a2cccb3b153e379be1097784004c5d6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a2cccb3b153e379be1097784004c5d6f_JaffaCakes118
Size

5.1MB
MD5

a2cccb3b153e379be1097784004c5d6f
SHA1

fcbba87da7b228135b1a3a9e184000978011936a
SHA256

0c860b7f821fc9d1ac0d91410201743febcf459b95c848529a8f816a9309a240
SHA512

0c2da50ea3cea93d17534d8dd98ae5b876bdc3df2d0fe2640a1ef2b4c610a654677cf0a62882d29e3b2c81054e4f198d02ec5cc7384ee896783c6b961da1b7f3
SSDEEP

98304:xu0kEKAi/8Zb9xrNCclVIx83sLzaKVRVdlgDMxZYL7fT1GbDSf/i:c0DZRZb3IE8LeKV3dltqfbGgq

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/GetVersion.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/Rfshdktp.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UAC.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsProcess.dll
unpack001/dbghelp.dll
unpack001/sqlite3.dll
unpack002/$PLUGINSDIR/GetVersion.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/Rfshdktp.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/nsProcess.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninst.exe	nsis_installer_1
static1/unpack001/uninst.exe	nsis_installer_2

Files

a2cccb3b153e379be1097784004c5d6f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:b0:56:95:47:f0:d8:49:b5:0a:74:ac:03:17:b0:0e:88:a4:b1:79
Signer

Actual PE Digest

51:b0:56:95:47:f0:d8:49:b5:0a:74:ac:03:17:b0:0e:88:a4:b1:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

0125039a427c6f95b3acc9227413ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
lstrcmpiA
GetVersionExA
GlobalAlloc
GetSystemInfo
GetProcAddress
lstrcpynA

user32

GetSystemMetrics
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsType
WindowsVersion

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Rfshdktp.dll
.dll windows:4 windows x86 arch:x86

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

refreshDesktop

Sections

.text
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

55a6a096df3564193c302728985d6bda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
SetLastError
GetProcAddress
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
GetLastError
DuplicateHandle
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
LoadLibraryA

user32

DialogBoxParamA
CharNextA
CallNextHookEx
SetForegroundWindow
IsWindowVisible
GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
FindWindowExA
LoadIconA
CreateDialogParamA
GetWindowLongA
SendMessageW
MessageBoxA
EndDialog
SetWindowLongA
DestroyWindow
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
LoadImageA

advapi32

GetUserNameA
OpenSCManagerA
CloseServiceHandle
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA

shell32

ShellExecuteExA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CheckTudouVa.dll
.dll windows:4 windows x86 arch:x86

13b37c6d7c5950275a26fce91795a795

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:ec:94:93:ae:1a:b3:f1:14:8c:54:79:22:28:56:90:3c:0f:57:2b
Signer

Actual PE Digest

60:ec:94:93:ae:1a:b3:f1:14:8c:54:79:22:28:56:90:3c:0f:57:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\iFeisu_trunk\client\feisu\bin\Release\CheckTudouVa.pdb

Imports

kernel32

GetLocaleInfoA
GetCPInfo
GetOEMCP
VirtualAlloc
HeapReAlloc
HeapAlloc
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetProcessHeap
RaiseException
RtlUnwind
HeapSize
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
GlobalAddAtomA
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
SetStdHandle
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GlobalFlags
GetCurrentThreadId
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
SetEndOfFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryA
GetThreadLocale
lstrcmpA
GlobalGetAtomNameA
InterlockedIncrement
FreeLibrary
InterlockedDecrement
GetModuleHandleA
GetProcAddress
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameA
CreateFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
SetLastError
GetPrivateProfileStringA
FindClose
GetFileAttributesA
LockResource
FindResourceA
CloseHandle
LoadResource
SizeofResource
FindFirstFileA
OpenMutexA
CreateFileW
GetPrivateProfileIntA
Sleep
MultiByteToWideChar
CompareStringW
GetEnvironmentVariableA
lstrlenA
GetLastError
CompareStringA
GetVersion
InterlockedExchange
WideCharToMultiByte
GetStdHandle

user32

AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowPos
SetWindowLongA
IsWindow
GetDlgItem
GetFocus
ClientToScreen
GetWindow
GetWindowRect
RegisterClassA
PtInRect
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
CallNextHookEx
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnhookWindowsHookEx
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CharUpperA
GetClassInfoA
GetClassInfoExA
CreateWindowExA
PostMessageA
GetMenu
GetClientRect
GetClassNameA
PostQuitMessage
DestroyMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetDlgCtrlID

gdi32

GetClipBox
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetMapMode
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreateBitmap
GetStockObject
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteA

shlwapi

PathStripToRootA
PathIsUNCA

oleaut32

VariantChangeType
VariantClear
VariantInit

oleacc

CreateStdAccessibleObject
LresultFromObject

nspr4

PR_AtomicIncrement
PR_AtomicDecrement

xpcom

NS_Alloc

Exports

Exports

NSGetModule

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/Mini/Mini_2/close_hover.png
.png
Skin/Mini/Mini_2/close_normal.png
.png
Skin/Mini/Mini_2/down_hover.png
.png
Skin/Mini/Mini_2/down_normal.png
.png
Skin/Mini/Mini_2/export_click.png
.png
Skin/Mini/Mini_2/export_hover.png
.png
Skin/Mini/Mini_2/export_normal.png
.png
Skin/Mini/Mini_2/hot_click.png
.png
Skin/Mini/Mini_2/hot_hover.png
.png
Skin/Mini/Mini_2/hot_normal.png
.png
Skin/Mini/Mini_2/info_click.png
.png
Skin/Mini/Mini_2/info_hover.png
.png
Skin/Mini/Mini_2/info_normal.png
.png
Skin/Mini/Mini_2/line.png
.png
Skin/Mini/Mini_2/main.png
.png
Skin/Mini/Mini_2/setting_click.png
.png
Skin/Mini/Mini_2/setting_hover.png
.png
Skin/Mini/Mini_2/setting_normal.png
.png
Skin/Mini/Mini_2/small_hover.png
.png
Skin/Mini/Mini_2/small_normal.png
.png
Skin/Mini/Mini_2/up_hover.png
.png
Skin/Mini/Mini_2/up_normal.png
.png
Skin/Mini/Mini_3/close_hover.png
.png
Skin/Mini/Mini_3/close_normal.png
.png
Skin/Mini/Mini_3/down_hover.png
.png
Skin/Mini/Mini_3/down_normal.png
.png
Skin/Mini/Mini_3/export_click.png
.png
Skin/Mini/Mini_3/export_hover.png
.png
Skin/Mini/Mini_3/export_normal.png
.png
Skin/Mini/Mini_3/hot_click.png
.png
Skin/Mini/Mini_3/hot_hover.png
.png
Skin/Mini/Mini_3/hot_normal.png
.png
Skin/Mini/Mini_3/info_click.png
.png
Skin/Mini/Mini_3/info_hover.png
.png
Skin/Mini/Mini_3/info_normal.png
.png
Skin/Mini/Mini_3/line.png
.png
Skin/Mini/Mini_3/main.png
.png
Skin/Mini/Mini_3/setting_click.png
.png
Skin/Mini/Mini_3/setting_hover.png
.png
Skin/Mini/Mini_3/setting_normal.png
.png
Skin/Mini/Mini_3/small_hover.png
.png
Skin/Mini/Mini_3/small_normal.png
.png
Skin/Mini/Mini_3/up_hover.png
.png
Skin/Mini/Mini_3/up_normal.png
.png
Skin/Mini/Mini_4/close_hover.png
.png
Skin/Mini/Mini_4/close_normal.png
.png
Skin/Mini/Mini_4/down_hover.png
.png
Skin/Mini/Mini_4/down_normal.png
.png
Skin/Mini/Mini_4/export_click.png
.png
Skin/Mini/Mini_4/export_hover.png
.png
Skin/Mini/Mini_4/export_normal.png
.png
Skin/Mini/Mini_4/hot_click.png
.png
Skin/Mini/Mini_4/hot_hover.png
.png
Skin/Mini/Mini_4/hot_normal.png
.png
Skin/Mini/Mini_4/info_click.png
.png
Skin/Mini/Mini_4/info_hover.png
.png
Skin/Mini/Mini_4/info_normal.png
.png
Skin/Mini/Mini_4/line.png
.png
Skin/Mini/Mini_4/main.png
.png
Skin/Mini/Mini_4/setting_click.png
.png
Skin/Mini/Mini_4/setting_hover.png
.png
Skin/Mini/Mini_4/setting_normal.png
.png
Skin/Mini/Mini_4/small_hover.png
.png
Skin/Mini/Mini_4/small_normal.png
.png
Skin/Mini/Mini_4/up_hover.png
.png
Skin/Mini/Mini_4/up_normal.png
.png
Skin/Pop/Pop_2/Pop_bk.png
.png
Skin/Pop/Pop_2/Pop_close_click.png
.png
Skin/Pop/Pop_2/Pop_close_normal.png
.png
Skin/Pop/Pop_3/Pop_bk.png
.png
Skin/Pop/Pop_3/Pop_close_click.png
.png
Skin/Pop/Pop_3/Pop_close_normal.png
.png
Skin/Pop/Pop_4/Pop_bk.png
.png
Skin/Pop/Pop_4/Pop_close_click.png
.png
Skin/Pop/Pop_4/Pop_close_normal.png
.png
Skin/Prog/Prog_2/showProg_bg.png
.png
Skin/Prog/Prog_2/showProg_close_click.png
.png
Skin/Prog/Prog_2/showProg_close_normal.png
.png
Skin/Prog/Prog_2/showProg_scrollbar.png
.png
Skin/Prog/Prog_2/showProg_tab.png
.png
Skin/Prog/Prog_2/showProg_tag_normal.png
.png
Skin/Prog/Prog_3/showProg_bg.png
.png
Skin/Prog/Prog_3/showProg_close_click.png
.png
Skin/Prog/Prog_3/showProg_close_normal.png
.png
Skin/Prog/Prog_3/showProg_scrollbar.png
.png
Skin/Prog/Prog_3/showProg_tab.png
.png
Skin/Prog/Prog_3/showProg_tag_normal.png
.png
Skin/Prog/Prog_4/showProg_bg.png
.png
Skin/Prog/Prog_4/showProg_close_click.png
.png
Skin/Prog/Prog_4/showProg_close_normal.png
.png
Skin/Prog/Prog_4/showProg_scrollbar.png
.png
Skin/Prog/Prog_4/showProg_tab.png
.png
Skin/Prog/Prog_4/showProg_tag_normal.png
.png
TDVaCom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

da7ecb81693059367a243d87673a1692

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:19:78:1a:ae:a3:d2:91:af:7d:18:31:14:fa:5e:94:b8:cc:b1:9b
Signer

Actual PE Digest

7e:19:78:1a:ae:a3:d2:91:af:7d:18:31:14:fa:5e:94:b8:cc:b1:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\iFeisu_trunk\client\feisu\bin\Release\TDVaCom.pdb

Imports

wininet

InternetGetConnectedState
InternetSetOptionA
InternetQueryOptionA
InternetGetConnectedStateEx

kernel32

GetCurrentProcess
GetShortPathNameA
CreateFileA
GetCPInfo
GetOEMCP
HeapReAlloc
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetProcessHeap
RtlUnwind
RaiseException
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringA
GetThreadLocale
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
CloseHandle
LockResource
GetModuleFileNameA
SizeofResource
LoadResource
OutputDebugStringA
FindResourceA
GetPrivateProfileIntA
Sleep
OpenMutexA
GetPrivateProfileStringA
GetVersion
lstrlenA
InterlockedExchange
CompareStringA
GetLastError
WideCharToMultiByte
MultiByteToWideChar
IsDebuggerPresent

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyIcon
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
MapWindowPoints
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
PostMessageA
PostQuitMessage
SetCursor
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem

gdi32

ScaleWindowExtEx
DeleteDC
GetStockObject
SetWindowExtEx
RectVisible
PtVisible
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
GetDeviceCaps
CreateBitmap
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
TextOutA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegQueryValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA
RegOpenKeyA
RegSetValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA

shell32

ExtractIconA
ShellExecuteA

shlwapi

PathFindExtensionA
PathFindFileNameA

ole32

CoTaskMemFree
CoRevokeClassObject
CoRegisterClassObject
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoDisconnectObject
StringFromCLSID

oleaut32

VariantInit
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
VariantClear
VariantCopy
VariantChangeType
SysAllocString
SysAllocStringByteLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TudouVa.exe
.exe windows:4 windows x86 arch:x86

70cb503cc5e889ac71dadff493dff605

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

60:bb:7f:98:89:3f:75:33:17:70:bf:c2:8e:50:24:a6:2b:9e:b5:83
Signer

Actual PE Digest

60:bb:7f:98:89:3f:75:33:17:70:bf:c2:8e:50:24:a6:2b:9e:b5:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\install.v3\src\iFeisu_trunk\client\feisu\bin\Release\TudouVa.pdb

Imports

shlwapi

PathIsUNCA
PathStripToRootA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA

sqlite3

sqlite3_close
sqlite3_open
sqlite3_get_table
sqlite3_free_table

kernel32

Process32NextW
Process32FirstW
OpenProcess
ReleaseMutex
VirtualQuery
WriteProcessMemory
SetUnhandledExceptionFilter
VirtualProtect
GetCurrentThread
GetLogicalDriveStringsW
GetSystemDefaultLCID
GlobalMemoryStatusEx
GetWindowsDirectoryW
GetThreadContext
GetCurrentDirectoryA
GetFileAttributesW
ReadProcessMemory
SuspendThread
ResumeThread
CreateFileW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
GetThreadLocale
OpenMutexW
CreateEventW
SleepEx
CreateWaitableTimerW
lstrcmpA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GlobalDeleteAtom
SetThreadPriority
GlobalAddAtomA
FormatMessageA
GetFileTime
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetCPInfo
WaitForMultipleObjects
UnhandledExceptionFilter
IsDebuggerPresent
VirtualAlloc
GetSystemInfo
HeapReAlloc
ExitThread
GetStartupInfoA
RtlUnwind
GetTimeZoneInformation
FindFirstFileW
FindNextFileW
MoveFileW
RemoveDirectoryW
CreateDirectoryW
TerminateProcess
GetDateFormatA
ExitProcess
SetStdHandle
HeapSize
SetHandleCount
GetStdHandle
GetConsoleCP
GetConsoleMode
IsValidCodePage
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
SetEnvironmentVariableA
TerminateThread
TlsGetValue
QueueUserAPC
CreateIoCompletionPort
TlsSetValue
SetWaitableTimer
SetLastError
GetQueuedCompletionStatus
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
FreeConsole
GetACP
SetConsoleOutputCP
AllocConsole
FileTimeToLocalFileTime
GetModuleFileNameW
SetConsoleCtrlHandler
GetDiskFreeSpaceExW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetModuleHandleW
GetTempPathW
QueryPerformanceCounter
GetSystemDirectoryW
MoveFileExW
CopyFileW
ResetEvent
RaiseException
DeleteCriticalSection
InitializeCriticalSection
DuplicateHandle
FileTimeToDosDateTime
GetFileInformationByHandle
GetFileType
FileTimeToSystemTime
SystemTimeToFileTime
HeapFree
GetCurrentThreadId
InterlockedExchangeAdd
GetShortPathNameA
CreateProcessW
QueryPerformanceFrequency
FindResourceExW
DeleteFileW
ReleaseSemaphore
GetTimeFormatA
CreateMutexW
PostQueuedCompletionStatus
TlsFree
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
MulDiv
FreeResource
WriteFile
GlobalMemoryStatus
GetModuleHandleA
OpenEventA
CreateWaitableTimerA
DeviceIoControl
AreFileApisANSI
PeekNamedPipe
FlushConsoleInputBuffer
ReadConsoleInputA
lstrcpynA
GetWindowsDirectoryA
CreateProcessA
GetProcessHeap
HeapAlloc
OutputDebugStringA
WinExec
lstrcatA
WaitForSingleObject
GetTickCount
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetSystemTime
GetFileAttributesA
FindClose
FindNextFileA
GetCurrentProcess
DeleteFileA
FindFirstFileA
FindVolumeClose
CreateDirectoryA
FindNextVolumeA
SetCurrentDirectoryA
GetVolumePathNamesForVolumeNameA
GetModuleFileNameA
FindFirstVolumeA
LocalAlloc
GetVolumeInformationA
GetDiskFreeSpaceExA
GetDriveTypeA
GetVolumePathNameA
SetErrorMode
WritePrivateProfileStringA
GetPrivateProfileStringA
MoveFileA
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
CreateThread
Sleep
lstrcpyA
InterlockedDecrement
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryExA
GetLocalTime
CreateFileA
GetTempFileNameA
GetTempPathA
ReadFile
SetFilePointer
GetFileSize
LoadResource
LockResource
SizeofResource
FindResourceA
lstrcmpiA
GetStringTypeExA
InterlockedExchange
MultiByteToWideChar
SetConsoleMode
CompareStringA
CompareStringW
GetEnvironmentVariableA
GetVersion
GetEnvironmentVariableW
lstrlenA
lstrlenW
WideCharToMultiByte
CreateEventA
GetCurrentProcessId
CloseHandle
GetCommandLineA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetEvent
OpenFileMappingA
GetLastError
CreateMutexA
GetVersionExA
LocalFree
GetOEMCP

user32

PostThreadMessageA
RegisterClipboardFormatA
UnregisterClassA
GetNextDlgGroupItem
CharNextA
GetSysColorBrush
InvalidateRgn
CopyAcceleratorTableA
ReleaseCapture
SetCapture
DestroyMenu
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetMessageTime
MapWindowPoints
GetScrollPos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcA
GetWindowPlacement
IntersectRect
UnhookWindowsHookEx
EndPaint
BeginPaint
GetWindowDC
GetSubMenu
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
SendMessageTimeoutW
ExitWindowsEx
PostMessageW
SendMessageW
FindWindowW
DrawFrameControl
GetWindow
WindowFromPoint
ClientToScreen
DefWindowProcA
GetClassInfoA
OffsetRect
GetMenuState
SetRectEmpty
GetMenuItemID
GetMenuItemCount
GetClassNameA
IsRectEmpty
GetWindowTextA
IsWindowEnabled
ChildWindowFromPoint
LoadStringA
LoadImageA
DestroyCursor
DestroyIcon
CreateIconIndirect
GetIconInfo
LoadBitmapA
MessageBoxExA
ReleaseDC
GetDC
MessageBeep
CopyRect
GrayStringA
EqualRect
DrawTextExA
DrawTextA
TabbedTextOutA
GetSysColor
GetFocus
FillRect
MessageBoxA
IsWindow
CheckMenuItem
AppendMenuA
TrackPopupMenu
CreatePopupMenu
CopyIcon
LoadCursorA
SetCursor
SystemParametersInfoA
SetActiveWindow
GetTopWindow
SetWindowPos
GetDesktopWindow
GetParent
GetWindowRect
GetMessagePos
UpdateWindow
RedrawWindow
EnableWindow
DrawIcon
SendMessageA
IsIconic
SetWindowRgn
GetForegroundWindow
GetSystemMetrics
GetClientRect
GetWindowLongA
SetWindowLongA
SetForegroundWindow
ShowWindow
IsWindowVisible
SetRect
PtInRect
ScreenToClient
GetCursorPos
InflateRect
KillTimer
SetTimer
LoadIconA
PostMessageA
InvalidateRect
CharUpperA
GetUserObjectInformationW
GetProcessWindowStation
ModifyMenuA

gdi32

GetTextColor
GetRgnBox
GetBkColor
DPtoLP
GetMapMode
CreateRectRgnIndirect
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetStretchBltMode
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
CreateFontIndirectA
CreateFontA
GetObjectA
DeleteObject
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
StretchBlt
CreateRoundRectRgn
CreateSolidBrush
CreateDIBSection
SelectObject
ExtTextOutA
Escape
GetStockObject
PtVisible
RectVisible
TextOutA
GetTextExtentPoint32A
GetDeviceCaps
CreateBitmap
SetTextColor
CreatePen
MoveToEx
LineTo
SetBkMode
SetBkColor
GetTextMetricsA
SetTextJustification
FrameRgn
FillRgn
SelectClipRgn
CreateRectRgn
CombineRgn
OffsetRgn
CreatePolygonRgn
SaveDC
RestoreDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegSetValueExW
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegEnumKeyA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
CheckTokenMembership
GetTokenInformation
CreateWellKnownSid
GetUserNameA
SetSecurityDescriptorDacl
SetNamedSecurityInfoA
InitializeSecurityDescriptor
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
SetSecurityInfo
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
GetFileSecurityA
OpenProcessToken
DuplicateToken
AccessCheck
RegOpenKeyExA
RegQueryValueA
RegEnumKeyExW

shell32

Shell_NotifyIconA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
ord680
SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFolderPathA

comctl32

_TrackMouseEvent
ord17
ImageList_GetImageCount
ImageList_GetIcon
InitCommonControlsEx

oledlg

ord8

ole32

CoGetClassObject
CoTaskMemAlloc
StgOpenStorageOnILockBytes
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoTaskMemFree
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

VariantCopy
OleCreateFontIndirect
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantClear
SysAllocString
OleLoadPicture
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen

ws2_32

getsockopt
getpeername
freeaddrinfo
WSARecv
WSASocketW
shutdown
WSAAddressToStringA
WSAStringToAddressA
WSCEnumProtocols
WSASetLastError
WSASend
ntohl
setsockopt
WSACleanup
WSAStartup
accept
ioctlsocket
getaddrinfo
bind
htonl
ntohs
getsockname
gethostname
__WSAFDIsSet
select
recv
WSAGetLastError
inet_ntoa
gethostbyname
closesocket
send
connect
htons
inet_addr
socket
sendto
recvfrom
listen

wininet

InternetConnectA
HttpSendRequestA
InternetWriteFile
InternetOpenA
InternetGetLastResponseInfoA
HttpOpenRequestA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetSetFilePointer
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW
InternetTimeToSystemTimeA
HttpQueryInfoA
InternetGetConnectedState
InternetGetCookieA
InternetReadFile
InternetCloseHandle
InternetSetStatusCallback

iphlpapi

GetAdaptersInfo
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile
GetIfTable
NotifyAddrChange

gdiplus

GdipCreateFromHDC
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipDrawImageI
GdipDisposeImage
GdipCloneImage
GdipReleaseDC
GdipCreateBitmapFromFile
GdipCreateImageAttributes
GdipDisposeImageAttributes

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeA
GetFileVersionInfoA

psapi

GetModuleFileNameExW

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 544KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 396KB - Virtual size: 395KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
clientconf.ini
dbghelp.dll
.dll windows:4 windows x86 arch:x86

23dbfe3112241abaff4c3d3dfa2c4867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

??3@YAXPAX@Z
_XcptFilter
_adjust_fdiv
_amsg_exit
_initterm
_fileno
_iob
_isatty
_write
__pioinfo
__badioinfo
_lseek
wctomb
_snprintf
__mb_cur_max
mbtowc
isleadbyte
_ismbblead
_errno
iswprint
_vsnwprintf
memmove
__CxxFrameHandler
iswspace
calloc
_itoa
towlower
tolower
_wcslwr
time
_wctime
atol
wcsncpy
sprintf
fclose
_winminor
_winmajor
_osver
_wsplitpath
__unDName
isdigit
strncpy
_CxxThrowException
bsearch
_snwprintf
__dllonexit
fseek
_wfopen
fopen
wcstol
strchr
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_splitpath
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_close
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
isspace
ctime
malloc
_strlwr
free
strstr
_except_handler3
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
_onexit
fread
iswxdigit
memset
??2@YAPAXI@Z

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
LCMapStringA
SetFileAttributesA
CopyFileA
InitializeCriticalSectionAndSpinCount
DeleteFileA
DeviceIoControl
GetFileType
ExpandEnvironmentStringsA
MapViewOfFileEx
FlushViewOfFile
InterlockedExchange
GetSystemDirectoryA
GetWindowsDirectoryA
CompareStringA
GetModuleFileNameA
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetSystemInfo
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapDestroy
FreeLibrary
DeleteCriticalSection
HeapCreate
InitializeCriticalSection
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringA
WriteFile
ReadProcessMemory
SetErrorMode
GetFileAttributesA
GetProcessHeap
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikuacc.dll
.dll windows:4 windows x86 arch:x86

d14a603e8347464c8d67aed252205ab4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d2:4e:8b:20:28:40:43:af:b9:ea:c6:63:60:e2:18:6a:a6:c5:a2:24
Signer

Actual PE Digest

d2:4e:8b:20:28:40:43:af:b9:ea:c6:63:60:e2:18:6a:a6:c5:a2:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuacclive\build\bin\Release_dll\acc.pdb

Imports

kernel32

SetLastError
GetProcessHeap
HeapFree
HeapAlloc
GetFileAttributesW
SetFileAttributesW
GetFileTime
SetFileTime
FindFirstFileW
FindNextFileW
FindClose
LocalFree
FormatMessageA
CreateFileW
DeviceIoControl
ReadFile
WriteFile
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
OutputDebugStringA
GetCurrentProcessId
ResetEvent
CreateProcessW
MultiByteToWideChar
GlobalAlloc
FileTimeToSystemTime
GetSystemDirectoryW
SetConsoleOutputCP
MoveFileExW
FileTimeToLocalFileTime
GetDriveTypeW
AllocConsole
GetModuleFileNameW
GetTickCount
GetACP
GetLogicalDrives
SetConsoleCtrlHandler
TlsGetValue
GetModuleHandleW
CreateMutexW
ReleaseSemaphore
DuplicateHandle
GetCurrentProcess
CreateSemaphoreA
GetModuleHandleA
GetVersionExW
OpenMutexW
FreeEnvironmentStringsA
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
TlsSetValue
Sleep
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
WaitForMultipleObjects
TerminateThread
QueueUserAPC
CreateIoCompletionPort
DeleteCriticalSection
InterlockedDecrement
CreateWaitableTimerW
SetWaitableTimer
GetSystemTimeAsFileTime
CreateEventW
SleepEx
GlobalFree
QueryPerformanceFrequency
FreeLibrary
GetProcAddress
LoadLibraryA
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
SetConsoleMode
ReadConsoleInputA
QueryPerformanceCounter
HeapDestroy
GetConsoleMode
GetConsoleCP
InterlockedCompareExchange
GetStartupInfoA
InterlockedExchangeAdd
WideCharToMultiByte
LeaveCriticalSection
CreateEventA
InterlockedExchange
CloseHandle
GetCurrentThreadId
SetEvent
WaitForSingleObject
GetDiskFreeSpaceExW
GetLastError
TlsFree
TlsAlloc
InterlockedIncrement
PostQueuedCompletionStatus
EnterCriticalSection
GetFileType
SetHandleCount
SetFilePointer
FlushConsoleInputBuffer
GlobalMemoryStatus
GetVersion
GetModuleFileNameA
GetStdHandle
GetThreadLocale
SetEnvironmentVariableA
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
CompareStringW
SetStdHandle
GetLocaleInfoW
IsValidLocale
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
FreeConsole
CreateWaitableTimerA
InitializeCriticalSection
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
OpenEventA
ResumeThread
SystemTimeToFileTime
RemoveDirectoryW
DeleteFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
CreateDirectoryW
AreFileApisANSI
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeFormatA
GetDateFormatA
ExitThread
CreateThread
GetCommandLineA
GetVersionExA
HeapReAlloc
SetEnvironmentVariableW
MoveFileW
RtlUnwind
RaiseException
GetCPInfo
ExitProcess
CompareStringA
EnumSystemLocalesA

user32

MessageBoxA
LoadStringA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SendMessageW
FindWindowW

advapi32

RegCloseKey
RegQueryValueExW
SetNamedSecurityInfoA
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
RegQueryValueExA
RegSetValueExW
DeregisterEventSource
ReportEventA
RegisterEventSourceA
CryptAcquireContextA
CryptEnumProvidersA
CryptReleaseContext
CryptGenRandom
RegOpenKeyExW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen

ws2_32

WSARecvFrom
shutdown
WSASendTo
ntohs
bind
getsockname
inet_addr
listen
accept
__WSAFDIsSet
WSAStringToAddressA
connect
getaddrinfo
getsockopt
getpeername
WSARecv
freeaddrinfo
WSASocketW
htonl
select
WSAStartup
ntohl
WSACleanup
WSAAddressToStringA
htons
setsockopt
ioctlsocket
closesocket
WSASetLastError
WSASend
WSAGetLastError

mswsock

AcceptEx
GetAcceptExSockaddrs

wininet

InternetQueryOptionA
InternetQueryOptionW

iphlpapi

GetAdaptersInfo
NotifyAddrChange
GetTcpTable

Exports

Exports

IKUStartup

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 181KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikutm.dll
.dll windows:4 windows x86 arch:x86

c590b95e497e2600078c396c1ba57859

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ab:80:5f:bd:20:77:4d:6c:c8:ff:e2:46:70:0d:81:23:e7:41:72:cc
Signer

Actual PE Digest

ab:80:5f:bd:20:77:4d:6c:c8:ff:e2:46:70:0d:81:23:e7:41:72:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuacclive\build\bin\ikutm.pdb

Imports

kernel32

GetFileAttributesExW
ExpandEnvironmentStringsA
LoadLibraryA
lstrcpyW
WideCharToMultiByte
EnterCriticalSection
HeapAlloc
HeapDestroy
LeaveCriticalSection
HeapCreate
ExpandEnvironmentStringsW
MultiByteToWideChar
lstrlenW
GetModuleFileNameW
InterlockedIncrement
InterlockedDecrement
TlsFree
GetFileAttributesExA
TlsAlloc
GetTickCount
GetProcAddress
LoadLibraryW
GetVersionExW
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
LocalFree
OpenFileMappingA
GetLastError
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
CloseHandle
OutputDebugStringA
HeapFree
CreateFileMappingA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
FormatMessageA
WriteConsoleA
Sleep
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsSetValue
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW

advapi32

InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegQueryValueExA
SetNamedSecurityInfoA

ole32

StringFromGUID2

ws2_32

WSCEnumProtocols
WSCDeinstallProvider
WSCWriteProviderOrder
WSCGetProviderPath
WSCInstallProvider

rpcrt4

UuidCreate

Exports

Exports

GetLspGuid
IKUStartup
Ioctl
WSPStartup

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ikutmco.dll
.dll windows:4 windows x86 arch:x86

14662e534d69b2fa28108c45406bdcc9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:49:ab:5a:7d:e5:9c
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

18/10/2011, 07:16

Not After

20/10/2014, 12:58

Subject

CN=Youku.com Inc.,O=Youku.com Inc.,L=George Town,ST=George Town,C=KY,1.2.840.113549.1.9.1=#0c136c69756a696e67756f40796f756b752e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

3c:b8:db:34:11:27:49:0a:6c:f2:2a:00:0c:75:69:90:a2:d6:1b:56
Signer

Actual PE Digest

3c:b8:db:34:11:27:49:0a:6c:f2:2a:00:0c:75:69:90:a2:d6:1b:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\ikuacclive\build\bin\ikutmco.pdb

Imports

kernel32

CreateEventW
SetEvent
InterlockedIncrement
PostQueuedCompletionStatus
TlsFree
CreateEventA
GetModuleHandleW
GetProcAddress
LoadLibraryW
TlsAlloc
InterlockedDecrement
InterlockedExchange
WaitForSingleObjectEx
ReleaseSemaphore
GetQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
CreateSemaphoreW
DebugBreak
WaitForMultipleObjectsEx
ExpandEnvironmentStringsA
HeapDestroy
HeapCreate
LoadLibraryA
HeapFree
InitializeCriticalSection
ExpandEnvironmentStringsW
WideCharToMultiByte
GetExitCodeThread
HeapAlloc
DeleteCriticalSection
GetVersionExW
CreateProcessW
GetTickCount
Sleep
TlsGetValue
TlsSetValue
GetModuleFileNameW
MultiByteToWideChar
OpenEventA
FormatMessageA
FlushFileBuffers
CreateFileA
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
ExitThread
WaitForSingleObject
CreateThread
ResetEvent
EnterCriticalSection
LeaveCriticalSection
LocalFree
OpenFileMappingA
CreateFileMappingA
GetLastError
UnmapViewOfFile
MapViewOfFile
GetCurrentProcessId
CloseHandle
OutputDebugStringA
FreeLibrary
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
SetLastError
LCMapStringA
LCMapStringW
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetFilePointer
GetConsoleCP

user32

DefWindowProcW
DestroyWindow
RegisterClassW
PostMessageW
UnregisterClassW
DispatchMessageW
CreateWindowExW
GetWindowLongW
KillTimer
SetTimer
ShowWindow
SetWindowLongW
RegisterClassExW
IsWindow
RegisterDeviceNotificationW
GetMessageW
TranslateMessage
PostQuitMessage

advapi32

InitializeSecurityDescriptor
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorDacl
RegQueryValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
RegQueryValueExA
SetNamedSecurityInfoA

ws2_32

WSASetLastError
WSACleanup
WSAStartup
WPUCompleteOverlappedRequest
WSCEnumProtocols
WSCGetProviderPath
WSAGetLastError

Exports

Exports

GetLspGuid
IKUStartup
Ioctl
WSPStartup

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.ico
intercept.wl
skin.ini
sqlite3.dll
.dll windows:4 windows x86 arch:x86

b9a3d9f52b4536e26801ad3ea75a91f3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetProcAddress
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LockFile
LockFileEx
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TryEnterCriticalSection
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memmove
memset
realloc
strcmp
strncmp
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_apis
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_step
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

.text
Size: 282KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 512B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tudouDetector.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3e01ac36ae83376def732f949ec0ccaa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

eb:59:f9:80:f7:ad:cc:2f:8e:94:dd:6c:fb:21:b7:a9:0e:74:46:98
Signer

Actual PE Digest

eb:59:f9:80:f7:ad:cc:2f:8e:94:dd:6c:fb:21:b7:a9:0e:74:46:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN\install.v3\src\iFeisu_trunk\client\feisu\bin\Release\tudouDetector.pdb

Imports

wininet

InternetGetConnectedState
InternetSetOptionA
InternetQueryOptionA
InternetGetConnectedStateEx

kernel32

GlobalFlags
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapFree
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetConsoleCP
GetConsoleMode
GetACP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalReAlloc
TlsGetValue
LocalAlloc
CreateFileA
FindFirstFileA
FindClose
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentProcessId
GlobalAddAtomA
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetProcAddress
FormatMessageA
LocalFree
Sleep
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenMutexA
CloseHandle
OutputDebugStringA
WinExec
lstrcatA
lstrcpyA
GetWindowsDirectoryA
LoadLibraryA
SetLastError
FlushInstructionCache
GlobalFree
GetCurrentProcess
GlobalAlloc
GlobalUnlock
GetCurrentThreadId
GlobalLock
lstrcmpA
MulDiv
GlobalHandle
LockResource
GetThreadLocale
LeaveCriticalSection
GetModuleHandleA
FreeLibrary
InitializeCriticalSection
GetModuleFileNameA
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
IsDBCSLeadByte
EnterCriticalSection
InterlockedDecrement
RaiseException
DeleteCriticalSection
InterlockedIncrement
SetThreadLocale
WideCharToMultiByte
GetLastError
CompareStringA
lstrlenW
MultiByteToWideChar
lstrlenA
lstrcmpiA
InterlockedExchange
CompareStringW
GetVersion
InterlockedCompareExchange
IsProcessorFeaturePresent
IsDebuggerPresent

user32

SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetMenu
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetSystemMetrics
GetSysColorBrush
UnregisterClassA
CopyRect
GrayStringA
DrawTextExA
DrawTextA
GetClassLongA
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
PostQuitMessage
GetMenuItemID
GetMenuItemCount
PostMessageA
DestroyMenu
TrackPopupMenu
GetSubMenu
LoadMenuA
GetCapture
KillTimer
PtInRect
SetTimer
CopyIcon
SendDlgItemMessageA
SetWindowContextHelpId
GetWindowRect
MapDialogRect
SetCursor
WindowFromPoint
GetCursorPos
GetDlgItem
GetClientRect
CallWindowProcA
GetParent
IsChild
SetFocus
SetCapture
LoadIconA
TabbedTextOutA
WinHelpA
GetWindowLongA
ReleaseCapture
GetWindow
SetWindowPos
MoveWindow
SetWindowLongA
CreateAcceleratorTableA
RegisterClassExA
GetClassNameA
GetSysColor
IsWindow
RedrawWindow
LoadCursorA
GetDesktopWindow
GetWindowTextLengthA
GetClassInfoExA
ShowWindow
FillRect
InvalidateRgn
RegisterWindowMessageA
GetFocus
DestroyAcceleratorTable
CreateDialogIndirectParamA
InvalidateRect
GetWindowTextA
SetWindowTextA
ReleaseDC
DefWindowProcA
SendMessageA
GetDC
EndPaint
BeginPaint
DestroyWindow
CreateWindowExA
ScreenToClient
ClientToScreen
CharNextA
CharUpperA
GetMenuState

gdi32

TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
DeleteObject
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
DeleteDC
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
GetStockObject
CreateSolidBrush
ExtTextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegEnumKeyA
RegOpenKeyA
RegQueryValueExA
RegQueryValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoGetClassObject
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemAlloc

oleaut32

SysFreeString
UnRegisterTypeLi
SysAllocString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
SysStringLen
VariantInit
VariantClear
VarBstrCmp
SysAllocStringLen
OleCreateFontIndirect
LoadRegTypeLi
SysStringByteLen
VariantChangeType

gdiplus

GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipReleaseDC
GdipDrawImageI
GdipAlloc
GdipCreateFromHDC
GdipCloneImage
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipDeleteGraphics

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tudouva.ini
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/05/2012, 00:00

Not After

27/06/2015, 23:59

Subject

CN=Shanghai Quan Tudou Network Technology Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanghai Quan Tudou Network Technology Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e0:1a:c9:73:61:ea:0f:57:15:bc:4a:5f:94:8d:14:1f:aa:ff:46:48
Signer

Actual PE Digest

e0:1a:c9:73:61:ea:0f:57:15:bc:4a:5f:94:8d:14:1f:aa:ff:46:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetVersion.dll
.dll windows:4 windows x86 arch:x86

0125039a427c6f95b3acc9227413ece5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrcatA
lstrcmpiA
GetVersionExA
GlobalAlloc
GetSystemInfo
GetProcAddress
lstrcpynA

user32

GetSystemMetrics
wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

WindowsName
WindowsPlatformArchitecture
WindowsPlatformId
WindowsServerName
WindowsServicePack
WindowsServicePackBuild
WindowsType
WindowsVersion

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Rfshdktp.dll
.dll windows:4 windows x86 arch:x86

042f3c184e7c0923b6325ab1dc09aed7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHChangeNotify

Exports

Exports

refreshDesktop

Sections

.text
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

55a6a096df3564193c302728985d6bda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateProcessA
GlobalAlloc
lstrlenA
GetVersionExA
SetLastError
GetProcAddress
lstrcmpiA
GetCurrentThreadId
GetCommandLineA
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
GetLastError
DuplicateHandle
SetCurrentDirectoryA
MapViewOfFile
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetExitCodeThread
CreateThread
CreateFileMappingA
CreateEventA
MultiByteToWideChar
FormatMessageA
LocalFree
GlobalFree
CloseHandle
GetModuleFileNameA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
SetEvent
LoadLibraryA

user32

DialogBoxParamA
CharNextA
CallNextHookEx
SetForegroundWindow
IsWindowVisible
GetClassNameA
SetWindowsHookExA
DispatchMessageA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
DefWindowProcA
PostMessageA
CreateWindowExA
GetWindowThreadProcessId
CallWindowProcA
SetWindowPos
GetWindowRect
UnhookWindowsHookEx
GetClientRect
FindWindowExA
LoadIconA
CreateDialogParamA
GetWindowLongA
SendMessageW
MessageBoxA
EndDialog
SetWindowLongA
DestroyWindow
EnableWindow
ShowWindow
wsprintfA
GetDlgItem
SendMessageA
LoadStringA
LoadImageA

advapi32

GetUserNameA
OpenSCManagerA
CloseServiceHandle
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA
QueryServiceStatus
OpenServiceA

shell32

ShellExecuteExA

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsProcess.dll
.dll windows:4 windows x86 arch:x86

c9fc7f6df8fedf8f8f1f9f820c072664

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
TerminateProcess
OpenProcess
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
lstrcpynA
GlobalAlloc

Exports

Exports

_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 146B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ver.ini

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

51:b0:56:95:47:f0:d8:49:b5:0a:74:ac:03:17:b0:0e:88:a4:b1:79Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 169KB - Virtual size: 169KB

0125039a427c6f95b3acc9227413ece5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: - Virtual size: 16B

.reloc Size: 512B - Virtual size: 290B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4a:28:9f:c3:6a:df:a8:c4:6a:a3:80:2b:9e:73:8d:20
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

51:b0:56:95:47:f0:d8:49:b5:0a:74:ac:03:17:b0:0e:88:a4:b1:79
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 169KB - Virtual size: 169KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 290B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 512B - Virtual size: 84B

.rdata
Size: 512B - Virtual size: 206B

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 48B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 10KB - Virtual size: 9KB

.data
Size: 1024B - Virtual size: 852B

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 1024B - Virtual size: 972B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB