloadToFileW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules

ws2_32

ntohl
htonl
ntohs
htons

wininet

InternetSetCookieExW
InternetSetCookieW
InternetGetConnectedState
InternetOpenW
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

Exports

Exports

AddToFirewall
AsynDownload
AsynPCMgrDownload
ChangeCacheACL
CheckDownload
CheckInstallPath
CheckInstallType
CheckIsWindows10OrGreater
CheckModuleUsing
CheckPCMgrDownload
ClearP2PCache
ClearSSOConfig
CreateBitmapCtrl
CreatePath
DeleteInstalledToBrowserCookie
Destroy
ExcuteAsExplorer
GetCheckBoxStatus
GetClipboard
GetCommentsInfo
GetFileVersion
GetOSVersion
GetParentProcName
GetProtocalVersion
GetShortCutOfApplicationInDirectory
GetUrlEncode
GetUserGUID
HasUserAborted
InitFirewallInterface
InitPCMgrDetector
IsProcRunning
JoinExCommandLine
KillProcByID
KillProcByName
KillProcByNameAndWait
KillProcByPath
KillProcByPathAndWait
LockIEMainPage
ModifyDirPage
OpenFirewall
OpenFirewallWithoutInit
ParseCmdLine
PinOrUnpinStartMenuIcon
PinOrUnpinTaskBarIcon
PopupTipBesideShortcut
RegMultiSzEdit
RegisterQQLiveProtocal
RemoveFirewall
RemoveFirewallWithoutInit
RemoveFromFirewall
RunPCMgrDetector
SetCompletionRate
SetCtrlFontTitle
SetIEMainPage
SetInstallPath
SetInstallProgress
Show
ShowMsgBox
SvcUninstall
UnRegisterQQLiveProtocal
UninitFirewallInterface
UnitPCMgrDetector
UnloadMatrixDriver
Update
UpdateAppData
WriteInstalledToBrowserCookie
free_instfilespage_bitmap
getWindow
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Statistics.exe
.exe windows:4 windows x86 arch:x86

baa487ed1b1f5a11812667c15604402b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\QQLive_proj\trunk\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

FindResourceW
FindResourceExW
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesExW
lstrlenA
lstrlenW
OutputDebugStringW
SetFileAttributesW
LoadResource
MoveFileW
LocalFree
GetFileAttributesW
CloseHandle
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
CreateDirectoryW
WriteFile
CreateFileW
LockResource
SizeofResource
GetLastError
DeleteFileW
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
CreateFileA
LoadLibraryA
SetConsoleCtrlHandler
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
Sleep
ExitProcess
GetDateFormatA
GetTimeFormatA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage

advapi32

BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW

ws2_32

ntohl
htonl

wininet

HttpEndRequestW
InternetSetCookieW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetSetCookieExW
InternetConnectW
HttpOpenRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetWriteFile

user32

UnregisterClassA

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0
Signer

Actual PE Digest

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/pic/InstallingBG01.png
.png
$PLUGINSDIR/pic/InstallingBG02.png
.png
$PLUGINSDIR/pic/InstallingBG03.png
.png
$PLUGINSDIR/pic/InstallingBG04.png
.png
$PLUGINSDIR/pic/InstallingBG05.png
.png
$PLUGINSDIR/pic/Minimize.png
.png
$PLUGINSDIR/pic/bg1.png
.png
$PLUGINSDIR/pic/bg2.png
.png
$PLUGINSDIR/pic/bg3.png
.png
$PLUGINSDIR/pic/bg4.png
.png
$PLUGINSDIR/pic/browse.png
.png
$PLUGINSDIR/pic/checkbox.png
.png
$PLUGINSDIR/pic/close.png
.png
$PLUGINSDIR/pic/custom.png
.png
$PLUGINSDIR/pic/empty_bg.png
.png
$PLUGINSDIR/pic/express.png
.png
$PLUGINSDIR/pic/full_bg.png
.png
$PLUGINSDIR/pic/logo.png
.png
$PLUGINSDIR/pic/onekey.png
.png
$PLUGINSDIR/pic/shadow_active.png
.png
$PLUGINSDIR/pic/shadow_deactive.png
.png
$PLUGINSDIR/pic/slogan.png
.png
$PLUGINSDIR/pic/strongbtn.png
.png
$PLUGINSDIR/pic/weakbtn.png
.png
ADManage.dll
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BugReporter.exe
.exe windows:4 windows x86 arch:x86

b10d7f0f31bdc655217f22a49f0dd2f4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:8e:5f:b4:d2:75:81:8d:d7:f2:47:f8:e0:6f:62:80:37:0d:0e:64:a0:eb:a7:1b:0e:02:8d:c0:90:94:c9:d5
Signer

Actual PE Digest

37:8e:5f:b4:d2:75:81:8d:d7:f2:47:f8:e0:6f:62:80:37:0d:0e:64:a0:eb:a7:1b:0e:02:8d:c0:90:94:c9:d5

Digest Algorithm

sha256

PE Digest Matches

true

01:dc:b7:08:ac:b5:bd:16:40:b7:4f:d5:c8:e1:dd:62:4d:f3:b5:4c
Signer

Actual PE Digest

01:dc:b7:08:ac:b5:bd:16:40:b7:4f:d5:c8:e1:dd:62:4d:f3:b5:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\BugReporter.pdb

Imports

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_Create
ImageList_Draw

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetOpenA
HttpOpenRequestA

livelog

?GetLiveServerUrl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PB_W@Z
?ParseURL@@YAHPB_WAAW4INTERNET_SCHEME@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@2AAG@Z
?CheckDirectoryExist@@YAHPB_W@Z
?CreateAllDirectory@@YAHPB_W@Z
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAUHINSTANCE__@@@Z
?GetUserIniPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CreateObjectFromFile@@YAJAAPAUHINSTANCE__@@PB_WPAUIUnknown@@ABU_GUID@@3PAPAX@Z
?GetExeFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CheckFileExist@@YAHPB_W@Z

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
InterlockedExchange
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
CreateFileA
VirtualQueryEx
OutputDebugStringW
GetCurrentProcess
GetCommandLineW
FlushInstructionCache
MultiByteToWideChar
lstrlenA
GetCurrentThreadId
SetLastError
GetPrivateProfileIntW
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
GetVersionExW
WritePrivateProfileStringW
ReadProcessMemory
WaitForSingleObject
SetUnhandledExceptionFilter
GetProcAddress
LoadLibraryW
CreateFileW
WriteFile
SetFileAttributesW
WideCharToMultiByte
lstrlenW
GetModuleHandleW
GetUserDefaultLCID
GetSystemDefaultLCID
GetUserDefaultUILanguage
GetUserDefaultLangID
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetOEMCP
GetACP
OpenProcess
GetCurrentProcessId
TerminateProcess
GetStartupInfoW
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
Sleep

user32

GetWindowRect
GetClientRect
ShowWindow
SendMessageW
GetWindowLongW
EndDialog
MessageBeep
GetWindow
GetParent
EndPaint
BeginPaint
SetWindowTextW
LoadBitmapW
GetSystemMetrics
GetActiveWindow
DialogBoxParamW
SetWindowLongW
MoveWindow
UnregisterClassA
SetTimer
KillTimer
SystemParametersInfoW
MapWindowPoints
SetWindowPos
IsWindow
GetDlgItem
SetDlgItemTextW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoFreeLibrary

oleaut32

SystemTimeToVariantTime
SysFreeString
VariantTimeToSystemTime

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ

psapi

EnumProcessModules
GetModuleFileNameExA
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

imagehlp

SymInitialize
SymSetOptions
StackWalk
SymGetModuleInfo
SymLoadModule
SymGetSymFromAddr
SymFunctionTableAccess

msvcr80

rand
_wcsicmp
_wfopen
_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
wcsncmp
fseek
ftell
??3@YAXPAX@Z
_time64
strchr
memcpy_s
_CxxThrowException
memset
__CxxFrameHandler3
wcslen
wcstoul
_invalid_parameter_noinfo
_vsnprintf_s
memmove_s
wcsstr
wcschr
wcsrchr
_wcslwr_s
_vscwprintf
vswprintf_s
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
free
calloc
_recalloc
_localtime64_s
fclose
_ftelli64
_fseeki64
_wfopen_s
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
fwrite
srand
wcsftime
_i64tow_s
strlen
fread
??_V@YAXPAX@Z

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InstAsm.exe
.exe windows:4 windows x86 arch:x86

bf6535af786405697a8295e4a1400021

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:5f:89:e4:46:c3:ec:dc:bf:c8:54:57:ed:ff:4d:93:6d:d9:03:79:f8:ad:4c:8f:0a:0a:36:ff:e9:e0:55:87
Signer

Actual PE Digest

b3:5f:89:e4:46:c3:ec:dc:bf:c8:54:57:ed:ff:4d:93:6d:d9:03:79:f8:ad:4c:8f:0a:0a:36:ff:e9:e0:55:87

Digest Algorithm

sha256

PE Digest Matches

true

68:4f:7d:1b:ec:ba:38:a4:f9:86:23:49:64:9b:09:30:be:1b:8c:a7
Signer

Actual PE Digest

68:4f:7d:1b:ec:ba:38:a4:f9:86:23:49:64:9b:09:30:be:1b:8c:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\work\views\QQ1.41_Proj\Basic_Hummer2_VOB\Hummer2008\Misc\Setup\InstAsm\Release\InstAsm.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceExW
FindFirstFileW
CopyFileW
GetFileAttributesW
FindNextFileW
FindClose
GetSystemDirectoryW
FindResourceW
GetVersion
GetFullPathNameW
CloseHandle
CreateFileW
ReadFile
MultiByteToWideChar
GetWindowsDirectoryW
RemoveDirectoryW
LocalAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetLastError
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
WriteFile
GetStdHandle
GetModuleFileNameA
FreeLibrary
InterlockedExchange
LoadLibraryA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
Sleep
WideCharToMultiByte
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA

ole32

CoInitialize
CoUninitialize

user32

UnregisterClassA

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LiveInstHlp.dll
.dll windows:4 windows x86 arch:x86

2e51878a0a30cbf85c468aba44ed6360

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

79:0b:a8:76:46:44:a9:9f:19:20:7a:fc:25:90:48:57:f4:73:ef:ab:33:23:57:d9:e1:aa:f4:c2:42:14:de:f8
Signer

Actual PE Digest

79:0b:a8:76:46:44:a9:9f:19:20:7a:fc:25:90:48:57:f4:73:ef:ab:33:23:57:d9:e1:aa:f4:c2:42:14:de:f8

Digest Algorithm

sha256

PE Digest Matches

true

07:cd:22:f1:8b:66:32:c6:03:90:f2:3f:9d:90:ba:c3:b3:a9:c2:e2
Signer

Actual PE Digest

07:cd:22:f1:8b:66:32:c6:03:90:f2:3f:9d:90:ba:c3:b3:a9:c2:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\jenkins_Trunk\workspace\QPSAFEPLUGIN_20160518\qqpcmgr_proj\bin\Release\LiveInstHlp.pdb

Imports

ws2_32

ntohs
ntohl
getpeername
gethostbyname
select
setsockopt
inet_addr
inet_ntoa
sendto
recv
bind
htonl
htons
ioctlsocket
recvfrom
accept
socket
WSAStartup
WSAGetLastError
closesocket
listen
send
connect
__WSAFDIsSet

kernel32

lstrlenW
DeleteFileW
GetCurrentProcessId
WriteFile
GetModuleHandleA
CreateToolhelp32Snapshot
Process32FirstW
VirtualAlloc
InterlockedCompareExchange
EnterCriticalSection
VirtualFree
Process32NextW
LeaveCriticalSection
FileTimeToSystemTime
GetModuleHandleW
SetLastError
InitializeCriticalSection
GetCurrentProcess
DeleteCriticalSection
LoadResource
lstrlenA
GetSystemDirectoryW
LockResource
GetFileTime
SizeofResource
LocalFileTimeToFileTime
CloseHandle
FindResourceW
GetModuleFileNameW
Sleep
WTSGetActiveConsoleSessionId
GetPrivateProfileIntW
WritePrivateProfileStringW
CopyFileW
WaitForMultipleObjects
MoveFileExW
LoadLibraryExW
CreateFileW
CreateEventW
SetEvent
GetTempFileNameW
GetTempPathW
WaitForSingleObject
FreeResource
SetFilePointer
OpenMutexW
OpenEventW
CreateNamedPipeW
OpenSemaphoreW
CreateProcessW
CreateThread
GetVersionExW
ResetEvent
DeviceIoControl
GetStdHandle
CreatePipe
DuplicateHandle
ReadFile
IsBadWritePtr
FindClose
FindFirstFileW
GetFileSize
InitializeCriticalSectionAndSpinCount
HeapAlloc
InterlockedIncrement
InterlockedDecrement
GetProcessHeap
HeapFree
GetSystemDefaultLangID
VirtualQuery
GetSystemInfo
LoadLibraryA
VirtualProtect
FlushInstructionCache
GetCurrentThreadId
ResumeThread
GetThreadContext
SetThreadContext
GetQueuedCompletionStatus
CreateIoCompletionPort
SetFileTime
GetFileAttributesW
SystemTimeToFileTime
GetCurrentDirectoryW
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetDriveTypeA
CreateFileA
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
WideCharToMultiByte
ExpandEnvironmentStringsW
MultiByteToWideChar
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
lstrcmpiW
InterlockedExchange
LocalFree
IsBadReadPtr
FindResourceExW
GetModuleFileNameA
GetTickCount
PostQueuedCompletionStatus
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
GetLocaleInfoA
GetCurrentDirectoryA
GetFullPathNameW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetPrivateProfileStringW
TlsGetValue
CreateDirectoryW
GetFileType
SetHandleCount
RtlUnwind
ExitProcess
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TlsFree
TlsSetValue
GetFileSizeEx
GetDiskFreeSpaceW
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCommandLineA
GetVersionExA
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
TlsAlloc

user32

PeekMessageW
CharLowerW
FindWindowW
GetQueueStatus
DispatchMessageW
DefWindowProcW
CharUpperW
SetWindowLongW
UnregisterClassA
MsgWaitForMultipleObjectsEx
SendMessageTimeoutW
wsprintfW
SendMessageW
MessageBoxW
WaitMessage
KillTimer
RegisterClassExW
SetTimer
GetWindowLongW
PostQuitMessage
CreateWindowExW
PostMessageW
DestroyWindow
PostThreadMessageW
GetMessageW
TranslateMessage
UnregisterClassW

advapi32

GetSidSubAuthority
RevertToSelf
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
LookupAccountNameW
RegCloseKey
SetSecurityDescriptorDacl
GetUserNameW

shell32

CommandLineToArgvW
SHCreateDirectoryExW
ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CoCreateGuid

shlwapi

PathIsRelativeW
PathAppendW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

fltlib

FilterSendMessage
FilterConnectCommunicationPort

wtsapi32

WTSFreeMemory
WTSEnumerateProcessesW

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

HttpQueryInfoW
InternetOpenW
InternetCloseHandle
InternetOpenUrlW
InternetGetConnectedState
InternetReadFile

iphlpapi

GetIpForwardTable

Exports

Exports

CreateLiveInstObject
CreateLiveInstObjectEx
GetDllVersion
GetQScanClient

Sections

.text
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qmnet
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OcxHelper.exe
.exe windows:4 windows x86 arch:x86

a350128292bdb48435c70bda68b5bbb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

75:33:50:7e:52:c5:17:88:d0:98:51:b2:6c:1e:e4:e5:36:0e:8e:f4:69:9e:c3:3b:1b:b8:6c:7e:17:34:c3:ce
Signer

Actual PE Digest

75:33:50:7e:52:c5:17:88:d0:98:51:b2:6c:1e:e4:e5:36:0e:8e:f4:69:9e:c3:3b:1b:b8:6c:7e:17:34:c3:ce

Digest Algorithm

sha256

PE Digest Matches

true

13:2a:29:92:7c:91:f5:88:c9:65:df:d4:a7:d6:31:c1:d4:e3:95:06
Signer

Actual PE Digest

13:2a:29:92:7c:91:f5:88:c9:65:df:d4:a7:d6:31:c1:d4:e3:95:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\OcxHelper.pdb

Imports

kernel32

LoadResource
WideCharToMultiByte
FindResourceExW
MultiByteToWideChar
WaitForSingleObject
GetExitCodeProcess
GetLastError
SetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalFree
LockResource
SizeofResource
FindResourceW
GetTickCount
CloseHandle
CreateFileA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
LoadLibraryA
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
Sleep
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter

advapi32

RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
SetFileSecurityW
GetLengthSid
ConvertStringSidToSidW
InitializeSecurityDescriptor
RegDeleteValueW
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteExW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
StringFromCLSID
CoTaskMemFree

livelog

?IsWindowsVista@@YAHXZ
?CreateAllDirectory@@YAHPB_W@Z

shlwapi

PathFileExistsW

user32

UnregisterClassA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PinItem.vbs
.vbs
QQLive.exe
.exe windows:4 windows x86 arch:x86

794e4e5b4ca51371f40223206e52dcc7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f2:3d:62:92:26:0c:78:eb:2b:b6:38:00:67:3c:dc:cf:ef:19:65:fe:c9:a9:64:36:c4:a9:5d:a1:b4:4a:49:d8
Signer

Actual PE Digest

f2:3d:62:92:26:0c:78:eb:2b:b6:38:00:67:3c:dc:cf:ef:19:65:fe:c9:a9:64:36:c4:a9:5d:a1:b4:4a:49:d8

Digest Algorithm

sha256

PE Digest Matches

true

08:94:1b:c6:af:17:50:7f:02:51:f7:60:db:b2:d0:b0:6f:98:12:e1
Signer

Actual PE Digest

08:94:1b:c6:af:17:50:7f:02:51:f7:60:db:b2:d0:b0:6f:98:12:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\QQLive.pdb

Imports

kernel32

GetLastError
HeapAlloc
HeapFree
GetVersionExW
HeapCreate
CreateEventW
LocalFree
CreateFileW
GetModuleHandleW
HeapDestroy
SizeofResource
CloseHandle
LoadLibraryW
LockResource
GetProcAddress
LoadResource
SetLastError
FindResourceExW
GetFileSize
GetPrivateProfileIntW
FindResourceW
TerminateProcess
MapViewOfFile
UnmapViewOfFile
CreateFileA
ResetEvent
ReadFileEx
WaitForSingleObjectEx
VirtualLock
VirtualUnlock
GetCurrentProcess
SetCurrentDirectoryA
LoadLibraryExA
SetProcessWorkingSetSize
FreeLibrary
GetSystemInfo
GetCommandLineA
LoadLibraryExW
ReadFile
GetThreadLocale
GetSystemTimeAsFileTime
SetEvent
GetModuleFileNameW
CreateFileMappingW
DeviceIoControl
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
Sleep
EnterCriticalSection
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc

user32

GetDesktopWindow
UnregisterClassA

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW
SHGetFolderPathW

shlwapi

PathCombineW
PathCombineA
PathAppendW
PathRemoveFileSpecW
PathIsRelativeW

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

??2@YAPAXI@Z
swprintf_s
memset
_vsnprintf_s
_vsnwprintf_s
??0exception@std@@QAE@XZ
wcscpy_s
??_V@YAXPAX@Z
wcsncpy
wcsstr
free
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
memcpy_s
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
wcscmp
??0exception@std@@QAE@ABQBD@Z
wcsrchr
??3@YAXPAX@Z
_wcsicmp
?what@exception@std@@UBEPBDXZ
memmove_s
??1exception@std@@UAE@XZ
_exit
wcslen
_CxxThrowException
__CxxFrameHandler3

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQLiveBrowser.exe
.exe windows:4 windows x86 arch:x86

cd42a82f6dd682fa3042ae728936e085

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2f:2a:1c:33:f3:19:1a:b7:1a:94:0a:f2:1b:60:b1:79:a9:08:a7:93:2c:18:39:6d:19:16:db:43:44:c6:47:d1
Signer

Actual PE Digest

2f:2a:1c:33:f3:19:1a:b7:1a:94:0a:f2:1b:60:b1:79:a9:08:a7:93:2c:18:39:6d:19:16:db:43:44:c6:47:d1

Digest Algorithm

sha256

PE Digest Matches

true

8f:12:62:b4:e3:36:15:49:5d:6c:f3:3a:93:47:47:77:f7:cd:42:52
Signer

Actual PE Digest

8f:12:62:b4:e3:36:15:49:5d:6c:f3:3a:93:47:47:77:f7:cd:42:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\QQLive_proj\document\HummerSDK5.2\Output\PdbFinal\QQLiveBrowser.pdb

Imports

common

??4CTXStringW@@QAEAAV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z
??8@YA_NPB_WABVCTXStringW@@@Z
?FlushLog@TXLog@@YAXXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?SafeLoadLibrary@Sys@Util@@YAPAUHINSTANCE__@@PB_W@Z
??0CTXStringW@@QAE@XZ
?OnExitWinMain@Misc@Util@@YAXXZ
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
?Format@CTXStringW@@QAAXPB_WZZ
?GetLength@CTXStringW@@QBEHXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
??ACTXStringW@@QBE_WH@Z
??0CTXStringW@@QAE@PB_W@Z
?Append@CTXStringW@@QAEXPB_W@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetString@CTXStringW@@QBEPB_WXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?MinimzeMemory@Sys@Util@@YAXXZ
??4CTXStringW@@QAEAAV0@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?ValidateBugReport@TXBugReport@@YAXXZ
?IsFileExist@FS@@YAHPB_W@Z
?SetBugReportUin@TXBugReport@@YAXK@Z
??1CTXStringW@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?SetBugReportFlag@TXBugReport@@YAHK@Z
?GetLCID@NLS@@YAKXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
??BCTXStringW@@QBEPB_WXZ
?GetSession@TXLog@@YAKXZ
?SetMainAndLogicMsgLoop@Misc@Util@@YAXPAVMessageLoopForUI@AsyncTask@@PAVMessageLoop@4@@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?InitBugReport@TXBugReport@@YAXPB_W000GGKHHKKP6GHPAUtagBugReportInfo@1@PBD200PAPAXPAKPAX@Z@Z
?ClearDeadQueue@Misc@Util@@YAXXZ

processsession

?Run@CTXOPChannel@@EAEIXZ
??0CTXOPChannel@@QAE@XZ
?AddSink@CTXOPChannel@@QAEXPAUITXOPChanelSysSink@@@Z
??1CTXOPChannel@@UAE@XZ
?GetConnectCount@CTXOPChannel@@QAEIXZ
?Listen@CTXOPChannel@@QAEHXZ
?Start@CTXOPChannel@@QAEHPB_W@Z
?SendReply@CTXOPChannel@@QAEHKKPBEI@Z

wininet

InternetErrorDlg

asynctask

??0Lock@AsyncTask@@QAE@XZ
?StartWithOptions@Thread@AsyncTask@@QAE_NABUOptions@12@@Z
??1MessageLoopForUI@AsyncTask@@UAE@XZ
?Run@MessageLoopForUI@AsyncTask@@QAEXXZ
??0MessageLoopForUI@AsyncTask@@QAE@XZ
?RegisterCallback@AtExitManager@AsyncTask@@SAXP6AXPAX@Z0@Z
??1AtExitManager@AsyncTask@@QAE@XZ
??1Thread@AsyncTask@@UAE@XZ
??0AtExitManager@AsyncTask@@QAE@XZ
??0Thread@AsyncTask@@QAE@PBD@Z
?Release@Lock@AsyncTask@@QAEXXZ
??1Lock@AsyncTask@@QAE@XZ
?Acquire@Lock@AsyncTask@@QAEXXZ

kernel32

FlushInstructionCache
GetCurrentProcess
GetModuleFileNameW
TerminateProcess
SetUnhandledExceptionFilter
GetProcAddress
GetCurrentProcessId
OpenMutexW
CloseHandle
CreateMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetTickCount
GetModuleHandleW
GetTempPathW
CreateDirectoryW
CreateFileW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
lstrlenW
GetSystemDirectoryW
Sleep
SetThreadPriority
ResumeThread
CreateThread
WideCharToMultiByte
DeviceIoControl
VirtualProtect
InterlockedExchange
GetSystemTimeAsFileTime
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetLastError

user32

SetTimer
KillTimer
PostQuitMessage

advapi32

RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoCreateInstance
CLSIDFromProgID
CoInitialize
OleUninitialize
CoUninitialize

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

_amsg_exit
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
??3@YAXPAX@Z
__argc
__wargv
wcslen
swscanf
_time64
??2@YAPAXI@Z
_purecall
wcsrchr
memset
wcsstr
??_V@YAXPAX@Z
memcpy
malloc
strncpy_s
strlen
_stricmp
fprintf
rand
__iob_func
srand
wcsncpy_s
wcscat_s
_snprintf_s
free
_invalid_parameter_noinfo
isalnum
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
tolower
memcmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_CxxThrowException
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e

ws2_32

closesocket
sendto
WSAGetLastError
getaddrinfo
htonl
inet_ntoa
socket
WSACleanup
WSAStartup
ntohs
recvfrom
setsockopt
inet_addr
htons

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo
GetIpForwardTable

netapi32

Netbios

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQLiveExternal.dll
.dll windows:4 windows x86 arch:x86

7d8c2ca4777b8defd74d42ccaa34d027

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

28:c5:0b:b1:e8:af:73:1f:bb:57:0a:ab:b6:89:a3:ed:13:64:02:04:b8:a5:32:be:b8:27:25:c2:13:9c:5f:4c
Signer

Actual PE Digest

28:c5:0b:b1:e8:af:73:1f:bb:57:0a:ab:b6:89:a3:ed:13:64:02:04:b8:a5:32:be:b8:27:25:c2:13:9c:5f:4c

Digest Algorithm

sha256

PE Digest Matches

true

dc:8b:80:4d:dc:5d:c1:97:f6:9c:77:96:56:15:6a:9a:b7:11:12:e0
Signer

Actual PE Digest

dc:8b:80:4d:dc:5d:c1:97:f6:9c:77:96:56:15:6a:9a:b7:11:12:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\QQLive_Dailybuild\src\symbol\QQLiveExternal.pdb

Imports

comctl32

InitCommonControlsEx

common

?OnUninitCom@Misc@Util@@YAXXZ
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?TrimRight@CTXStringW@@QAEAAV1@PB_W@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
??1CTXStringA@@QAE@XZ
??7CTXStringW@@QBE_NXZ
??H@YA?AVCTXStringW@@ABV0@0@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
??M@YA_NABVCTXStringA@@0@Z
?OnExitWinMain@Misc@Util@@YAXXZ
??0CTXBSTR@@QAE@PB_W@Z
??1CTXBSTR@@QAE@XZ
??0CTXStringA@@QAE@XZ
?Format@CTXStringA@@QAAXPBDZZ
??BCTXBSTR@@QBEPA_WXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?TXAssert@@YAHPB_W0H@Z
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
??0CTXStringW@@QAE@PB_W@Z
??1CTXStringW@@QAE@XZ
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?OnExitCoreCenter@Misc@Util@@YAXXZ
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z

gf

?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

tinyxml

??0TiXmlDocument@@QAE@XZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?LoadXML@TiXmlDocument@@QAE_NPADHW4TiXmlEncoding@@@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?GetText@TiXmlElement@@QBEPBDXZ
??1TiXmlDocument@@UAE@XZ

kernel32

CloseHandle
UnmapViewOfFile
GetCurrentThreadId
MulDiv
GetCommandLineW
lstrlenW
FlushInstructionCache
LeaveCriticalSection
VirtualAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
SetEvent
SetLastError
WritePrivateProfileStringW
WideCharToMultiByte
lstrlenA
MultiByteToWideChar
GetPrivateProfileIntW
CreateMutexW
GetPrivateProfileStringW
SetEnvironmentVariableW
GetEnvironmentVariableW
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrcpynW
InterlockedIncrement
GetProcAddress
IsBadReadPtr
VirtualProtect
DuplicateHandle
GetCurrentProcessId
SetUnhandledExceptionFilter
TerminateProcess
CreateProcessW
GetProcessHeap
HeapFree
DeleteCriticalSection
LoadLibraryExW
FreeLibrary
lstrcmpiW
OpenEventW
InitializeCriticalSection
ExitProcess
VirtualQuery
OpenFileMappingW
GetVersionExW
DeviceIoControl
GetLogicalDrives
GetDriveTypeW
CreateFileW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetTickCount
GetStdHandle
CreatePipe
ReadFile
InterlockedCompareExchange
InterlockedExchange
SwitchToThread
FindFirstFileW
FindClose
CopyFileW
DeleteFileW
GetFileSize
GetACP
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetVersionExA
VirtualFree
ReleaseMutex
RaiseException
FreeConsole
WaitForSingleObject
GetCurrentProcess
lstrcmpW
GetModuleHandleW
EnterCriticalSection
AllocConsole
GetLastError
GetLocaleInfoA
GetThreadLocale
Sleep
UnhandledExceptionFilter
IsDebuggerPresent
DisableThreadLibraryCalls
QueryPerformanceCounter
GetSystemTimeAsFileTime
MapViewOfFile
LoadLibraryW
GetModuleFileNameW
InterlockedDecrement

user32

SetTimer
CharNextW
DispatchMessageW
SetFocus
GetFocus
GetClientRect
SetWindowTextW
SendMessageW
TranslateMessage
DestroyAcceleratorTable
GetWindow
UnregisterClassA
CharUpperW
ReplyMessage
InSendMessage
FindWindowExW
GetPropW
SetParent
SetPropW
ShowWindow
RemovePropW
TrackMouseEvent
InvalidateRgn
GetMessageW
CreateAcceleratorTableW
FillRect
SetWindowPos
PeekMessageW
MessageBoxW
GetDesktopWindow
IsWindow
RedrawWindow
SetWindowLongW
EndPaint
GetDlgItem
ClientToScreen
PostMessageW
GetDC
ScreenToClient
ReleaseDC
KillTimer
MoveWindow
GetKeyState
CallWindowProcW
RegisterWindowMessageW
DefWindowProcW
LoadCursorW
GetWindowTextLengthW
GetWindowLongW
GetClassNameW
SetCapture
GetClassInfoExW
ReleaseCapture
GetParent
RegisterClassExW
CreateWindowExW
InvalidateRect
GetSysColor
BeginPaint
GetWindowTextW
DestroyWindow
IsChild

gdi32

GetStockObject
CreateSolidBrush
GetObjectW
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateCompatibleDC

advapi32

RegQueryValueW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

shell32

DragQueryFileW
DragFinish
SHGetSpecialFolderPathW
DragAcceptFiles

ole32

CoTaskMemAlloc
CoGetClassObject
CoInitializeEx
CreateStreamOnHGlobal
OleUninitialize
CLSIDFromProgID
CLSIDFromString
StringFromIID
CoTaskMemFree
CoTaskMemRealloc
CoInitialize
CoCreateGuid
CoUninitialize
CoCreateInstance
StringFromGUID2
OleLockRunning
OleInitialize

oleaut32

VarUI4FromStr
SysAllocStringByteLen
GetErrorInfo
DispCallFunc
SysFreeString
SysStringLen
OleCreateFontIndirect
LoadTypeLi
VariantClear
LoadRegTypeLi
VariantInit
SysAllocStringLen
SysStringByteLen
SysAllocString

livelog

?IsDoLog@@YAHXZ
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?GetKeyValue@@YAHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0AAV12@_W@Z
?UrlDecode@@YAHAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0@Z
?ParseURL@@YAHPB_WAAW4INTERNET_SCHEME@@AAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@2AAG@Z
?GetConfigDword@@YAKV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0KW4tagQQLIVE_CONFIG_TYPE@@@Z
?GetUserGuid@@YAXPADAAH@Z
?QQ_GetProtocolVersionNumber@@YAJXZ
?GetConfigInt@@YAJV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@0JW4tagQQLIVE_CONFIG_TYPE@@@Z
?LogToFile@@YAXPB_WZZ
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAUHINSTANCE__@@@Z
?CheckDirectoryExist@@YAHPB_W@Z
?CreateAllDirectory@@YAHPB_W@Z

shlwapi

PathAppendW
PathFindFileNameW
PathFileExistsW

msvcp80

?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@V32@@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcr80

memcmp
wcsrchr
free
??_V@YAXPAX@Z
_purecall
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
malloc
fclose
memset
setlocale
??2@YAPAXI@Z
__iob_func
_recalloc
freopen
memcpy_s
_vscwprintf
??1exception@std@@UAE@XZ
wcscmp
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ
memmove_s
_vsnwprintf_s
_wtoi64
ldiv
swprintf_s
__CxxFrameHandler3
vswprintf_s
??0exception@std@@QAE@XZ
wcschr
calloc
memcpy
strlen
_wctime64_s
wcslen
_time64
wcsstr
_stricmp
_set_invalid_parameter_handler
_beginthreadex
wcstoul
_ultow_s
_ltow_s
_wcslwr_s
_wcsicmp
_wcstoui64
wcsncpy_s
_vscprintf
vsprintf_s
isalnum
tolower
isspace
isprint
_snprintf_s
wcsncpy
sprintf_s
_mbschr
_mbslwr_s
strncpy
strtoul
_mbsstr
_snwprintf_s
_snprintf
_wstat64
_wsplitpath_s
_wmkdir
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_CxxThrowException

wininet

InternetConnectW
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetOpenW

netapi32

Netbios

Exports

Exports

QQLiveExternalWinMain

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.QMGuid
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QQLiveService.exe
.exe windows:4 windows x86 arch:x86

b1fbcfff4b6b5f7b29d2c845c39f25a3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:97:8b:77:61:2d:d6:d9:c4:e8:50:3f:15:96:25:43:25:d1:ed:45:bb:9c:81:05:6f:df:2a:70:4b:fa:4b:c2
Signer

Actual PE Digest

be:97:8b:77:61:2d:d6:d9:c4:e8:50:3f:15:96:25:43:25:d1:ed:45:bb:9c:81:05:6f:df:2a:70:4b:fa:4b:c2

Digest Algorithm

sha256

PE Digest Matches

true

4e:de:11:bc:ba:0d:bc:2e:5d:33:4d:14:01:91:db:f0:92:97:45:3e
Signer

Actual PE Digest

4e:de:11:bc:ba:0d:bc:2e:5d:33:4d:14:01:91:db:f0:92:97:45:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\QQLiveService.pdb

Imports

common

?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?SetMainAndLogicThreadId@Misc@Util@@YAXKK@Z
?InitPlatformFileSystem@Boot@Util@@YAHXZ
?InitPlatformI18NConfig@Boot@Util@@YAHXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?InitPlatformCoreConfig@Boot@Util@@YAHXZ
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?ClearDeadQueue@Misc@Util@@YAXXZ
?TXAssert@@YAHPB_W0H@Z
?RemoveFileSystem@FS@@YAHPB_W@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?CreateObjectFromDllFile@Com@Util@@YGJPB_WABU_GUID@@1PAPAXPAUIUnknown@@@Z
?InitPlatformGFConfig@Boot@Util@@YAHXZ
?Find@CTXStringW@@QBEHPB_WH@Z
?GetExeDir@Sys@Util@@YA?AVCTXStringW@@XZ
?InitPlatform@CoreCenter@Util@@YAHPA_W@Z
?TrimRight@CTXStringW@@QAEAAV1@PB_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@ABV0@@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@PB_W@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
??1CTXStringW@@QAE@XZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXStringW@@QAE@PA_W@Z

gf

?SetCustomObjectFactory@GF@Util@@YAXP6AHABU_GUID@@0PAPAX@Z@Z

kernel32

LeaveCriticalSection
CloseHandle
SetLastError
RaiseException
VirtualQuery
lstrlenW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
WaitForSingleObjectEx
VirtualLock
VirtualUnlock
SetCurrentDirectoryA
LoadLibraryExA
SetProcessWorkingSetSize
FreeLibrary
DeviceIoControl
SetEvent
HeapAlloc
GetCurrentProcess
GetLastError
GetVersionExW
HeapCreate
CreateEventW
CreateFileW
HeapDestroy
ReadFile
GetFileSize
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileA
EnterCriticalSection
ResetEvent
ReadFileEx
TerminateProcess
LocalAlloc
LocalFree
lstrcmpW
CreateMutexW
GetEnvironmentVariableW
SetEnvironmentVariableW
Process32NextW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
GetVersionExA
GetModuleHandleW
FlushInstructionCache
Process32FirstW
CreateToolhelp32Snapshot
GetPrivateProfileIntW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
InterlockedCompareExchange
HeapFree

user32

DestroyWindow
SetWindowLongW
CallWindowProcW
DefWindowProcW
UnregisterClassA
CreateWindowExW
KillTimer
PostQuitMessage
LoadCursorW
GetWindowLongW
GetClassInfoExW
PeekMessageW
GetMessageW
TranslateMessage
RegisterClassExW
DispatchMessageW
SetTimer

advapi32

OpenSCManagerW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
CloseServiceHandle

shell32

CommandLineToArgvW

ole32

OleUninitialize
OleInitialize

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString

livelog

?GetNoRealStatInst@@YAJPAPAUINoRealStat@@_K@Z
?GetRealStatInst@@YAJPAPAUIRealGuidStat@@_K@Z
?SetDNSStatus@@YAXW4DNS_STATUS@@@Z
?IsDoLog@@YAHXZ
?LogToFile@@YAXPB_WZZ
?FileCoCreateInstance@@YAJPB_WABU_GUID@@PAUIUnknown@@K1PAPAXPAUHINSTANCE__@@@Z
?QQ_IsChromeInstalled@@YAHXZ
?GetClientOsVersion@@YAEXZ
?GetModuleFolder@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PAUHINSTANCE__@@@Z
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?QQ_GetChannelInfo@@YA?BV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?IsEnableUAC@@YAHXZ
?SetInstallStartupFlag@@YAX_N@Z
?TestDNSConnection@@YAXXZ

shlwapi

PathCombineW
PathCombineA

comctl32

InitCommonControlsEx

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z

msvcr80

_controlfp_s
_crt_debugger_hook
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_CxxThrowException
__CxxFrameHandler3
??3@YAXPAX@Z
_recalloc
swprintf_s
memset
memcpy_s
_vsnprintf_s
_vsnwprintf_s
wcscpy_s
memmove_s
wcscmp
wcslen
??2@YAPAXI@Z
??_V@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
free
_wcsicmp
??0exception@std@@QAE@ABQBD@Z
_set_invalid_parameter_handler
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
?terminate@@YAXXZ
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 432B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQLiveUp.exe
.exe windows:4 windows x86 arch:x86

9e1c2342571c6bc4f1aec520747f8a1b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

de:5a:50:d6:9b:fa:6f:d2:03:29:b2:bf:e1:e9:1a:fa:59:1c:78:ea:09:be:be:60:c1:26:64:fe:68:4e:27:af
Signer

Actual PE Digest

de:5a:50:d6:9b:fa:6f:d2:03:29:b2:bf:e1:e9:1a:fa:59:1c:78:ea:09:be:be:60:c1:26:64:fe:68:4e:27:af

Digest Algorithm

sha256

PE Digest Matches

true

91:75:cb:c5:2d:ed:86:18:22:3b:9f:a4:85:9c:dc:62:12:0b:6f:00
Signer

Actual PE Digest

91:75:cb:c5:2d:ed:86:18:22:3b:9f:a4:85:9c:dc:62:12:0b:6f:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\QQLiveUp.pdb

Imports

httpmodule

??0CDownloadMgrProxy@@QAE@XZ
?StartTask@CDownloadMgrProxy@@QAEHH@Z
??1CDownloadMgrProxy@@UAE@XZ
?AddTask@CDownloadMgrProxy@@QAEHPAUIHttpEventWndCallback@@PB_W1IIK@Z

kernel32

FindResourceExW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileStringW
CreateProcessW
CloseHandle
GetTickCount
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
LockResource
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
DeleteCriticalSection
EnterCriticalSection
CreateMutexW
LeaveCriticalSection
GetModuleFileNameW
LoadResource
InterlockedIncrement
SizeofResource
GetCommandLineW
SetLastError
GetModuleHandleW
GetCurrentProcess
LoadLibraryExW
GetCurrentThreadId
InterlockedDecrement
FreeLibrary
RaiseException
FlushInstructionCache
FindResourceW
lstrcmpiW
lstrlenW
InitializeCriticalSection
MultiByteToWideChar
FormatMessageW
GetLastError
WideCharToMultiByte
GetACP

user32

MessageBoxW
CharNextW
DialogBoxParamW
SetWindowLongW
UnregisterClassA
GetClientRect
GetDlgCtrlID
KillTimer
GetActiveWindow
SetForegroundWindow
GetDC
GetWindow
SystemParametersInfoW
FindWindowW
PostMessageW
GetWindowRect
GetParent
MapWindowPoints
GetWindowTextLengthW
SetWindowPos
GetWindowTextW
SetTimer
EnableWindow
LoadCursorW
SetCursor
LoadIconW
SendMessageW
ShowWindow
GetDlgItem
EndDialog
LoadStringW
ShowScrollBar
SetWindowTextW
CallWindowProcW
ReleaseDC
DefWindowProcW
ShowOwnedPopups
GetWindowLongW
InvalidateRect

gdi32

SetTextColor
SetBkMode
GetTextMetricsW
GetObjectW
CreateFontIndirectW
CreateSolidBrush
SelectObject
SetBkColor
GetStockObject

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

CommandLineToArgvW
Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoInitialize

oleaut32

VarUI4FromStr
DispCallFunc
VariantClear
VariantInit
SysAllocString
SysFreeString

livelog

?CheckUnadvise@@YAXPB_W@Z
?GetLiveServerUrl@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@PB_W@Z
?IsWinXPOrLater@@YAHXZ
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CopyLiveUpFiles@@YAHXZ
?CreateStandardFont@@YAXAAPAUHFONT__@@@Z
?CheckAdvise@@YAXPB_W@Z
?KillOtherQQLivePlayerApp@@YAHPB_W@Z
?IsDoLog@@YAHXZ
?LogToFile@@YAXPB_WZZ
?FileCoCreateInstance@@YAJPB_WABU_GUID@@PAUIUnknown@@K1PAPAXPAUHINSTANCE__@@@Z

msvcp80

?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

msvcr80

_amsg_exit
__CxxFrameHandler3
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_CxxThrowException
??2@YAPAXI@Z
fseek
memmove
memcpy
ftell
memset
wcschr
_wfopen
wcsncmp
fclose
wcstol
wcslen
??_V@YAXPAX@Z
fwrite
??3@YAXPAX@Z
fread
_vswprintf
_recalloc
memcpy_s
free
malloc
wcsncpy_s
memmove_s
_vscwprintf
vswprintf_s
_wtol
memcmp
wprintf_s
_wcsicmp
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer

shlwapi

StrCmpW

wintrust

WinVerifyTrust

crypt32

CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CertCreateCertificateContext
CryptMsgGetParam

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QQPCDetector.dll
.dll regsvr32 windows:4 windows x86 arch:x86

26a314e75ec6378236eac6ea7989f070

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:6a:d5:24:35:b9:d2:d8:12:bb:fd:2b:95:30:78:dc:ec:dc:38:3c:83:62:c5:4f:3c:ee:fa:f2:6f:cc:46:a9
Signer

Actual PE Digest

00:6a:d5:24:35:b9:d2:d8:12:bb:fd:2b:95:30:78:dc:ec:dc:38:3c:83:62:c5:4f:3c:ee:fa:f2:6f:cc:46:a9

Digest Algorithm

sha256

PE Digest Matches

true

a9:39:af:2e:46:be:6c:d3:b2:89:85:f9:ef:ca:c3:70:43:9f:a8:c2
Signer

Actual PE Digest

a9:39:af:2e:46:be:6c:d3:b2:89:85:f9:ef:ca:c3:70:43:9f:a8:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc42u

ord826
ord600
ord1571
ord6466
ord1250
ord1248
ord1567
ord6278
ord6279
ord860
ord4197
ord4199
ord2910
ord5568
ord6655
ord5706
ord537
ord6868
ord2756
ord925
ord2810
ord940
ord4273
ord823
ord942
ord538
ord858
ord2606
ord5679
ord4124
ord922
ord540
ord861
ord535
ord941
ord2717
ord3948
ord815
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord3396
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord800
ord825
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1165
ord1568
ord1173
ord1128
ord1115
ord1129
ord269

msvcrt

_snprintf
strncmp
_wstati64
strncpy
isalnum
malloc
tolower
isspace
isprint
wcsstr
rand
_wfopen
fwrite
fclose
_wcslwr
_ftol
_purecall
atoi
_wtoi
sprintf
_itoa
free
time
swprintf
memcpy
wcscpy
wcscmp
_snwprintf
wcsncpy
wcschr
_wtol
strlen
wcslen
memset
__CxxFrameHandler
_callnewh
_strcmpi
_wmkdir
_wsplitpath
wcstoul
_itow
_ultow
_ui64tow
srand
_wcsicmp
_except_handler3
_CxxThrowException
??0exception@@QAE@ABV0@@Z
strcpy
strcmp
memcmp
strchr
strrchr
strtoul
atof
?what@exception@@UBEPBDXZ
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
_beginthreadex
memmove
fopen
fprintf
fread
ftell
fseek
fputc
sscanf
isalpha
wcscat
wcsrchr
calloc
wcsncat
_wcsnicmp
strncat
wprintf
fflush
_getpid
towlower
_strlwr
_stricmp
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
swscanf

kernel32

InitializeCriticalSection
ExitProcess
CreateThread
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LockResource
CreateFileW
WriteFile
RaiseException
TerminateThread
InterlockedCompareExchange
CreateMutexW
lstrcpynA
lstrcpyA
OutputDebugStringA
GlobalAlloc
lstrcpyW
GlobalFree
OutputDebugStringW
SleepEx
InterlockedExchange
GetCommandLineW
LocalFree
GetPrivateProfileIntW
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
GetTickCount
DeleteCriticalSection
CopyFileW
MoveFileExW
GetCurrentProcessId
GetCurrentProcess
GetProcessTimes
GetSystemTime
SystemTimeToFileTime
GetVersionExW
CreateProcessW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
FreeLibrary
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
CreateDirectoryW
GetProcAddress
GetLastError
GetModuleFileNameW
LoadLibraryW
SetEvent
WaitForSingleObject
Sleep
DeleteFileW
CreateEventW
CloseHandle
TlsSetValue
TlsAlloc
InterlockedIncrement
OpenEventW
DuplicateHandle
FileTimeToSystemTime
GetDiskFreeSpaceExW
DeviceIoControl
QueryDosDeviceW
GetDriveTypeW
GetLogicalDrives
ReadFile
GetFileSize
FindClose
FindFirstFileW
lstrlenW
GetPrivateProfileStringW
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesW
GetPrivateProfileStructW
WritePrivateProfileSectionW
WritePrivateProfileStructW
GetCurrentDirectoryW
GetWindowsDirectoryW
GetSystemDirectoryW
ExpandEnvironmentStringsW
GetTempPathW
SetEnvironmentVariableW
ResumeThread
GetModuleHandleW
GetFullPathNameW
LocalAlloc
VirtualFree
GetModuleHandleA
VirtualProtect
IsBadWritePtr
InitializeCriticalSectionAndSpinCount
GetStdHandle
CreatePipe
GetModuleFileNameA
ResetEvent
IsBadReadPtr
GetFileInformationByHandle
SetFileTime
GetFileAttributesW
LocalFileTimeToFileTime
LoadLibraryA
VirtualQuery
GetSystemInfo
GetSystemDefaultLangID
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetLocalTime
VirtualAllocEx
VirtualAlloc
SetUnhandledExceptionFilter
ReadProcessMemory
WriteProcessMemory
WaitForMultipleObjects
TerminateProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
SetErrorMode
UnhandledExceptionFilter
SetFilePointer
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
GetExitCodeProcess
GetVersion
OpenSemaphoreW
CreateNamedPipeW
OpenMutexW
TlsFree
TlsGetValue
InterlockedDecrement

user32

SetPropW
TranslateMessage
PeekMessageW
GetWindowThreadProcessId
GetClassNameW
SendMessageTimeoutW
FindWindowW
EnumWindows
CharUpperW
PostMessageW
FindWindowA
IsIconic
SetWindowLongW
UnregisterClassW
RegisterClassExW
DefWindowProcW
DestroyWindow
ShowWindow
CreateWindowExW
PostQuitMessage
RemovePropW
MessageBoxW
GetParent
IsWindowVisible
GetPropW
IsWindow
SendMessageW
GetMessageW
DispatchMessageW
GetDesktopWindow
GetWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryValueExA
RegOpenKeyExA
LookupAccountNameW
RegDeleteValueW
RegDeleteKeyW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
RegOpenKeyW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
ShellExecuteW

ole32

CoUninitialize
CoCreateGuid
CoInitialize
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoLoadLibrary
CoFreeLibrary

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHIIPBGI@Z
?_Xran@std@@YAXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@II@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?_Doraise@bad_cast@std@@MBEXXZ
??0bad_cast@std@@QAE@ABV01@@Z
??_D?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_7bad_cast@std@@6B@
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
?get@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEGXZ
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?nothrow@std@@3Unothrow_t@1@B
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_last_not_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?find_last_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z

ws2_32

htons
ntohl
ntohs
htonl

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

wininet

InternetReadFile
HttpQueryInfoW
InternetGetConnectedState
InternetOpenW
InternetCloseHandle
InternetOpenUrlW

Exports

Exports

CancelDetector
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetDectectorResult
GetDectectorResultEx
InitDetector
InitDownloader
InitLoadLoadParam
NsisGetDectectorResult
NsisGetDectectorResultA
NsisGetDectectorResultEx
NsisRunDetector
NsisRunDetectorA
NsisRunDetectorEx
NsisWaitDetectorComplete
NsisWaitDetectorCompleteA
NsisWaitDetectorCompleteEx
QQBrowserModuleEntry
QQBrowserProcessParamVersion
ReleaseDR
RunDetector
RunDetectorEx
RunDetectorWithNotification
SetDriverService
SetGroupId
UnInitDetector
WaitDetectorComplete
WaitDetectorCompleteEx

Sections

.text
Size: 440KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Statistics.exe
.exe windows:4 windows x86 arch:x86

baa487ed1b1f5a11812667c15604402b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\QQLive_proj\trunk\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

FindResourceW
FindResourceExW
MultiByteToWideChar
FreeLibrary
GetProcAddress
LoadLibraryW
GetFileAttributesExW
lstrlenA
lstrlenW
OutputDebugStringW
SetFileAttributesW
LoadResource
MoveFileW
LocalFree
GetFileAttributesW
CloseHandle
WaitForSingleObject
CreateProcessW
GetModuleFileNameW
CreateDirectoryW
WriteFile
CreateFileW
LockResource
SizeofResource
GetLastError
DeleteFileW
WideCharToMultiByte
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
ReadFile
SetEndOfFile
CreateFileA
LoadLibraryA
SetConsoleCtrlHandler
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
Sleep
ExitProcess
GetDateFormatA
GetTimeFormatA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RtlUnwind
InterlockedIncrement
InterlockedDecrement
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
FatalAppExitA
VirtualAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
GetConsoleCP
GetConsoleMode
GetCPInfo
GetOEMCP
IsValidCodePage

advapi32

BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysFreeString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW

ws2_32

ntohl
htonl

wininet

HttpEndRequestW
InternetSetCookieW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetSetCookieExW
InternetConnectW
HttpOpenRequestW
HttpSendRequestExW
HttpAddRequestHeadersW
InternetWriteFile

user32

UnregisterClassA

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TXSSO/I18N/2052/PGFStringBundle.xml
.xml
TXSSO/I18N/2052/SSOStringBundle.xml
.xml
TXSSO/I18N/SSOConfig.xml
.xml
TXSSO/bin/SSOCommon.dll
.dll regsvr32 windows:5 windows x86 arch:x86

d26cfb03003607582cf88f555b3eeae3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c8:cf:aa:3f:35:a6:e8:dc:87:5e:83:27:04:b5:6e:08:20:87:a5:ee
Signer

Actual PE Digest

c8:cf:aa:3f:35:a6:e8:dc:87:5e:83:27:04:b5:6e:08:20:87:a5:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\output\bin\SSOCommon.pdb

Imports

ws2_32

closesocket
gethostname
WSASetLastError
getservbyport
gethostbyaddr
getservbyname
inet_addr
inet_ntoa
gethostbyname
WSAGetLastError
__WSAFDIsSet
WSAStartup
WSACleanup
WSAAsyncGetHostByName
WSACancelAsyncRequest
accept
socket
bind
sendto
recvfrom
connect
listen
getsockopt
setsockopt
getsockname
getpeername
WSAAsyncSelect
send
ioctlsocket
recv
select

wininet

InternetErrorDlg
HttpQueryInfoW
InternetSetOptionW
HttpSendRequestW
InternetSetCookieW
InternetCloseHandle
InternetConnectW
InternetGetCookieW
InternetOpenW
InternetCanonicalizeUrlW
HttpOpenRequestW
InternetQueryOptionW
InternetCrackUrlW

winmm

timeGetTime

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

GetModuleFileNameExW

iphlpapi

GetIpForwardTable
GetIpAddrTable

kernel32

HeapSize
HeapReAlloc
DecodePointer
EncodePointer
RtlUnwind
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
OutputDebugStringA
InitializeCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetTempPathW
CreateDirectoryW
GetFileAttributesW
CloseHandle
SetFilePointer
ReadFile
CreateFileW
GetCommandLineW
WriteFile
GetFileSize
lstrcmpW
FindNextFileW
FindFirstFileW
FindClose
SetFileAttributesW
CopyFileW
MoveFileExW
DeleteFileW
WideCharToMultiByte
IsBadReadPtr
GetACP
GetCPInfoExW
GetVersion
GetCurrentProcess
GetCurrentProcessId
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
HeapCompact
LoadLibraryW
GetWindowsDirectoryW
GetSystemDirectoryW
GetVersionExW
HeapFree
HeapAlloc
GetProcessHeap
OpenProcess
lstrcpynW
SetProcessWorkingSetSize
MoveFileW
Sleep
GetSystemTimeAsFileTime
GetProcessTimes
GetModuleHandleA
GetPrivateProfileStringA
GetFileAttributesA
VirtualQuery
QueryPerformanceFrequency
SetProcessAffinityMask
GetProcessAffinityMask
GetLocaleInfoW
GetUserDefaultLCID
GetSystemDefaultLCID
IsValidLocale
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetUserDefaultLangID
SetLocaleInfoW
GetDateFormatW
GetTimeFormatW
GetCalendarInfoW
GetCurrencyFormatW
GetNumberFormatW
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileSizeEx
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
CreateProcessW
CreatePipe
DuplicateHandle
GetStdHandle
LockResource
lstrcmpiA
FindResourceExW
FormatMessageW
QueueUserWorkItem
SetLastError
LocalFree
SetEvent
SetThreadPriority
ResetEvent
TerminateThread
WaitForMultipleObjects
CreateEventW
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
GetFileType
RemoveDirectoryW
GetDiskFreeSpaceW
GetFullPathNameW
SetEndOfFile
GlobalFree
ExitThread
ResumeThread
CreateThread
ExitProcess
GetCommandLineA
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCPInfo
GetOEMCP
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetStringTypeW
SetHandleCount
GetStartupInfoW
CompareStringW
LCMapStringW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetStdHandle
WriteConsoleW
GetModuleFileNameA
SetEnvironmentVariableA

user32

IsWindowVisible
GetSystemMetrics
CloseDesktop
CharNextW
GetWindowThreadProcessId
FindWindowW
SystemParametersInfoW
GetWindowTextW
GetWindowRect
GetParent
GetWindowLongW
GetGUIThreadInfo
IsWindow
GetClassNameW
GetThreadDesktop
GetUserObjectInformationW
OpenInputDesktop
GetDesktopWindow
PostMessageW
SetWindowLongW
DestroyWindow
DefWindowProcW
ShowWindow
CreateWindowExW
RegisterClassExW
KillTimer
SetTimer
CharNextA
CharUpperA
CharLowerA
CharUpperW
CharLowerW
GetClassInfoExW
ReleaseDC
GetDC
GetIconInfo
DrawTextW

gdi32

SetTextColor
CreateFontIndirectW
ExtTextOutW
SetDIBitsToDevice
StretchDIBits
CreateRectRgnIndirect
GetClipBox
RectVisible
CreateCompatibleBitmap
SetBkMode
SetBkColor
BitBlt
StretchBlt
GetObjectW
SelectObject
RealizePalette
GetDIBits
CreateRectRgn
CreateCompatibleDC
CreateDIBSection
DeleteDC
CreateBitmap
SetStretchBltMode
CreateDIBitmap
DeleteObject
ExtCreateRegion
ExtSelectClipRgn
GetStockObject

advapi32

DuplicateTokenEx
RegOpenKeyW
OpenProcessToken
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueW
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW
SHGetFolderLocation
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoFreeLibrary
CLSIDFromString
CoLoadLibrary
CoGetMalloc
CoCreateGuid

oleaut32

VectorFromBstr
VarBstrCmp
VariantClear
LoadRegTypeLi
SysAllocStringLen
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
BstrFromVector
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantInit
SysReAllocStringLen
VariantChangeType
VariantTimeToSystemTime
VarDateFromStr
SysFreeString
SysStringByteLen

shlwapi

StrCmpW

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
CryptCATAdminReleaseContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminReleaseCatalogContext
WTHelperGetProvCertFromChain
CryptCATAdminAcquireContext

crypt32

CertGetNameStringW

netapi32

Netbios

rasapi32

RasGetProjectionInfoW
RasEnumConnectionsW

Exports

Exports

??0CCmdCodecBase@@QAE@XZ
??0CExpatDataCompat@@QAE@XZ
??0CExpatFileReader@@QAE@XZ
??0CExpatMemReader@@QAE@XZ
??0CFmtString@@QAE@XZ
??0CMACReader@@QAE@XZ
??0CScopeToggler@@QAE@PA_N_N@Z
??0CTXBSTR@@QAE@ABU_GUID@@@Z
??0CTXBSTR@@QAE@ABV0@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??0CTXBSTR@@QAE@H@Z
??0CTXBSTR@@QAE@HPB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
??0CTXBSTR@@QAE@XZ
??0CTXCommPack@@QAE@ABV0@@Z
??0CTXCommPack@@QAE@XZ
??0CTXCriticalSection@@QAE@ABV0@@Z
??0CTXCriticalSection@@QAE@XZ
??0CTXHttpDownload@@QAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
??0CTXHttpDownloadSink@@QAE@ABV0@@Z
??0CTXHttpUpload@@QAE@XZ
??0CTXHttpUploadBuffer@@QAE@XZ
??0CTXHttpUploadStandard@@QAE@XZ
??0CTXStringA@@QAE@ABV0@@Z
??0CTXStringA@@QAE@DH@Z
??0CTXStringA@@QAE@PBD@Z
??0CTXStringA@@QAE@PBDH@Z
??0CTXStringA@@QAE@UtagEN@@PB_WH@Z
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
??0CTXStringA@@QAE@XZ
??0CTXStringW@@QAE@ABU_GUID@@@Z
??0CTXStringW@@QAE@ABUtagVARIANT@@@Z
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??0CTXStringW@@QAE@H@Z
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@PB_W@Z
??0CTXStringW@@QAE@PB_WH@Z
??0CTXStringW@@QAE@UtagEN@@PBDH@Z
??0CTXStringW@@QAE@UtagGBK@@PBDH@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
??0CTXStringW@@QAE@XZ
??0CTXStringW@@QAE@_WH@Z
??0CTXTCPDataSender@@QAE@XZ
??0CTXTLVCodecBase@@QAE@XZ
??0CTXThreadModel@@IAE@XZ
??0CTXUDPDataSender@@QAE@XZ
??0CTXVariant@@QAE@ABVCTXBuffer@@@Z
??0CxExifInfo@CxImageJPG@@QAE@PAUtag_ExifInfo@1@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@PB_WK@Z
??0CxFile@@QAE@XZ
??0CxImage@@QAE@ABV0@_N11@Z
??0CxImage@@QAE@K@Z
??0CxImage@@QAE@KKKK@Z
??0CxImage@@QAE@PAEKK@Z
??0CxImage@@QAE@PAU_iobuf@@K@Z
??0CxImage@@QAE@PAVCxFile@@K@Z
??0CxImage@@QAE@PB_WK@Z
??0CxImageGIF@@QAE@ABV0@@Z
??0CxImageGIF@@QAE@XZ
??0CxImageJPG@@QAE@ABV0@@Z
??0CxImageJPG@@QAE@XZ
??0CxMemFile@@QAE@ABV0@@Z
??0CxMemFile@@QAE@KPAE@Z
??0CxPoint2@@QAE@ABV0@@Z
??0CxPoint2@@QAE@MM@Z
??0CxPoint2@@QAE@XZ
??0CxRect2@@QAE@ABV0@@Z
??0CxRect2@@QAE@MMMM@Z
??0CxRect2@@QAE@XZ
??0TiXmlAttribute@@QAE@PBD0@Z
??0TiXmlAttribute@@QAE@XZ
??0TiXmlAttributeSet@@QAE@XZ
??0TiXmlComment@@QAE@ABV0@@Z
??0TiXmlComment@@QAE@PBD@Z
??0TiXmlComment@@QAE@XZ
??0TiXmlDeclaration@@QAE@ABV0@@Z
??0TiXmlDeclaration@@QAE@PBD00@Z
??0TiXmlDeclaration@@QAE@XZ
??0TiXmlDocument@@IAE@PBD@Z
??0TiXmlDocument@@QAE@ABV0@@Z
??0TiXmlDocument@@QAE@XZ
??0TiXmlElement@@QAE@ABV0@@Z
??0TiXmlElement@@QAE@PBD@Z
??0TiXmlNode@@IAE@W4NodeType@0@@Z
??0TiXmlText@@QAE@ABV0@@Z
??0TiXmlText@@QAE@PBD@Z
??0TiXmlUnknown@@QAE@ABV0@@Z
??0TiXmlUnknown@@QAE@XZ
??0VTXTCPDataSenderTimeOutCallback@@QAE@ABV0@@Z
??0VTXTCPDataSenderTimeOutCallback@@QAE@XZ
??0VTXUDPDataSenderTimeOutCallback@@QAE@ABV0@@Z
??0VTXUDPDataSenderTimeOutCallback@@QAE@XZ
??1CCmdCodecBase@@UAE@XZ
??1CExpatDataCompat@@QAE@XZ
??1CExpatFileReader@@UAE@XZ
??1CExpatMemReader@@UAE@XZ
??1CFmtString@@QAE@XZ
??1CMACReader@@QAE@XZ
??1CScopeToggler@@QAE@XZ
??1CTXBSTR@@QAE@XZ
??1CTXCommPack@@UAE@XZ
??1CTXCriticalSection@@UAE@XZ
??1CTXHttpDownload@@UAE@XZ
??1CTXHttpDownloadSink@@UAE@XZ
??1CTXHttpUpload@@UAE@XZ
??1CTXHttpUploadBuffer@@UAE@XZ
??1CTXHttpUploadStandard@@UAE@XZ
??1CTXStringA@@QAE@XZ
??1CTXStringW@@QAE@XZ
??1CTXTCPDataSender@@UAE@XZ
??1CTXTLVCodecBase@@UAE@XZ
??1CTXThreadModel@@MAE@XZ
??1CTXUDPDataSender@@UAE@XZ
??1CxExifInfo@CxImageJPG@@QAE@XZ
??1CxFile@@UAE@XZ
??1CxImage@@UAE@XZ
??1CxImageGIF@@UAE@XZ
??1CxImageJPG@@UAE@XZ
??1CxMemFile@@UAE@XZ
??1TiXmlAttribute@@UAE@XZ
??1TiXmlAttributeSet@@QAE@XZ
??1TiXmlComment@@UAE@XZ
??1TiXmlDeclaration@@UAE@XZ
??1TiXmlDocument@@UAE@XZ
??1TiXmlElement@@UAE@XZ
??1TiXmlNode@@UAE@XZ
??1TiXmlText@@UAE@XZ
??1TiXmlUnknown@@UAE@XZ
??4CScopeToggler@@QAEAAV0@ABV0@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??4CTXCriticalSection@@QAEAAV0@ABV0@@Z
??4CTXHttpDownloadSink@@QAEAAV0@ABV0@@Z
??4CTXStringA@@QAEAAV0@ABV0@@Z
??4CTXStringA@@QAEAAV0@D@Z
??4CTXStringA@@QAEAAV0@PBD@Z
??4CTXStringW@@QAEAAV0@ABUtagVARIANT@@@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@_W@Z
??4CxExifInfo@CxImageJPG@@QAEAAV01@ABV01@@Z
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxImage@@QAEAAV0@ABV0@@Z
??4CxImageGIF@@QAEAAV0@ABV0@@Z
??4CxImageJPG@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??4CxPoint2@@QAEAAV0@ABV0@@Z
??4CxRect2@@QAEAAV0@ABV0@@Z
??4TiXmlComment@@QAEXABV0@@Z
??4TiXmlDeclaration@@QAEXABV0@@Z
??4TiXmlDocument@@QAEXABV0@@Z
??4TiXmlElement@@QAEXABV0@@Z
??4TiXmlText@@QAEXABV0@@Z
??4TiXmlUnknown@@QAEXABV0@@Z
??4VTXTCPDataSenderTimeOutCallback@@QAEAAV0@ABV0@@Z
??4VTXUDPDataSenderTimeOutCallback@@QAEAAV0@ABV0@@Z
??7CTXStringA@@QBE_NXZ
??7CTXStringW@@QBE_NXZ
??8@YA_NABVCTXStringA@@0@Z
??8@YA_NABVCTXStringA@@D@Z
??8@YA_NABVCTXStringA@@PBD@Z
??8@YA_NABVCTXStringW@@0@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??8@YA_NABVCTXStringW@@_W@Z
??8@YA_NDABVCTXStringA@@@Z
??8@YA_NPA_WABVCTXBSTR@@@Z
??8@YA_NPA_WABVCTXStringW@@@Z
??8@YA_NPBDABVCTXStringA@@@Z
??8@YA_NPB_WABVCTXBSTR@@@Z
??8@YA_NPB_WABVCTXStringW@@@Z
??8@YA_N_WABVCTXStringW@@@Z
??8CTXBSTR@@QBE_NABV0@@Z
??8CTXBSTR@@QBE_NPA_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
??8TiXmlAttribute@@QBE_NABV0@@Z
??9@YA_NABVCTXStringA@@0@Z
??9@YA_NABVCTXStringA@@D@Z
??9@YA_NABVCTXStringA@@PBD@Z
??9@YA_NABVCTXStringW@@0@Z
??9@YA_NABVCTXStringW@@PB_W@Z
??9@YA_NABVCTXStringW@@_W@Z
??9@YA_NDABVCTXStringA@@@Z
??9@YA_NPA_WABVCTXBSTR@@@Z
??9@YA_NPBDABVCTXStringA@@@Z
??9@YA_NPB_WABVCTXBSTR@@@Z
??9@YA_NPB_WABVCTXStringW@@@Z
??9@YA_N_WABVCTXStringW@@@Z
??9CTXBSTR@@QBE_NABV0@@Z
??9CTXBSTR@@QBE_NPA_W@Z
??9CTXBSTR@@QBE_NPB_W@Z
??ACTXStringA@@QBEDH@Z
??ACTXStringW@@QBE_WH@Z
??BCTXBSTR@@QBEPA_WXZ
??BCTXCriticalSection@@QAEPAU_RTL_CRITICAL_SECTION@@XZ
??BCTXStringA@@QBEPBDXZ
??BCTXStringW@@QBEPB_WXZ
??H@YA?AVCTXStringA@@ABV0@0@Z
??H@YA?AVCTXStringA@@ABV0@D@Z
??H@YA?AVCTXStringA@@ABV0@PBD@Z
??H@YA?AVCTXStringA@@DABV0@@Z
??H@YA?AVCTXStringA@@PBDABV0@@Z
??H@YA?AVCTXStringW@@ABV0@0@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??H@YA?AVCTXStringW@@ABV0@_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@_WABV0@@Z
??ICTXBSTR@@QAEPAPA_WXZ
??M@YA_NABVCTXStringA@@0@Z
??M@YA_NABVCTXStringA@@PBD@Z
??M@YA_NABVCTXStringW@@0@Z
??M@YA_NABVCTXStringW@@PB_W@Z
??M@YA_NPBDABVCTXStringA@@@Z
??M@YA_NPB_WABVCTXStringW@@@Z
??MCTXBSTR@@QBE_NABV0@@Z
??MCTXBSTR@@QBE_NPA_W@Z
??MCTXBSTR@@QBE_NPB_W@Z
??MTiXmlAttribute@@QBE_NABV0@@Z
??N@YA_NABVCTXStringA@@0@Z
??N@YA_NABVCTXStringA@@PBD@Z
??N@YA_NABVCTXStringW@@0@Z
??N@YA_NABVCTXStringW@@PB_W@Z
??N@YA_NPBDABVCTXStringA@@@Z
??N@YA_NPB_WABVCTXStringW@@@Z
??O@YA_NABVCTXStringA@@0@Z
??O@YA_NABVCTXStringA@@PBD@Z
??O@YA_NABVCTXStringW@@0@Z
??O@YA_NABVCTXStringW@@PB_W@Z
??O@YA_NPBDABVCTXStringA@@@Z
??O@YA_NPB_WABVCTXStringW@@@Z
??OCTXBSTR@@QBE_NABV0@@Z
??OCTXBSTR@@QBE_NPA_W@Z
??OCTXBSTR@@QBE_NPB_W@Z
??OTiXmlAttribute@@QBE_NABV0@@Z
??P@YA_NABVCTXStringA@@0@Z
??P@YA_NABVCTXStringA@@PBD@Z
??P@YA_NABVCTXStringW@@0@Z
??P@YA_NABVCTXStringW@@PB_W@Z
??P@YA_NPBDABVCTXStringA@@@Z
??P@YA_NPB_WABVCTXStringW@@@Z
??YCTXBSTR@@QAEAAV0@ABV0@@Z
??YCTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
??YCTXBSTR@@QAEAAV0@PB_W@Z
??YCTXStringA@@QAEAAV0@ABV0@@Z
??YCTXStringA@@QAEAAV0@D@Z
??YCTXStringA@@QAEAAV0@PBD@Z
??YCTXStringW@@QAEAAV0@ABUtagVARIANT@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
??YCTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??YCTXStringW@@QAEAAV0@_W@Z
??_7CTXCommPack@@6B@
??_7CTXCriticalSection@@6B@
??_7CTXHttpDownload@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpDownload@@6BCTXThreadModel@@@
??_7CTXHttpDownloadSink@@6B@
??_7CTXHttpUpload@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUpload@@6BCTXThreadModel@@@
??_7CTXHttpUploadBuffer@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUploadBuffer@@6BCTXThreadModel@@@
??_7CTXHttpUploadStandard@@6BCHttpTCPConnectorSink@@@
??_7CTXHttpUploadStandard@@6BCTXThreadModel@@@
??_7CTXTCPDataSender@@6B@
??_7CTXUDPDataSender@@6B@
??_7CxFile@@6B@
??_7CxImage@@6B@
??_7CxImageGIF@@6B@
??_7CxImageJPG@@6B@
??_7CxMemFile@@6B@
??_7TiXmlAttribute@@6B@
??_7TiXmlComment@@6B@
??_7TiXmlDeclaration@@6B@
??_7TiXmlDocument@@6B@
??_7TiXmlElement@@6B@
??_7TiXmlNode@@6B@
??_7TiXmlText@@6B@
??_7TiXmlUnknown@@6B@
??_7VTXTCPDataSenderTimeOutCallback@@6B@
??_7VTXUDPDataSenderTimeOutCallback@@6B@
??_FCxExifInfo@CxImageJPG@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Accept@TiXmlComment@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDeclaration@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlElement@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlText@@UBE_NPAVTiXmlVisitor@@@Z
?Accept@TiXmlUnknown@@UBE_NPAVTiXmlVisitor@@@Z
?Add@TiXmlAttributeSet@@QAEXPAVTiXmlAttribute@@@Z
?AddAveragingCont@CxImage@@IAEXABUtagRGBQUAD@@MAAM111@Z
?AddBuf@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?AddBuf@CTXCommPack@@QAEHPBEI@Z
?AddBufLenByte@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?AddBufLenDWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?AddBundleFile@TXStringBundle@@YAXPB_W0@Z
?AddByte@CTXCommPack@@QAEHE@Z
?AddConfigData@ModuleConfig@@YAJPB_W0@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?AddErrorSink@FS@@YAHPAUITXFileSystemErrorSink@@@Z
?AddEvent@CTXThreadModel@@IAEXPAX@Z
?AddFileSystem@FS@@YAJW4FILESYSTEM_TYPE@@PB_W1HHH@Z
?AddFmtString@TXStringBundle@@YAXABVCFmtString@@@Z
?AddFormData@CTXHttpDownload@@QAEXABVCTXStringW@@0@Z
?AddIdleCallback@Window@Util@@YAJPAVVTXMsgLoopIdleCallback@@@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@0@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@K@Z
?AddInfo@CTXHttpDownload@@QAEHABVCTXStringW@@PBEK@Z
?AddPack@CTXCommPack@@QAEHABV1@@Z
?AddPlugin@CoreCenter@Util@@YAHPA_WPAUITXData@@@Z
?AddRef@CCmdCodecBase@@MAGKXZ
?AddRelativeFileSystem@FS@@YAJPB_W00HH@Z
?AddStrA@CTXCommPack@@QAEHABVCTXStringA@@@Z
?AddStrAEndChar@CTXCommPack@@QAEHABVCTXStringA@@E@Z
?AddStrALenByte@CTXCommPack@@QAEHABVCTXStringA@@@Z
?AddStrALenDWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?AddStrALenWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?AddStrW@CTXCommPack@@QAEHABVCTXStringW@@@Z
?AddStrWEndChar@CTXCommPack@@QAEHABVCTXStringW@@E@Z
?AddStrWLenByte@CTXCommPack@@QAEHABVCTXStringW@@@Z
?AddStrWLenDWord@CTXCommPack@@QAEHABVCTXStringW@@H@Z
?AddStrWLenWord@CTXCommPack@@QAEHABVCTXStringW@@H@Z
?AddTLV@CTXCommPack@@QAEHEABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddTLV@CTXCommPack@@QAEHGABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddTLV@CTXCommPack@@QAEHKABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddToDeadQueue@Misc@Util@@YAXHP6AXXZ@Z
?AddUInt64@CTXCommPack@@QAEH_KH@Z
?AddVBuf@CTXCommPack@@IAEHABVCTXBuffer@@W4TXCommPackDataType@@@Z
?AddWord@CTXCommPack@@QAEHGH@Z
?Alloc@CxMemFile@@IAEXK@Z
?AllocSysString@CTXStringW@@QBEPA_WXZ
?AlphaClear@CxImage@@QAEXXZ
?AlphaCopy@CxImage@@QAE_NAAV1@@Z
?AlphaCreate@CxImage@@QAEXXZ
?AlphaDelete@CxImage@@QAEXXZ
?AlphaFlip@CxImage@@QAE_NXZ
?AlphaGet@CxImage@@QAEEJJ@Z
?AlphaGetMax@CxImage@@QBEEXZ
?AlphaGetPointer@CxImage@@QAEPAEJJ@Z
?AlphaInvert@CxImage@@QAEXXZ
?AlphaIsValid@CxImage@@QAE_NXZ
?AlphaMirror@CxImage@@QAE_NXZ
?AlphaPaletteClear@CxImage@@QAEXXZ
?AlphaPaletteEnable@CxImage@@QAEX_N@Z
?AlphaPaletteIsEnabled@CxImage@@QAE_NXZ
?AlphaPaletteIsValid@CxImage@@QAE_NXZ
?AlphaPaletteSplit@CxImage@@QAE_NPAV1@@Z
?AlphaSet@CxImage@@QAEXE@Z
?AlphaSet@CxImage@@QAEXJJE@Z
?AlphaSet@CxImage@@QAE_NAAV1@@Z
?AlphaSetMax@CxImage@@QAEXE@Z
?AlphaSplit@CxImage@@QAE_NPAV1@@Z
?AlphaStrip@CxImage@@QAEXXZ
?AnalyseResponseData@CTXHttpDownload@@AAEHAAH@Z
?AnalyseResponseHead@CTXHttpDownload@@AAEHXZ
?AnsiToUnicode@Convert@Util@@YA_NAAVCTXStringW@@PBDH@Z
?Append@CTXBSTR@@QAEJABV1@@Z
?Append@CTXBSTR@@QAEJD@Z
?Append@CTXBSTR@@QAEJPB_W@Z
?Append@CTXBSTR@@QAEJPB_WH@Z
?Append@CTXBSTR@@QAEJ_W@Z
?Append@CTXStringA@@QAEXABV1@@Z
?Append@CTXStringA@@QAEXPBD@Z
?Append@CTXStringA@@QAEXPBDH@Z
?Append@CTXStringW@@QAEXABV1@@Z
?Append@CTXStringW@@QAEXPB_W@Z
?Append@CTXStringW@@QAEXPB_WH@Z
?AppendBSTR@CTXBSTR@@QAEJPA_W@Z
?AppendBSTR@CTXStringW@@QAEXPA_W@Z
?AppendBytes@CTXBSTR@@QAEJPBDH@Z
?AppendChar@CTXStringA@@QAEXD@Z
?AppendChar@CTXStringW@@QAEX_W@Z
?AppendFormat@CTXStringW@@QAAXPB_WZZ
?ApplyProxyInfoToHttp@Network@Util@@YAXXZ
?ApplySettings@CTXTCPDataSender@@IAEXPAUITXData@@PAUtagTXTCPPacket@@@Z
?ApplySettings@CTXUDPDataSender@@IAEXPAUITXData@@PAUtagTXUDPPacket@@@Z
?ApproachMem@TXLog@@YAXK@Z
?ArrayToBSTR@CTXBSTR@@QAEJPBUtagSAFEARRAY@@@Z
?AssignBSTR@CTXBSTR@@QAEJQA_W@Z
?Attach@CTXBSTR@@QAEXPA_W@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAH@Z
?Attribute@TiXmlElement@@QBEPBDPBDPAN@Z
?BIG5ToUnicode@Convert@Util@@YA_NAAVCTXStringW@@PBDH@Z
?BSTRToArray@CTXBSTR@@QAEJPAPAUtagSAFEARRAY@@@Z
?Base64Encode@Encode@Util@@YA?AVCTXStringW@@ABVCTXBuffer@@H@Z
?Bitfield2RGB@CxImage@@IAEXPAEGGGE@Z
?Blank@TiXmlText@@IBE_NXZ
?BlendPalette@CxImage@@QAEXKJ@Z
?BlendPixelColor@CxImage@@QAEXJJUtagRGBQUAD@@M_N@Z
?BlindAlphaGet@CxImage@@IAEEJJ@Z
?BlindGetPixelColor@CxImage@@IAE?AUtagRGBQUAD@@JJ@Z
?BlindGetPixelIndex@CxImage@@IAEEJJ@Z
?BlindGetPixelPointer@CxImage@@IAEPAXJJ@Z
?BrokenCodec@CCmdCodecBase@@IAEXPB_W@Z
?BuildRqHead@CTXHttpDownload@@AAEHAAVCTXStringA@@@Z
?ByteLength@CTXBSTR@@QBEIXZ
?CDATA@TiXmlText@@QBE_NXZ
?CPConvert@Encoding@XmlText@@YAHHPBD@Z
?CRC32@Encode@Util@@YAKKPBEH@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
?CancelResolve@HostResolve@Util@@YAJK@Z
?CancelUpload@CTXHttpUpload@@QAEXXZ
?CancelUpload@CTXHttpUploadBuffer@@QAEXXZ
?CancelUpload@CTXHttpUploadStandard@@QAEXXZ
?Center@CxRect2@@QBE?AVCxPoint2@@XZ
?ChangeConfig@CCmdCodecBase@@IAEXHH@Z
?ChangeConfig@CTXTLVCodecBase@@IAEX_N@Z
?CheckBufEndChar@CTXCommPack@@QAEHE@Z
?CheckBuffer@CTXCommPack@@IAEHI@Z
?CheckModuleChange@TXLog@@YAXXZ
?CheckOutOverflow@CTXCommPack@@IAEHI@Z
?CheckRunMode@CTXCommPack@@IAEHW4RunMode@1@@Z
?CheckUinValid@Extend@Util@@YAHPA_W@Z
?CheckVistaAndStartSelfMediumLevel@Sys@Util@@YAHXZ
?CircleTransform@CxImage@@QAE_NHJM@Z
?Clear@CxImage@@QAEXE@Z
?Clear@CxImageGIF@@IAEXEAAUtag_image@1@@Z
?Clear@TiXmlNode@@QAEXXZ
?ClearError@TiXmlDocument@@QAEXXZ
?ClearRequestHeader@CTXHttpDownload@@QAEXXZ
?ClearThis@TiXmlElement@@IAEXXZ
?Clone@TiXmlComment@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDeclaration@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlElement@@UBEPAVTiXmlNode@@XZ
?Clone@TiXmlText@@MBEPAVTiXmlNode@@XZ
?Clone@TiXmlUnknown@@UBEPAVTiXmlNode@@XZ
?Close@CxMemFile@@UAE_NXZ
?CloseReuseTCP@CTXHttpDownload@@QAEXXZ
?ClrBit@BitManip@Util@@YAXKAAKH@Z
?ClrBit@BitManip@Util@@YAXKAAVCTXBuffer@@H@Z
?ClrBit@BitManip@Util@@YAXKAA_JH@Z
?CodeAddBuffer@CTXTLVCodecBase@@IAEXEPAUITXBuffer@@@Z
?CodeArrayBuffer@CCmdCodecBase@@IAEXXZ
?CodeArrayBufferLenHead@CCmdCodecBase@@IAEXW4CMDFIELDTYPE@@@Z
?CodeArrayLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@H@Z
?CodeArrayNumber@CCmdCodecBase@@IAEXW4TX_DATA_TYPE@@@Z
?CodeArrayString@CCmdCodecBase@@IAEXI@Z
?CodeArrayStringEndChar@CCmdCodecBase@@IAEXD@Z
?CodeArrayStringLenHead@CCmdCodecBase@@IAEXW4CMDFIELDTYPE@@@Z
?CodeArrayTXDataBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeArrayTXDataBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeArrayTXDataNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CodeArrayTXDataString@CCmdCodecBase@@IAEXPB_WI@Z
?CodeArrayTXDataStringEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeArrayTXDataStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeArrayToEnd@CCmdCodecBase@@IAEXPB_WH@Z
?CodeBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeBuffer@CTXTLVCodecBase@@IAEXEPB_WK@Z
?CodeBufferEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeByte@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeByteEx@CTXTLVCodecBase@@IAEXEPB_WE_N1@Z
?CodeChar@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeCharEx@CTXTLVCodecBase@@IAEXEPB_WD_N1@Z
?CodeDWord@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeDWordEx@CTXTLVCodecBase@@IAEXEPB_WK_N1@Z
?CodeEndArray@CCmdCodecBase@@IAEXXZ
?CodeInt@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeIntEx@CTXTLVCodecBase@@IAEXEPB_WH_N1@Z
?CodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?CodeShort@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeShortEx@CTXTLVCodecBase@@IAEXEPB_WF_N1@Z
?CodeString@CCmdCodecBase@@IAEXPB_WI@Z
?CodeStringEndChar@CCmdCodecBase@@IAEXPB_WD@Z
?CodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeTXData@CCmdCodecBase@@UAGJPAUITXData@@PAPAUITXBuffer@@@Z
?CodeWord@CTXTLVCodecBase@@IAEXEPB_W@Z
?CodeWordEx@CTXTLVCodecBase@@IAEXEPB_WG_N1@Z
?CodecTLV@CTXTLVCodecBase@@UAGJKPAUITXData@@PAPAUITXBuffer@@@Z
?Collate@CTXStringW@@QBEHPB_W@Z
?CollateNoCase@CTXStringW@@QBEHPB_W@Z
?Colorize@CxImage@@QAE_NEEM@Z
?Colorize@CxImage@@QAE_NNNN@Z
?Combine@CxImage@@QAE_NPAV1@000J@Z
?CombinePath@FS@Util@@YA?AVCTXStringW@@ABV3@0@Z
?CombineQNC@FS@@YA?AVCTXStringW@@PB_W0@Z
?CommitChange@FS@@YAHPB_W@Z
?Compare@CTXStringA@@QBEHPBD@Z
?Compare@CTXStringW@@QBEHPB_W@Z
?CompareColors@CxImage@@KAHPBX0@Z
?CompareNoCase@CTXStringA@@QBEHPBD@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?ConnectToServer@CTXHttpDownload@@AAEHXZ
?Contour@CxImage@@QAE_NXZ
?ConventAnsiBufferToBSTR@SSOConvert@Util@@YAHAAVCTXBuffer@@AAVCTXBSTR@@H@Z
?ConvertAnyFormat@CxExifInfo@CxImageJPG@@IAENPAXH@Z
?ConvertTXArraySpecialLabel@Convert@Util@@YAHPAUITXArray@@PA_W@Z
?ConvertTXArrayStringBundle@Convert@Util@@YAHPAUITXArray@@@Z
?ConvertTXBufferToTXSSOBuffer@SSOConvert@Util@@YAJPAUITXBuffer@@PAPAUITXSSOBuffer@@@Z
?ConvertTXDataSpecialLabel@Convert@Util@@YAHPAUITXData@@PA_W@Z

Sections

.text
Size: 940KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 419KB - Virtual size: 419KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/bin/SSOLUIControl.dll
.dll regsvr32 windows:5 windows x86 arch:x86

102da556961e51c8ca543662a644c09c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:5f:6d:19:b4:90:3a:d8:23:41:45:79:14:67:c3:13:80:63:9e:f9
Signer

Actual PE Digest

5d:5f:6d:19:b4:90:3a:d8:23:41:45:79:14:67:c3:13:80:63:9e:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\output\bin\SSOLUIControl.pdb

Imports

ssocommon

?Mid@CTXStringW@@QBE?AV1@HH@Z
?Empty@CTXStringW@@QAEXXZ
?OpenUrlWithDefault@UrlBase@Util@@YAXABVCTXStringW@@@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?Delete@CTXStringW@@QAEHHH@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?AddBufLenByte@CTXCommPack@@QAEHABVCTXBuffer@@@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?RecordTransEnd@Perf@Util@@YAJ_JPB_WHH11H@Z
?RecordTransBegin@Perf@Util@@YA_JPB_WHH00@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?SBCToDBC@Convert@Util@@YA_NAAVCTXStringW@@@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?AddStrALenByte@CTXCommPack@@QAEHABVCTXStringA@@@Z
??1CTXStringA@@QAE@XZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?StringToIntW@Convert@Util@@YA_NPB_WAAH@Z
?Mid@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEH_WH@Z
??8@YA_NABVCTXStringW@@PB_W@Z
??8CTXBSTR@@QBE_NPB_W@Z
?Length@CTXBSTR@@QBEIXZ
?Right@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEHPB_WH@Z
??M@YA_NABVCTXStringW@@0@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?GetLocalePath@TXI18N@@YA?AVCTXStringW@@PB_W@Z
?GetAt@CTXStringW@@QBE_WH@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
?MakeUpper@CTXStringW@@QAEAAV1@XZ
?Trim@CTXStringW@@QAEAAV1@XZ
?Detach@CTXBSTR@@QAEPA_WXZ
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetLCID@TXI18N@@YAKXZ
??0CTXStringW@@QAE@PA_W@Z
??0CTXStringW@@QAE@ABV0@@Z
?GetLength@CTXStringW@@QBEHXZ
??ACTXStringW@@QBE_WH@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??0CTXBSTR@@QAE@ABV0@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@PB_W@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?GetBSTRPtr@CTXStringW@@QAEPAPA_WXZ
?SetBufferIn@CTXCommPack@@QAEXPBEIH@Z
?ConvertTXSSOBufferToTXBuffer@SSOConvert@Util@@YAJPAUITXSSOBuffer@@PAPAUITXBuffer@@@Z
?ConvertTXSSODataToTXData@SSOConvert@Util@@YAJPAUITXSSOData@@PAPAUITXData@@@Z
?StringToDWordW@Convert@Util@@YA_NPB_WAAK@Z
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXBSTR@@QAEHXZ
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??ICTXBSTR@@QAEPAPA_WXZ
?GetBuf@CTXCommPack@@QAEHPAEHH@Z
?GetWord@CTXCommPack@@QAEHAAGHH@Z
??0CTXStringW@@QAE@XZ
?GetString@CTXCommPack@@QAEHAAVCTXStringW@@HHH@Z
?GetDWord@CTXCommPack@@QAEHAAKHH@Z
?GetByte@CTXCommPack@@QAEHAAEH@Z
??1CTXBSTR@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXBSTR@@QAE@PB_W@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
??BCTXBSTR@@QBEPA_WXZ
??1CTXCommPack@@UAE@XZ
??0CTXCommPack@@QAE@XZ
??0CTXStringW@@QAE@PB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??1CTXStringW@@QAE@XZ
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??0CxImage@@QAE@K@Z
??1CxImage@@UAE@XZ
?Draw@CxImage@@QAEJPAUHDC__@@JJJJPAUtagRECT@@PAK_N@Z
??0CxMemFile@@QAE@KPAE@Z
?LoadGif@CxImageHelper@@YAPAVCxImage@@PAVCxFile@@AAH@Z
?GetWidth@CxImage@@QBEKXZ
?Load@CxImage@@QAE_NPAVCxFile@@K@Z
?GetHeight@CxImage@@QBEKXZ
??1CxMemFile@@UAE@XZ

kernel32

SetEnvironmentVariableA
CompareStringW
LoadLibraryW
CreateFileW
WriteConsoleW
SetStdHandle
GetStringTypeW
FreeEnvironmentStringsW
GetModuleFileNameA
LCMapStringW
InterlockedCompareExchange
InterlockedPushEntrySList
HeapFree
GetProcessHeap
HeapAlloc
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
HeapDestroy
HeapReAlloc
HeapSize
RtlUnwind
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
VirtualProtect
GetSystemInfo
VirtualQuery
GetCommandLineA
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
FlushFileBuffers
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LockResource
LoadResource
SizeofResource
FindResourceW
lstrlenW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
SetThreadLocale
GetThreadLocale
GetWindowsDirectoryW
GetSystemDirectoryW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FlushInstructionCache
GetCurrentProcess
MulDiv
lstrlenA
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
SetLastError
lstrcpynW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetTimeZoneInformation
Sleep
HeapCreate
ExitProcess
GetEnvironmentStringsW

user32

EnableWindow
IsDialogMessageW
GetDesktopWindow
DialogBoxParamW
DrawTextW
GetWindow
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
EndDialog
GetSystemMetrics
GetCapture
ReleaseCapture
SystemParametersInfoW
SetCursor
GetSysColor
InflateRect
SetScrollInfo
GetScrollInfo
ShowScrollBar
GetScrollPos
SetCapture
IsWindowVisible
PostMessageW
ScreenToClient
SendMessageW
GetWindowRect
MoveWindow
CreateDialogParamW
FillRect
GetSysColorBrush
GetDlgItem
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
CreateWindowExW
RegisterClassExW
GetKeyState
IsWindow
GetParent
IsChild
SetFocus
GetDC
ReleaseDC
LoadCursorW
GetClassInfoExW
ShowWindow
UnionRect
PtInRect
GetClientRect
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
DestroyWindow
CharNextW
CallWindowProcW
GetWindowLongW
SetWindowLongW
DefWindowProcW
KillTimer
SetTimer
InvalidateRect
GetUpdateRect
EndPaint
BeginPaint
GetFocus
UnregisterClassA

gdi32

CloseMetaFile
RestoreDC
DeleteMetaFile
SetWindowOrgEx
SaveDC
GetDeviceCaps
GetClipRgn
CreateRectRgn
SelectClipRgn
Rectangle
SetTextAlign
TextOutW
SetWindowExtEx
CreateFontIndirectW
GetTextExtentExPointW
GetObjectW
DPtoLP
CreateRectRgnIndirect
CreateSolidBrush
SetBkColor
GetStockObject
SetTextColor
SetBkMode
SelectObject
DeleteObject
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW

advapi32

RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW

ole32

ReadClassStm
OleSaveToStream
WriteClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoLoadLibrary
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
OleRegEnumVerbs

oleaut32

SysStringLen
SysFreeString
SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
OleCreatePropertyFrame
LoadRegTypeLi

wininet

InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/bin/SSOPlatform.dll
.dll regsvr32 windows:5 windows x86 arch:x86

1f8befbdc0b78a34f8db992a8a2d2d9b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5b:74:77:24:65:26:63:ee:11:26:90:03:28:2a:6f:1e:6d:9e:32:78
Signer

Actual PE Digest

5b:74:77:24:65:26:63:ee:11:26:90:03:28:2a:6f:1e:6d:9e:32:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\output\bin\SSOPlatform.pdb

Imports

ws2_32

inet_addr
WSAEnumProtocolsA
WSAGetLastError

ssocommon

??8@YA_NPA_WABVCTXBSTR@@@Z
?Tokenize@CTXStringW@@QBE?AV1@PB_WAAH@Z
??8@YA_NABVCTXStringW@@PB_W@Z
?CompareNoCase@CTXStringW@@QBEHPB_W@Z
?Insert@CTXStringW@@QAEHHPB_W@Z
?FirstChild@TiXmlNode@@QAEPAV1@PBD@Z
?NextSibling@TiXmlNode@@QAEPAV1@PBD@Z
?GetText@TiXmlElement@@QBEPBDXZ
?Trim@CTXStringW@@QAEAAV1@PB_W@Z
??0TiXmlDocument@@QAE@XZ
??1TiXmlDocument@@UAE@XZ
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ErrorDesc@TiXmlDocument@@QBEPBDXZ
?GenerateEx@CComputerIDGenerator@@QAEHPAE@Z
?Generate@CComputerIDGenerator@@QAEKPAE@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@PBD@Z
??1CTXStringW@@QAE@XZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?GetIEProxyUserName@Network@Util@@YAHAAVCTXStringW@@0@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
?GetUInt64@CTXCommPack@@QAEHAA_KHH@Z
??9@YA_NABVCTXStringW@@0@Z
?GetHttpAuthType@NetworkEnv@Util@@YAJPAJ@Z
?GetBuffer@CTXStringA@@QAEPADH@Z
?LoadXmlByContent@FS@Util@@YAHPA_WPAPAUIXMLDOMDocument@@@Z
??ACTXStringW@@QBE_WH@Z
?GetLength@CTXStringA@@QBEHXZ
??0CTXStringA@@QAE@UtagGBK@@PB_WH@Z
??0CTXBSTR@@QAE@HPB_W@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
??YCTXStringW@@QAEAAV0@_W@Z
?GetAt@CTXStringW@@QBE_WH@Z
?Detach@CTXBSTR@@QAEPA_WXZ
?Attach@CTXBSTR@@QAEXPA_W@Z
?IsFileExist@FS@@YAHPB_W@Z
?GetBinDir@Dir@Util@@YA?AVCTXStringW@@XZ
?GetParentDir@FS@Util@@YA?AVCTXStringW@@V3@@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?CancelResolve@HostResolve@Util@@YAJK@Z
?Resolve@HostResolve@Util@@YAJPA_WPAUITXHostResolverSink@@PAK@Z
?GetHostByName@HostResolve@Util@@YAJPA_WPAPA_W@Z
?OnConnecting@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnConnected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@@Z
?OnDownloadStart@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?OnProgress@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@KK@Z
?OnRedirected@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@PB_W@Z
?OnError@CTXHttpDownloadSink@@UAEXPAVCTXHttpDownload@@K@Z
?Run@CTXHttpDownload@@EAEIXZ
?Decode16@Encode@Util@@YAHABVCTXStringW@@AAVCTXBuffer@@@Z
?QueryInfo@CTXHttpDownload@@QAEHABVCTXStringW@@AAV2@H@Z
?GetDownloadedBuffer@CTXHttpDownload@@QAEHPAPAEPAK@Z
??1CTXHttpDownload@@UAE@XZ
?DownloadToBuffer@CTXHttpDownload@@QAEHPB_WPAU_SYSTEMTIME@@@Z
?SetUIInterface@CTXHttpDownload@@QAEXPAVCTXHttpDownloadSink@@@Z
??0CTXHttpDownload@@QAE@XZ
?GetBSTRPtr@CTXStringW@@QAEPAPA_WXZ
?GetTXDataBuf@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXBuffer@@@Z
?CancelDownload@CTXHttpDownload@@QAEXXZ
??1CTXHttpDownloadSink@@UAE@XZ
??0CTXHttpDownloadSink@@IAE@XZ
??0CTXStringW@@QAE@PB_WH@Z
?EraseAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?CreateFileW@FS@@YAHPB_WKPAPAUITXFile@@@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
?Replace@CTXStringW@@QAEHPB_W0@Z
wcslcat
?GenerateG1@CComputerIDGenerator@@QAEKPAE@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
?Mid@CTXStringW@@QBE?AV1@H@Z
?TrimRight@CTXStringW@@QAEAAV1@XZ
??BCTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@PBDH@Z
?GetDecodeNumberSigned@CCmdCodecBase@@IAEHPB_W@Z
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?StringToIP@Network@Util@@YAKPB_W@Z
?DecodeBuffer@CCmdCodecBase@@UAGJPAUITXBuffer@@PAPAUITXData@@PAU3@@Z
?CodeTXData@CCmdCodecBase@@UAGJPAUITXData@@PAPAUITXBuffer@@@Z
?Release@CCmdCodecBase@@MAGKXZ
?AddRef@CCmdCodecBase@@MAGKXZ
?QueryInterface@CCmdCodecBase@@MAGJABU_GUID@@PAPAX@Z
?AddStrALenWord@CTXCommPack@@QAEHABVCTXStringA@@H@Z
?AddPack@CTXCommPack@@QAEHABV1@@Z
?GetTimeOffsetUTC@NLS@@YAJXZ
?GetLCID@NLS@@YAKXZ
?Left@CTXStringW@@QBE?AV1@H@Z
?ReleaseBuffer@CTXStringW@@QAEXH@Z
?GetBuffer@CTXStringW@@QAEPA_WH@Z
?AddUInt64@CTXCommPack@@QAEH_KH@Z
?Random@Sys@Util@@YAHXZ
??4CTXStringW@@QAEAAV0@PB_W@Z
?IPToString@Network@Util@@YA?AVCTXStringW@@K@Z
?Encode16@Encode@Util@@YA?AVCTXStringW@@ABVCTXBuffer@@@Z
?CRC32@Encode@Util@@YAKKPBEH@Z
??1CCmdCodecBase@@UAE@XZ
??0CCmdCodecBase@@QAE@XZ
?GetBuf@CTXCommPack@@QAEHPAPBEHH@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
?CodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?BrokenCodec@CCmdCodecBase@@IAEXPB_W@Z
?GetIEProxySetting@Network@Util@@YAHPAUITXData@@AAE@Z
?GetBindIPFromTargetIP@Network@Util@@YAKKPAK@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
??0CTXStringW@@QAE@ABV0@@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??0CTXBSTR@@QAE@PB_W@Z
?Empty@CTXStringW@@QAEXXZ
??0CTXCommPack@@QAE@XZ
??1CTXCommPack@@UAE@XZ
?AddWord@CTXCommPack@@QAEHGH@Z
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
?GetWord@CTXCommPack@@QAEHAAGHH@Z
?AddDWord@CTXCommPack@@QAEHKH@Z
?GetDWord@CTXCommPack@@QAEHAAKHH@Z
?AddBuf@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?SetBufferIn@CTXCommPack@@QAEXAAVCTXBuffer@@H@Z
?AddByte@CTXCommPack@@QAEHE@Z
?GetByte@CTXCommPack@@QAEHAAEH@Z
?Empty@CTXBSTR@@QAEXXZ
?DecodeString@CCmdCodecBase@@IAEXPB_WI@Z
?DecodeStringLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?GetDecodeNumberUnsigned@CCmdCodecBase@@IAEKPB_W@Z
?DecodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?DecodeBuffer@CCmdCodecBase@@IAEXPB_WI@Z
?DecodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
?EnableUnicodeString@CCmdCodecBase@@IAEXH@Z
?CodeBufferLenHead@CCmdCodecBase@@IAEXPB_WW4CMDFIELDTYPE@@@Z
?CodeBuffer@CCmdCodecBase@@IAEXPB_W@Z
?CodeNumber@CCmdCodecBase@@IAEXPB_WW4TX_DATA_TYPE@@@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
??M@YA_NABVCTXStringW@@0@Z
?IsEmpty@CTXStringW@@QBE_NXZ
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
??1CFmtString@@QAE@XZ
??0CFmtString@@QAE@XZ
??8CTXBSTR@@QBE_NABV0@@Z
?ConvertTXSSOBufferToTXBuffer@SSOConvert@Util@@YAJPAUITXSSOBuffer@@PAPAUITXBuffer@@@Z
?CopyTXDataField@Data@Util@@YAHPAUITXDataRead@@PAUITXData@@PB_W2@Z
?Find@CTXStringW@@QBEH_WH@Z
?TrimLeft@CTXStringW@@QAEAAV1@XZ
??0CTXBSTR@@QAE@XZ
??ICTXBSTR@@QAEPAPA_WXZ
?Preallocate@CTXStringW@@QAEXH@Z
??YCTXStringW@@QAEAAV0@ABV0@@Z
?GetString@CTXStringW@@QBEPB_WXZ
?GetBufferByteLeft@CTXCommPack@@QBEHXZ
?JumpBuf@CTXCommPack@@QAEHH@Z
?GetMacGuid@CComputerIDGenerator@@SAHPAEAAVCTXStringW@@@Z
??8CTXBSTR@@QBE_NPB_W@Z
?GetLCID@TXI18N@@YAKXZ
?AddBuf@CTXCommPack@@QAEHPBEI@Z
?StringToDWordW@Convert@Util@@YA_NPB_WAAK@Z
?Right@CTXStringW@@QBE?AV1@H@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?CreateChannel@Connection@Util@@YAJHPAPAUITXChannel@@@Z
?IsCSSubSendData@Misc@Util@@YAHPAUITXData@@@Z
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?GetClientType@ClientType@ProductConfig@Util@@YAJPAK@Z
??0CTXBSTR@@QAE@ABU_GUID@@@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
?Find@CTXStringW@@QBEHPB_WH@Z
?GetLength@CTXStringW@@QBEHXZ
??4CTXStringW@@QAEAAV0@ABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
?GetProcessName@SystemHelp@Util@@YA?AVCTXStringW@@K@Z
?CreateTXData@SSOData@Util@@YAHPAPAUITXSSOData@@@Z
?CreateTXBuffer@SSOData@Util@@YAHPAPAUITXSSOBuffer@@@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?ConvertTXSSODataToTXData@SSOConvert@Util@@YAJPAUITXSSOData@@PAPAUITXData@@@Z
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?Trim@CTXStringW@@QAEAAV1@XZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?GetString@CTXStringA@@QBEPBDXZ
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
?InitNetwork@Network@Util@@YAHXZ
?InitDownloadTempDirectory@CTXHttpDownload@@SAXPB_W@Z
?GetSSOTempDir@Dir@Util@@YA?AVCTXStringW@@XZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?OnExitWinMain@Misc@Util@@YAXXZ
?OnUninitCom@Misc@Util@@YAXXZ
?OnExitCoreCenter@Misc@Util@@YAXXZ
?ConvertTXDataToTXSSOData@SSOConvert@Util@@YAJPAUITXData@@PAPAUITXSSOData@@@Z
?SetConfigFile@TXI18N@@YAHPB_W0@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?GetRootDir@Dir@Util@@YA?AVCTXStringW@@XZ
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
?IsEmpty@CTXBSTR@@QAEHXZ
?SetUserLCID@TXI18N@@YAXK@Z
?NotifyIdle@TXTimer@@YAXXZ
?GetUserDefaultLCID@NLS@@YAKXZ
?SetLCID@NLS@@YAHK@Z
??0CTXStringW@@QAE@PB_W@Z
??1CTXStringA@@QAE@XZ
??0CTXBSTR@@QAE@ABV0@@Z
?Length@CTXBSTR@@QBEIXZ
?Encode16@Encode@Util@@YA?AVCTXStringW@@PBXI@Z
??8CTXBSTR@@QBE_NPA_W@Z
?FlushLog@TXLog@@YAXXZ
?CreateTXArray@SSOData@Util@@YAHPAPAUITXSSOArray@@@Z
?CopyTXDataField@SSOData@Util@@YAHPAUITXSSODataRead@@PAUITXSSOData@@PB_W2@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?AppendFormat@CTXStringW@@QAAXPB_WZZ

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetIpAddrTable
GetIpForwardTable
GetAdaptersAddresses

psapi

GetModuleBaseNameW

kernel32

SetHandleCount
GetTimeZoneInformation
WideCharToMultiByte
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
IsValidCodePage
GetOEMCP
GetACP
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
HeapCreate
ExitProcess
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
ExitThread
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExW
LockResource
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
SetConsoleCtrlHandler
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
CompareStringW
SetEnvironmentVariableA
GetModuleHandleA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
LoadLibraryW
OpenProcess
ReadFile
GetDiskFreeSpaceExW
GetVolumeInformationW
GetSystemDirectoryW
CreateDirectoryW
GetCommandLineW
GetComputerNameW
GlobalFree
GlobalAlloc
GetFileAttributesW
VirtualProtect
VirtualFree
VirtualAlloc
QueueUserWorkItem
VirtualQuery
UnmapViewOfFile
VirtualLock
SetProcessWorkingSetSize
GetCurrentProcess
GetProcessWorkingSetSize
MapViewOfFile
CreateFileMappingW
GetSystemInfo
CreateFileW
SetThreadLocale
GetThreadLocale
OutputDebugStringA
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
RaiseException
lstrcmpiW
lstrlenW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
LocalFree
GetVersionExW
GetProcAddress
LoadLibraryA
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
TerminateThread
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ReleaseMutex
OpenMutexW
SetEndOfFile
CreateMutexW
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
CreateFileA
GetLastError

user32

GetWindowThreadProcessId
IsWindow
DestroyWindow
PostMessageW
GetWindowLongW
DefWindowProcW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetClassNameW
GetWindowTextW
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
EnumWindows
SendMessageTimeoutW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
ShowWindow
GetDesktopWindow
SendMessageW
CharNextW
SetWindowLongW

gdi32

GetStockObject

advapi32

CryptGenRandom
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
CryptReleaseContext
CryptAcquireContextW
RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey

shell32

SHGetSpecialFolderPathW

ole32

StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateGuid
CoCreateInstance
CoTaskMemFree

oleaut32

VariantInit
LoadRegTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
RegisterTypeLi
VarUI4FromStr
VariantClear

wininet

InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1018KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TXSSO/bin/npSSOAxCtrlForPTLogin.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0a7e98683fa464ed3c55c5c2e310579c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

17-01-2013 00:00

Not After

16-02-2016 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:8f:d9:ca:ee:1c:06:21:02:5e:2e:93:1e:02:6f:b9:70:4a:2d:65
Signer

Actual PE Digest

0e:8f:d9:ca:ee:1c:06:21:02:5e:2e:93:1e:02:6f:b9:70:4a:2d:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Code\ssosmp_pr\trunk\SmpSSOProj\SSOPlatform\TXSSO\output\bin\npSSOAxCtrlForPTLogin.pdb

Imports

gdiplus

GdiplusStartup
GdipFree
GdipAlloc
GdipDeleteBrush
GdipCreatePen1
GdipDeletePen
GdipDeleteGraphics
GdipCreateSolidFill
GdipCreateFromHDC
GdipSetSmoothingMode
GdipDrawLineI
GdiplusShutdown
GdipDrawRectangleI
GdipFillRectangleI
GdipCloneBrush
GdipFillEllipseI

ssocommon

?CreateTXBuffer@SSOData@Util@@YAHPAPAUITXSSOBuffer@@@Z
??0CTXStringW@@QAE@PB_W@Z
?ReverseFind@CTXStringW@@QBEH_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?Left@CTXStringW@@QBE?AV1@H@Z
??ACTXStringW@@QBE_WH@Z
??ICTXBSTR@@QAEPAPA_WXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
?Detach@CTXBSTR@@QAEPA_WXZ
?GetLength@CTXStringW@@QBEHXZ
??0CTXStringW@@QAE@ABV0@@Z
??0CTXStringW@@QAE@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??0CTXBSTR@@QAE@PB_W@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
??1CTXBSTR@@QAE@XZ
??BCTXBSTR@@QBEPA_WXZ
??0CTXStringW@@QAE@XZ
?Format@CTXStringW@@QAAXPB_WZZ
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
??BCTXStringW@@QBEPB_WXZ
??0CTXStringW@@QAE@UtagUTF8@@PBDH@Z
?GetString@CTXStringW@@QBEPB_WXZ
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
?Encode16@Encode@Util@@YA?AVCTXStringW@@PBXI@Z
??1CTXStringW@@QAE@XZ
?Utf8FromWS@Convert@Util@@YA?AVCTXStringA@@PB_WH@Z
?GetString@CTXStringA@@QBEPBDXZ
??1CTXStringA@@QAE@XZ
?FlushLog@TXLog@@YAXXZ
??0CTXBSTR@@QAE@XZ

kernel32

TerminateProcess
IsDebuggerPresent
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
Sleep
ExitProcess
HeapCreate
GetCPInfo
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
lstrlenW
GetWindowsDirectoryW
GetSystemDirectoryW
GetModuleFileNameW
GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetLastError
MultiByteToWideChar
lstrlenA
RaiseException
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
HeapAlloc
GetCurrentProcess
FreeLibrary
SetLastError
LoadLibraryW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
SetThreadLocale
GetThreadLocale
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
ReleaseMutex
CreateMutexW
UnmapViewOfFile
CloseHandle
MapViewOfFile
OpenFileMappingW
GetACP
GetOEMCP
IsValidCodePage
WriteFile
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
RtlUnwind
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
VirtualProtect
GetSystemInfo
VirtualQuery
GetCommandLineA
UnhandledExceptionFilter
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
GetStringTypeW
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
FlushInstructionCache

user32

InvalidateRect
ShowWindow
IsWindowVisible
SetWindowLongW
GetWindowLongW
BeginPaint
EndPaint
SetTimer
KillTimer
GetClassInfoExW
LoadCursorW
MoveWindow
SetCursor
GetWindowRect
DestroyWindow
CloseWindow
SetFocus
CallWindowProcW
DefWindowProcW
CreateWindowExW
RegisterClassExW
FillRect
CharNextW
IsChild
GetFocus
GetParent
ReleaseDC
GetDC
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetClientRect
PtInRect
UnionRect
IsWindow
GetKeyState
UnregisterClassA
SetWindowPos

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
CreateCompatibleBitmap
SetWindowOrgEx
CreateMetaFileW
CreateDCW
SetViewportOrgEx
SetMapMode
LPtoDP
Ellipse
LineTo
MoveToEx
Rectangle
SelectObject
CreateSolidBrush
SaveDC
DeleteDC
BitBlt
SetWindowExtEx
CreatePen
DeleteObject

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExA
RegCloseKey
RegEnumKeyExW

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CreateOleAdviseHolder
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CoLoadLibrary

oleaut32

LoadTypeLi
VariantInit
CreateErrorInfo
SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysStringLen
SysAllocString
SysFreeString
VariantChangeType
LoadRegTypeLi
OleCreatePropertyFrame
VariantClear

shlwapi

PathFileExistsW
SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeA

imm32

ImmAssociateContext

wininet

InternetCrackUrlA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
X64Helper.exe
.exe windows:4 windows x64 arch:x64

43aa3688c85832abdc9e6325cc2034f7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

43:64:52:d2:e3:b3:9a:f2:27:ca:d7:2a:5c:dd:9b:c1:66:1b:15:f2:3c:be:1f:ff:24:8b:44:23:2f:e6:9f:9d
Signer

Actual PE Digest

43:64:52:d2:e3:b3:9a:f2:27:ca:d7:2a:5c:dd:9b:c1:66:1b:15:f2:3c:be:1f:ff:24:8b:44:23:2f:e6:9f:9d

Digest Algorithm

sha256

PE Digest Matches

true

c7:fe:b7:eb:2e:58:a5:84:c3:d2:ab:f3:34:32:72:f1:12:d7:05:cb
Signer

Actual PE Digest

c7:fe:b7:eb:2e:58:a5:84:c3:d2:ab:f3:34:32:72:f1:12:d7:05:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\QQLive_Dailybuild\src\symbol\X64Helper.pdb

Imports

kernel32

DeleteCriticalSection
AllocConsole
SetEvent
GetCommandLineW
FreeConsole
LoadLibraryW
FreeLibrary
LocalFree
InitializeCriticalSection
GetCurrentThreadId
CreateProcessW
GetProcAddress
RaiseException
GetModuleHandleW
GetModuleFileNameW
CloseHandle
OpenProcess
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
SetEndOfFile
GetLocaleInfoW
SetFilePointer
SetStdHandle
LCMapStringW
LCMapStringA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
LoadLibraryA
CreateFileA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetVersionExA
GetStartupInfoW
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
Sleep
GetModuleHandleA
ExitProcess
GetCPInfo
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
WriteFile
GetModuleFileNameA
RtlVirtualUnwind
FreeEnvironmentStringsA

user32

SetTimer
RegisterWindowMessageW
GetWindowThreadProcessId
FindWindowW
FindWindowExW
OffsetRect
GetMessageW
SendMessageW
ClientToScreen
PostMessageW
PostThreadMessageW
IsWindow
PostQuitMessage
DispatchMessageW
TranslateMessage

shell32

CommandLineToArgvW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bugreport.exe
.exe windows:4 windows x86 arch:x86

9258f825d63ec4fdd5156723917a18b6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:85:37:03:c9:3f:11:e3:d2:25:f7:b0:fa:30:d7:3b:c2:1e:96:87:4a:5e:ca:b2:ab:96:0d:ba:98:65:19:bd
Signer

Actual PE Digest

13:85:37:03:c9:3f:11:e3:d2:25:f7:b0:fa:30:d7:3b:c2:1e:96:87:4a:5e:ca:b2:ab:96:0d:ba:98:65:19:bd

Digest Algorithm

sha256

PE Digest Matches

true

2e:a6:a1:be:eb:0c:e9:6c:7c:6c:16:50:1a:bf:36:7e:fa:1f:b9:72
Signer

Actual PE Digest

2e:a6:a1:be:eb:0c:e9:6c:7c:6c:16:50:1a:bf:36:7e:fa:1f:b9:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\QQLive_proj\document\HummerSDK5.2\Output\PdbFinal\bugreport.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

dbghelp

SymCleanup
SymGetModuleInfoW
SymLoadModule
SymInitialize
SymSetOptions

wininet

InternetCloseHandle
InternetOpenUrlA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

psapi

GetModuleFileNameExW
GetModuleFileNameExA

comctl32

ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

tinyxml

?Value@TiXmlNode@@QBEPBDXZ
?NextSiblingElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?GetText@TiXmlElement@@QBEPBDXZ
??1TiXmlDocument@@UAE@XZ
?Print@TiXmlDocument@@UBEXPAU_iobuf@@H@Z
?Parse@TiXmlDocument@@UAEPBDPBDPAVTiXmlParsingData@@W4TiXmlEncoding@@@Z
?ToDocument@TiXmlDocument@@UAEPAV1@XZ
?ToDocument@TiXmlDocument@@UBEPBV1@XZ
?ToElement@TiXmlNode@@UBEPBVTiXmlElement@@XZ
?ToComment@TiXmlNode@@UAEPAVTiXmlComment@@XZ
?ToComment@TiXmlNode@@UBEPBVTiXmlComment@@XZ
?ToUnknown@TiXmlNode@@UAEPAVTiXmlUnknown@@XZ
?ToUnknown@TiXmlNode@@UBEPBVTiXmlUnknown@@XZ
?ToText@TiXmlNode@@UAEPAVTiXmlText@@XZ
??0TiXmlDocument@@QAE@XZ
?ToText@TiXmlNode@@UBEPBVTiXmlText@@XZ
?ToDeclaration@TiXmlNode@@UAEPAVTiXmlDeclaration@@XZ
?RootElement@TiXmlDocument@@QAEPAVTiXmlElement@@XZ
?ToDeclaration@TiXmlNode@@UBEPBVTiXmlDeclaration@@XZ
?Clone@TiXmlDocument@@MBEPAVTiXmlNode@@XZ
?FirstChildElement@TiXmlNode@@QAEPAVTiXmlElement@@XZ
?Accept@TiXmlDocument@@UBE_NPAVTiXmlVisitor@@@Z
?Attribute@TiXmlElement@@QBEPBDPBD@Z
?LoadFile@TiXmlDocument@@QAE_NPB_WW4TiXmlEncoding@@@Z
?ToElement@TiXmlNode@@UAEPAVTiXmlElement@@XZ

kernel32

HeapDestroy
HeapReAlloc
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
InterlockedCompareExchange
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
DeviceIoControl
VirtualQuery
SetFileAttributesW
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
GetCommandLineW
InitializeCriticalSection
GetCurrentThreadId
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetThreadSelectorEntry
GetModuleHandleW
HeapAlloc
GetProcessHeap
VirtualProtect
CloseHandle
HeapFree
GetTickCount
SetCurrentDirectoryW
OpenThread
SizeofResource
FreeLibrary
ReadProcessMemory
LockResource
WriteProcessMemory
LoadResource
FindResourceExW
CreateThread
FindResourceW
OpenProcess
GetLastError
WideCharToMultiByte
lstrlenW
lstrcatW
DeleteFileW
CopyFileW
VirtualQueryEx
LoadLibraryW
FindFirstFileW
CreateFileA
GetExitCodeProcess
FindNextFileW
TerminateProcess
FindClose
SetEvent
lstrcpyW
WaitForSingleObject
CreateProcessW
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
IsDBCSLeadByte
InterlockedIncrement
InterlockedDecrement
GlobalFree
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
ResumeThread
FreeResource
CreateEventW
GetFileAttributesW
CreateFileW
GetProcAddress
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WriteFile
DeleteCriticalSection
RaiseException
GetFileSize
GetModuleFileNameW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetTempPathW
WritePrivateProfileStringW
CreateDirectoryW
GetSystemDefaultLCID
GetVersionExW
ReadFile
SetFilePointer
MoveFileW

user32

DefWindowProcW
DestroyWindow
DestroyMenu
TrackPopupMenu
GetWindowThreadProcessId
CreatePopupMenu
IsWindow
GetGuiResources
ReleaseDC
EnableMenuItem
CloseClipboard
GetMenuItemID
SetClipboardData
GetMenuItemCount
EmptyClipboard
GetSystemMenu
RegisterClipboardFormatW
GetClassInfoExW
GetWindowTextW
SendDlgItemMessageW
GetWindowTextLengthW
SetTimer
InvalidateRect
MapDialogRect
GetWindowRect
MapWindowPoints
CallWindowProcW
DrawTextW
GetDC
SetWindowLongW
EndPaint
ClientToScreen
KillTimer
BeginPaint
GetSysColorBrush
DialogBoxParamW
SetDlgItemTextW
GetWindow
GetKeyState
GetDesktopWindow
PostMessageW
EndDialog
DrawIconEx
GetDlgItem
GetClientRect
ShowWindow
LoadImageW
SetWindowPos
SetWindowTextW
SendMessageW
LoadIconW
RegisterClassExW
CreateWindowExW
UnregisterClassA
EnableWindow
OpenClipboard

gdi32

SelectObject
GetStockObject
SetBkMode
SetTextColor
DeleteObject
CreateFontW

advapi32

RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ord155
SHBindToParent
SHGetDesktopFolder
SHGetFileInfoW
ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CreateStreamOnHGlobal
DoDragDrop
OleUninitialize
OleInitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString
SysStringLen

gdiplus

GdipGetImageWidth
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipDrawImageRectI
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromStreamICM
GdipImageSelectActiveFrame
GdipGetImageHeight
GdipCreateFromHDC
GdipDeleteGraphics
GdipDisposeImage
GdipCloneImage

shlwapi

PathFileExistsW

msvcp80

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z

msvcr80

_invalid_parameter_noinfo
memcpy
memset
malloc
vsprintf_s
_vscprintf
swscanf
strrchr
wcsncmp
vswprintf_s
__wargv
__argc
_vscwprintf
_mbscmp
free
wcschr
srand
wcslen
memcpy_s
_purecall
memmove_s
??3@YAXPAX@Z
strlen
_time32
_mbsstr
_snprintf
_mbslwr_s
??0exception@std@@QAE@XZ
??_V@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
wcscmp
??0exception@std@@QAE@ABV01@@Z
wcsrchr
_wcslwr_s
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
iswspace
_wcsicmp
memcmp
strcmp
strtoul
fprintf
wcscpy
wcscat
_wfopen
fseek
ftell
fwrite
fclose
_beginthreadex
_unlock
__dllonexit
tolower
strncpy_s
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_amsg_exit
isalnum
sprintf_s
_wtoi
_time64
memmove
wcsncpy
iswalnum
iswalpha
iswdigit
_gmtime32
_snwprintf
fread
wcscat_s
wcscpy_s
atoi
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler4_common
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
wcsstr
towlower
isspace
_mbsicmp
__CxxFrameHandler3
_mbschr
strncmp
strchr
_CxxThrowException

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

crypt32

CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

netapi32

Netbios

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
cabarc.exe
.exe windows:5 windows x86 arch:x86

286c4a73c9ae31fbedb2b4e12f8feb6c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:4e:86:50:85:be:e0:0e:13:72:28:b3:d0:b1:32:e9
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 2,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6f:13:11:10:38:0d:64:00:e1:dd:eb:1b:b0:a0:a4:d6:c8:1b:7a:6f:19:61:71:69:b3:5b:05:ad:fe:45:7d:3f
Signer

Actual PE Digest

6f:13:11:10:38:0d:64:00:e1:dd:eb:1b:b0:a0:a4:d6:c8:1b:7a:6f:19:61:71:69:b3:5b:05:ad:fe:45:7d:3f

Digest Algorithm

sha256

PE Digest Matches

true

d1:f3:87:c6:f9:55:24:c6:22:99:be:bd:07:39:57:fb:81:86:b3:55
Signer

Actual PE Digest

d1:f3:87:c6:f9:55:24:c6:22:99:be:bd:07:39:57:fb:81:86:b3:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
FileTimeToLocalFileTime
CloseHandle
GetFileInformationByHandle
GetLastError
CreateFileA
CreateDirectoryA
GetFileAttributesA
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
LocalAlloc
LocalFree
ReadFile
WriteFile
SetFilePointer
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter

msvcrt

printf
toupper
_strnicmp
_stricmp
isdigit
atoi
exit
_vsnprintf
strrchr
free
_tempnam
strchr
rand
srand
time
strncpy
memmove
_getch
isspace
fclose
fgets
fopen
malloc
_c_exit
_exit
_XcptFilter
_cexit
__initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
proxytask.dll
.dll windows:4 windows x86 arch:x86

e98191169a81bc5b83eb6b7616e295e2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:04:8b:9c:8a:67:e2:8f:0c:c8:cc:75:81:3d:dc:5a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

04-02-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08-11-2006 00:00

Not After

07-11-2021 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:d5:15:37:03:d8:d5:f8:1f:ef:76:19:69:00:9a:14
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-01-2016 00:00

Not After

28-03-2019 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:d6:93:fa:b0:98:e3:f4:67:7b:b8:cb:67:2c:22:9e
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

11-06-2015 00:00

Not After

29-12-2020 23:59

Subject

CN=GeoTrust 2048-bit Timestamping Signer 1,O=GeoTrust Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

01-01-1997 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:c2:47:a5:a8:e6:bc:15:11:9a:16:ec:67:35:2e:0b:4d:68:fd:f1:6f:cc:6b:0e:e2:2a:48:8c:d5:18:f8:e1
Signer

Actual PE Digest

2b:c2:47:a5:a8:e6:bc:15:11:9a:16:ec:67:35:2e:0b:4d:68:fd:f1:6f:cc:6b:0e:e2:2a:48:8c:d5:18:f8:e1

Digest Algorithm

sha256

PE Digest Matches

true

94:2e:b8:1e:02:7a:35:a7:07:f2:c7:84:34:f7:84:e9:3f:9f:e0:92
Signer

Actual PE Digest

94:2e:b8:1e:02:7a:35:a7:07:f2:c7:84:34:f7:84:e9:3f:9f:e0:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\code__________\vs2005\qiannima\Release\proxytask.pdb

Imports

kernel32

DeleteFileA
CloseHandle
CreateThread
Sleep
FlushConsoleInputBuffer
GlobalMemoryStatus
MultiByteToWideChar
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
WaitForMultipleObjects
PeekNamedPipe
ReadFile
FormatMessageA
WaitForSingleObject
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
SleepEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

ws2_32

WSAStartup
WSACleanup
WSASetLastError
htonl
ntohl
htons
__WSAFDIsSet
closesocket
send
inet_addr
socket
ioctlsocket
gethostbyname
recv
select
WSAGetLastError
WSAIoctl
setsockopt
getsockname
ntohs
bind
getsockopt
getpeername
inet_ntoa
getservbyname
gethostbyaddr
getservbyport
sendto
shutdown
recvfrom
listen
connect
gethostname
accept

msvcr80

ferror
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
rand
_setmode
_time64
clock
??3@YAXPAX@Z
printf
??2@YAPAXI@Z
_wfopen
strcmp
raise
_exit
vfprintf
_vsnprintf
wcsstr
_strnicmp
_open
_stat64i32
isgraph
isprint
islower
_stat64
toupper
_fileno
feof
fprintf
_stricmp
signal
_getch
abort
_ftime64
_strdup
_read
_write
_close
??_V@YAXPAX@Z
_except_handler4_common
isupper
_gmtime64
getenv
atoi
_lseeki64
_fstat64
memchr
_getpid
isspace
isalnum
fflush
__sys_nerr
strerror
_beginthreadex
strcat_s
sprintf_s
strncpy_s
__CxxFrameHandler3
strcpy_s
fputc
calloc
realloc
malloc
memset
_errno
memcpy
strstr
fclose
fread
ftell
fseek
fopen
strncmp
tolower
sscanf
fwrite
__iob_func
strchr
strncpy
strtol
strrchr
isalpha
isxdigit
strtoul
memmove
strpbrk
_strtoi64
qsort
fputs
fgets
isdigit
sprintf

wldap32

ord79
ord35
ord32
ord200
ord30
ord26
ord33
ord60
ord143
ord211
ord22
ord41
ord301
ord27
ord50
ord46

user32

GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA

advapi32

DeregisterEventSource
RegisterEventSourceA
ReportEventA

Exports

Exports

proxy_task_start
set_task_cfg

Sections

.text
Size: 920KB - Virtual size: 916KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5efd74892a893f15c566623cc8a8cc76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 441KB

.ndata Size: - Virtual size: 1.5MB

.rsrc Size: 22KB - Virtual size: 22KB

bb20e349058311b07ff29c2fc59e2351

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

oleaut32

shlwapi

msimg32

version

gdiplus

psapi

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 244KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 884B

.reloc Size: 12KB - Virtual size: 11KB

cd90e33ffbc335413a25300c682c83df

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

35:0b:e6:87:5a:58:3b:a5:f7:26:16:b3:c1:52:3e:8b:63:dd:07:aaSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 441KB

.ndata
Size: - Virtual size: 1.5MB

.rsrc
Size: 22KB - Virtual size: 22KB

.text
Size: 248KB - Virtual size: 244KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 884B

.reloc
Size: 12KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

35:0b:e6:87:5a:58:3b:a5:f7:26:16:b3:c1:52:3e:8b:63:dd:07:aa
Signer

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 208KB - Virtual size: 205KB

.data
Size: 20KB - Virtual size: 38KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 52KB - Virtual size: 51KB

.text
Size: 244KB - Virtual size: 240KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 14KB

.idata
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 176B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

71:70:bd:93:cf:3f:18:9a:e6:45:2b:51:4c:49:34:0e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate