acd16a0227b454f29a3c1076957a7cd1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

acd16a0227b454f29a3c1076957a7cd1_JaffaCakes118
Size

1.3MB
MD5

acd16a0227b454f29a3c1076957a7cd1
SHA1

15dd9efe920f6d6c0f2565cbdbac1915fdd90df4
SHA256

060a13671e38ad7d1326fe38ad16fa81ab23a786ccebe22b3983f1a1570750eb
SHA512

428fa3801359bfea5113e1deb1a2f0f51db91d564b2d43c4c5aa7f67e4d05159ff749ebe511b92c3f89d3a858e49e449b26acebd7f1feb2a7169311d5c464e1c
SSDEEP

24576:rG2J+w8LPJNdLxnwrf6V1EauqePsvZqExASVSVNjoTN1FH9PVnM:i2J+wkdLFusznULoB1B9P9M

Score

1^/10

Malware Config

Signatures

Files

acd16a0227b454f29a3c1076957a7cd1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:d5:a3:b8:cc:89:7a:c9:5c:be:22:60:7f:14:62:bb:b5:8c:c7:f9:ba:06:67:3c:c2:81:5c:5a:4e:47:ac:56
Signer

Actual PE Digest

79:d5:a3:b8:cc:89:7a:c9:5c:be:22:60:7f:14:62:bb:b5:8c:c7:f9:ba:06:67:3c:c2:81:5c:5a:4e:47:ac:56

Digest Algorithm

sha256

PE Digest Matches

true

24:3d:2f:fc:88:70:92:51:dd:08:42:eb:ed:72:b2:72:2b:6b:c6:91
Signer

Actual PE Digest

24:3d:2f:fc:88:70:92:51:dd:08:42:eb:ed:72:b2:72:2b:6b:c6:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallHelper.dll
.dll windows:4 windows x86 arch:x86

fdc0e837771d9e26e4849f0d91c59304

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:aa:45:46:26:54:54:43:fc:0d:d5:c8:cd:9d:11:80:64:02:e5:fa:25:a3:d7:5e:61:0f:ad:a3:af:81:9e:74
Signer

Actual PE Digest

3f:aa:45:46:26:54:54:43:fc:0d:d5:c8:cd:9d:11:80:64:02:e5:fa:25:a3:d7:5e:61:0f:ad:a3:af:81:9e:74

Digest Algorithm

sha256

PE Digest Matches

true

34:f5:a5:10:ce:31:d1:69:75:5b:77:1f:aa:91:1c:66:ff:bf:59:6f
Signer

Actual PE Digest

34:f5:a5:10:ce:31:d1:69:75:5b:77:1f:aa:91:1c:66:ff:bf:59:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\aaronymhe\TencentVideoWindows\Setup\PluginSource\InstallHelper\Release\InstallHelper.pdb

Imports

kernel32

TerminateThread
LocalFree
OpenMutexW
GetFileSize
CreateMutexW
MapViewOfFileEx
GetCPInfo
IsDBCSLeadByte
OpenFileMappingW
GetFileAttributesExW
CreateDirectoryW
CreateFileW
GetCurrentThread
ExpandEnvironmentStringsW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
ReadFile
SetEndOfFile
GetTimeZoneInformation
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
LeaveCriticalSection
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
VirtualAlloc
VirtualFree
HeapCreate
FatalAppExitA
IsValidCodePage
GetOEMCP
ExitProcess
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
RtlUnwind
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
EnterCriticalSection
DeleteCriticalSection
UnmapViewOfFile
InitializeCriticalSection
WriteFile
DisconnectNamedPipe
GetCurrentProcess
GetModuleHandleExW
GetLocalTime
MapViewOfFile
CreateFileMappingW
ConnectNamedPipe
CreateNamedPipeW
GetDiskFreeSpaceExW
GetFileAttributesW
GetDriveTypeW
lstrcpyW
GetCurrentThreadId
CreateTimerQueueTimer
DeleteTimerQueueTimer
lstrcmpiW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
GetPrivateProfileIntW
Sleep
GlobalAlloc
lstrcpynW
GlobalFree
GetCurrentProcessId
CloseHandle
Process32NextW
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
FindResourceExW
GetVersionExA
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
LoadResource
LockResource
SizeofResource
FindResourceW
TerminateProcess
GetLastError
GetVersionExW
GetFileType

user32

wsprintfW
GetCapture
ReleaseCapture
GetCursorPos
MapWindowPoints
GetClientRect
MonitorFromWindow
GetMonitorInfoW
IsWindow
MoveWindow
SetFocus
DestroyWindow
CallWindowProcW
DefWindowProcW
InvalidateRect
TrackMouseEvent
CreateWindowExW
PostMessageW
SetWindowPos
GetDesktopWindow
GetWindowRect
SendMessageW
GetWindow
GetParent
GetWindowLongW
MessageBoxW
PostThreadMessageW
GetAncestor
IsZoomed
SetWindowsHookExW
GetFocus
CallNextHookEx
EnumThreadWindows
UnhookWindowsHookEx
GetSystemMetrics
LoadCursorW
RegisterClassExW
UpdateLayeredWindow
UnregisterClassA
SetTimer
EndPaint
BeginPaint
GetWindowTextW
GetClassNameW
GetDlgItemTextW
ScreenToClient
FillRect
SetScrollPos
GetWindowDC
PtInRect
GetDlgItem
ReleaseDC
GetDC
SetWindowTextW
IsIconic
UpdateWindow
IsWindowEnabled
KillTimer
SetCursor
IsWindowVisible
ClientToScreen
EnableWindow
DrawTextW
SetWindowLongW
ShowWindow

gdi32

GetDeviceCaps
CombineRgn
SetStretchBltMode
GetStretchBltMode
SetDCPenColor
GetStockObject
ExtSelectClipRgn
CreateRectRgnIndirect
GetTextMetricsW
CreateFontW
CreatePatternBrush
TextOutW
SetTextColor
SetBkMode
SelectObject
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
Rectangle

advapi32

GetSidSubAuthorityCount
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyExW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetSecurityInfo
GetTokenInformation
OpenThreadToken
GetSidSubAuthority
OpenProcessToken
GetSidIdentifierAuthority
IsTextUnicode
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo

shell32

SHGetSpecialFolderPathW
ShellExecuteExW
SHGetFolderPathW
SHCreateDirectoryExW

oleaut32

SysFreeString

shlwapi

PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

gdiplus

GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipFree
GdipAlloc
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile

msimg32

AlphaBlend

psapi

GetModuleBaseNameW

wintrust

WinVerifyTrust

crypt32

CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CertCreateCertificateContext
CryptMsgGetParam
CryptQueryObject
CertCloseStore

Exports

Exports

CheckClickFastInstall
CreateCustomPage
CreateFinishPage
CreateInstallPage
CreateWelcomePage
DestroyWnd
ExecWaitAndTimeout
GetCheck
GetFileVersion
GetFinishPageClick
GetOSVersionStringInfo
GetParentProcessName
InitSkin
InitSystemBootStartValue
IsFinishPageBindSoftware
Log
MoveWindowRect
MyReleaseCapture
NeedBindSoftAfterInstall
NeedRunAfterInstall
NeedRunOnStartup
SetCheck
SetFocusWnd
SetInstallDir
SkipFinishPage
UIUpdateInstallProgress
UIUpdateInstallStatus
UnInitSkin

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ProcDll.dll
.dll windows:4 windows x86 arch:x86

d51f4eb336e6d559e03d46544ccf439d

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6b:d4:2d:e9:e5:c7:2f:17:7a:91:c7:ab:bb:3b:0d:4a:59:ff:ec:bd:a3:94:57:d5:36:31:bd:af:96:8d:4a:f7
Signer

Actual PE Digest

6b:d4:2d:e9:e5:c7:2f:17:7a:91:c7:ab:bb:3b:0d:4a:59:ff:ec:bd:a3:94:57:d5:36:31:bd:af:96:8d:4a:f7

Digest Algorithm

sha256

PE Digest Matches

true

b9:64:e5:28:5b:18:e0:c1:ad:b5:60:04:97:e0:ed:5a:33:46:18:56
Signer

Actual PE Digest

b9:64:e5:28:5b:18:e0:c1:ad:b5:60:04:97:e0:ed:5a:33:46:18:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\aaronymhe\TencentVideoWindows\Setup\PluginSource\ProcDLL\Release\ProcDLL.pdb

Imports

kernel32

lstrlenW
GetPrivateProfileStringW
GetModuleHandleW
GetSystemDirectoryW
GlobalFree
lstrcpyW
GlobalAlloc
GetCurrentThreadId
lstrcatW
QueryDosDeviceW
GetLogicalDriveStringsW
GetTickCount
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
GetModuleFileNameW
SetFileAttributesW
CopyFileW
LocalFree
TerminateProcess
DuplicateHandle
TerminateThread
VirtualFree
VirtualAlloc
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetLongPathNameW
GetPrivateProfileIntW
OutputDebugStringW
GlobalSize
GlobalUnlock
GlobalLock
GetTempPathW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
SetFilePointer
GetFileType
SystemTimeToFileTime
GetCurrentDirectoryW
DosDateTimeToFileTime
SetFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
GetLocalTime
GetSystemTime
GetFileInformationByHandle
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
SetEndOfFile
GetDiskFreeSpaceW
UnlockFile
DeleteFileA
LockFileEx
AreFileApisANSI
WritePrivateProfileStringW
GetSystemInfo
GetTempPathA
GetFullPathNameW
HeapValidate
GetDiskFreeSpaceA
GetFileAttributesA
FormatMessageA
GetExitCodeProcess
CreateMutexW
OutputDebugStringA
UnlockFileEx
FormatMessageW
CreateFileMappingA
WaitForSingleObjectEx
GetFileAttributesExW
LockFile
FlushViewOfFile
GetThreadLocale
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InterlockedExchange
SetConsoleCtrlHandler
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
HeapSize
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
ExitProcess
FatalAppExitA
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetCurrentThread
MoveFileW
Sleep
MoveFileExW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetFileSize
ReadFile
GetFullPathNameA
ExpandEnvironmentStringsW
WriteFile
FreeLibrary
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
DeviceIoControl
CreateThread
WaitForSingleObject
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
CreateProcessW
LoadLibraryW
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
GetFileAttributesW
GetVersionExW
CreateFileW
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
Module32FirstW
Module32NextW
Process32NextW
LoadLibraryA
GetProcAddress
lstrcpynW
OpenProcess
lstrcmpiW
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetVersionExA
GetCommandLineA
ResumeThread
ExitThread
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CloseHandle
HeapCompact

user32

GetClientRect
BeginPaint
CallWindowProcW
SendMessageW
RedrawWindow
SetWindowPos
SetWindowLongW
PostMessageW
IsWindow
DestroyWindow
DispatchMessageW
TranslateMessage
wsprintfW
UnregisterClassA
WaitForInputIdle
GetDesktopWindow
EnumChildWindows
GetWindowLongW
FindWindowW
GetWindowThreadProcessId
EndPaint
GetDC
EnumDisplayDevicesW
AllowSetForegroundWindow
MsgWaitForMultipleObjects
PeekMessageW
LoadImageW
DialogBoxParamW
IsClipboardFormatAvailable
OpenClipboard
GetClipboardData
CloseClipboard
GetDlgItem
UpdateWindow
LoadStringW
ScreenToClient
MoveWindow
SetTimer
SetWindowTextW
SetDlgItemTextW
BringWindowToTop
EndDialog
KillTimer
GetParent
GetWindow
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
GetClassNameW
SendMessageTimeoutW
ClientToScreen
OffsetRect
FindWindowExW
EnumWindows
GetWindowTextW
CharNextW
FillRect
LoadBitmapW
ReleaseDC
GetForegroundWindow
SetForegroundWindow
IsWindowVisible
AttachThreadInput
CreateDialogParamW
SetLayeredWindowAttributes
CreateWindowExW
ShowWindow
GetMessageW
IsDialogMessageW

gdi32

GetStockObject
CreateSolidBrush
SetBkMode
CreateFontW
SetTextColor
TextOutW
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt
GetDeviceCaps

advapi32

LookupPrivilegeValueW
OpenProcessToken
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
DeleteService
OpenSCManagerW
ConvertStringSidToSidW
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
EnumDependentServicesW
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExA
RegOpenKeyW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
DuplicateTokenEx
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
AdjustTokenPrivileges

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
SHGetMalloc
SHFileOperationW
SHCreateDirectoryExW
SHChangeNotify

ole32

CoFreeLibrary
CoCreateGuid
CLSIDFromString
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoSetProxyBlanket
CoTaskMemAlloc
CoTaskMemRealloc
CoInitializeEx
CoLoadLibrary

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VarUI4FromStr
VariantClear
VariantInit
GetErrorInfo
VariantChangeType
CreateErrorInfo
SetErrorInfo
SysStringByteLen

shlwapi

PathFileExistsW
PathAppendW
PathStripPathW
PathIsDirectoryEmptyW
ord176
wnsprintfW
PathFindFileNameW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetWkstaTransportEnum
Netbios
NetApiBufferFree

psapi

GetModuleBaseNameW
EnumProcessModules
GetModuleFileNameExW
GetProcessImageFileNameW

wininet

InternetGetCookieExW
InternetSetCookieExW
InternetSetCookieW
InternetGetCookieW

urlmon

URLDownloadToFileW

Exports

Exports

AddToFirewall
AsynDownload
AsynGetAndWriteHardwareInfo
AsynIPControlDownload
ChangeCacheACL
CheckAndRenameFiles
CheckDeleteUserDataFlag
CheckDownload
CheckExclude360
CheckExcludeProcess
CheckIPControlDownload
CheckInstallPath
CheckInstallType
CheckIsWindows10OrGreater
CheckIsWindows7OrGreater
CheckModuleUsing
CheckRunUIFlag
ClearP2PCache
ClearSSOConfig
CreateBitmapCtrl
CreateDiskShortCut
CreatePath
DeleteConnectTypeFile
DeleteDiskShortCut
DeleteInstalledToBrowserCookie
DeleteOldDirectory
DeleteTencentVideoLibraryShortcut
DeleteUserDesktopIcon
Destroy
ExcuteAsExplorer
ExcuteAsParent
ExitQQLiveServiceProcess
FindProcessByName
GetChannelFormIECookie
GetCheckBoxStatus
GetClipboard
GetCommentsInfo
GetFileVersion
GetGrandParentName
GetOSVersion
GetOriginalFilenameInfo
GetParentProcName
GetProtocalVersion
GetQNASCustomFlag
GetQNFCustomFlag
GetQSCMCustomFlag
GetShortCutOfApplicationInDirectory
GetUrlEncode
GetUserGUID
GetUserGUID2
HasUserAborted
InitFirewallInterface
InvokeShellVerb
IsProcRunning
JoinExCommandLine
KillProcByID
KillProcByName
KillProcByNameAndWait
KillProcByNameAndWait2
KillProcByPath
KillProcByPathAndWait
LockIEMainPage
ModifyDirPage
OpenFirewall
OpenFirewallWithoutInit
OpenUrlByDefaultBrowser
ParseCmdLine
PinOrUnpinStartMenuIcon
PinOrUnpinStartScreenIcon
PinOrUnpinTaskBarIcon
PopupTipBesideShortcut
RegMultiSzEdit
RegisterQQLiveProtocal
RemoveFirewall
RemoveFirewallWithoutInit
RemoveFromFirewall
SetCompletionRate
SetCtrlFontTitle
SetIEMainPage
SetInstallPath
SetInstallProgress
Show
ShowMsgBox
SvcUninstall
UnRegisterQQLiveProtocal
UnRegisterQQLiveService
UninitFirewallInterface
UnloadMatrixDriver
Update
UpdateAppData
WordFindHelper
WriteBootAutoRun
WriteConnectTypeFile
WriteConnectTypeFileEx
WriteHardInfoInRegForCheck
WriteInstalledToBrowserCookie
WriteQEACFlag
WriteQNASCustomFlag
WriteQNFCustomFlag
WriteQNMNFlag
WriteQNPSFlag
WriteQSCMCustomFlag
WriteUnistFlag
WriteVerInfo
free_instfilespage_bitmap
getWindow
kill_instfilespage_timer
load_instfilespage_bitmap
start_instfilespage_timer

Sections

.text
Size: 804KB - Virtual size: 801KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Statistics.exe
.exe windows:4 windows x86 arch:x86

d044c73a7b47164f3592590941b80f03

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:f3:f3:99:6f:d4:af:e1:48:99:d5:b1:c7:c2:4a:f6:ea:97:da:8b:9a:17:87:5f:e1:fe:d6:6c:28:9b:0e:80
Signer

Actual PE Digest

a8:f3:f3:99:6f:d4:af:e1:48:99:d5:b1:c7:c2:4a:f6:ea:97:da:8b:9a:17:87:5f:e1:fe:d6:6c:28:9b:0e:80

Digest Algorithm

sha256

PE Digest Matches

true

07:bd:90:50:68:78:1d:62:4d:c3:80:b0:b8:6f:0c:c2:6f:ee:53:68
Signer

Actual PE Digest

07:bd:90:50:68:78:1d:62:4d:c3:80:b0:b8:6f:0c:c2:6f:ee:53:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\aaronymhe\TencentVideoWindows\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
GetCurrentProcess
GetModuleHandleExW
TerminateThread
WaitForSingleObject
CreateNamedPipeW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
GetProcAddress
SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetSystemDirectoryW
InterlockedDecrement
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
ConnectNamedPipe
QueryPerformanceCounter
FlushConsoleInputBuffer
DisconnectNamedPipe
OutputDebugStringW
CopyFileW
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
MultiByteToWideChar
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
lstrlenA
lstrlenW
WideCharToMultiByte
GetFileAttributesExW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetFilePointer
FlushFileBuffers
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
ReadFile
GetConsoleCP
GetModuleFileNameA
LoadLibraryA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxA
LoadStringW
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
GetDC
UnregisterClassA
EnumDisplayDevicesW
PostThreadMessageW
SendMessageTimeoutW

gdi32

DeleteObject
GetObjectA
GetDIBits
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
CreateCompatibleBitmap

advapi32

SetNamedSecurityInfoW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo
SysStringLen
SysFreeString
CreateErrorInfo

shlwapi

PathFileExistsW
PathAppendW
StrToIntW
PathRemoveFileSpecW

ws2_32

inet_ntoa
socket
inet_addr
htons
closesocket
sendto
select
__WSAFDIsSet
recvfrom
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
ntohs

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetOpenW
InternetReadFile
InternetSetCookieW
InternetSetOptionW
DeleteUrlCacheEntryW
HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
InternetWriteFile
InternetSetCookieExW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleBaseNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

6c41c5e4d44f55745b925cc4e42b7fab

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab
Signer

Actual PE Digest

7e:b0:fb:5d:13:9e:33:dd:a6:22:f5:a1:81:52:98:ea:27:a9:47:b8:b0:0e:ff:d8:3a:28:e4:80:b6:52:c0:ab

Digest Algorithm

sha256

PE Digest Matches

true

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0
Signer

Actual PE Digest

b5:7e:46:10:7b:e1:58:e6:6a:b5:c2:03:aa:cb:03:66:8e:ef:2f:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 899B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 574B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioC.ini
$TEMP/Statistics.exe
.exe windows:4 windows x86 arch:x86

d044c73a7b47164f3592590941b80f03

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08-02-2010 00:00

Not After

07-02-2020 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

11-10-2018 00:00

Not After

02-02-2020 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=研发管理部,O=Tencent Technology(Shenzhen) Company Limited,L=Shenzhen,ST=Guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:f3:f3:99:6f:d4:af:e1:48:99:d5:b1:c7:c2:4a:f6:ea:97:da:8b:9a:17:87:5f:e1:fe:d6:6c:28:9b:0e:80
Signer

Actual PE Digest

a8:f3:f3:99:6f:d4:af:e1:48:99:d5:b1:c7:c2:4a:f6:ea:97:da:8b:9a:17:87:5f:e1:fe:d6:6c:28:9b:0e:80

Digest Algorithm

sha256

PE Digest Matches

true

07:bd:90:50:68:78:1d:62:4d:c3:80:b0:b8:6f:0c:c2:6f:ee:53:68
Signer

Actual PE Digest

07:bd:90:50:68:78:1d:62:4d:c3:80:b0:b8:6f:0c:c2:6f:ee:53:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\aaronymhe\TencentVideoWindows\Setup\PluginSource\Statistics\Release\Statistics.pdb

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetLocalTime
GetCurrentProcess
GetModuleHandleExW
TerminateThread
WaitForSingleObject
CreateNamedPipeW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
FreeLibrary
GetProcAddress
SetFileAttributesW
MoveFileW
LocalFree
GetModuleHandleW
CreateProcessW
GetModuleFileNameW
DeviceIoControl
GetSystemDirectoryW
InterlockedDecrement
SetUnhandledExceptionFilter
GetSystemTime
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
ConnectNamedPipe
QueryPerformanceCounter
FlushConsoleInputBuffer
DisconnectNamedPipe
OutputDebugStringW
CopyFileW
GetTickCount
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
WriteConsoleW
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetVersion
LoadLibraryW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TerminateProcess
DeleteFileW
Sleep
CreateToolhelp32Snapshot
Process32FirstW
MultiByteToWideChar
Process32NextW
CreateDirectoryW
CreateFileW
WriteFile
OpenProcess
CloseHandle
lstrlenA
lstrlenW
WideCharToMultiByte
GetFileAttributesExW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetHandleCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetFilePointer
FlushFileBuffers
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
ReadFile
GetConsoleCP
GetModuleFileNameA
LoadLibraryA
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
IsValidCodePage
GetOEMCP
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetStartupInfoA
GetCommandLineA
GetSystemTimeAsFileTime
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedIncrement
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

MessageBoxA
LoadStringW
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
GetDC
UnregisterClassA
EnumDisplayDevicesW
PostThreadMessageW
SendMessageTimeoutW

gdi32

DeleteObject
GetObjectA
GetDIBits
GetDeviceCaps
RemoveFontResourceW
AddFontResourceW
CreateCompatibleBitmap

advapi32

SetNamedSecurityInfoW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyW
ReportEventA
DeregisterEventSource
RegisterEventSourceA
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW

shell32

SHGetSpecialFolderPathW
ord680
SHGetPathFromIDListW
CommandLineToArgvW
SHGetSpecialFolderLocation
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW

ole32

CoInitializeEx
CoCreateInstance
StringFromGUID2
CLSIDFromString
CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
GetErrorInfo
VariantChangeType
VariantInit
SetErrorInfo
SysStringLen
SysFreeString
CreateErrorInfo

shlwapi

PathFileExistsW
PathAppendW
StrToIntW
PathRemoveFileSpecW

ws2_32

inet_ntoa
socket
inet_addr
htons
closesocket
sendto
select
__WSAFDIsSet
recvfrom
htonl
ntohl
WSAGetLastError
WSAStartup
WSACleanup
gethostbyname
ntohs

wininet

HttpAddRequestHeadersW
HttpOpenRequestW
HttpQueryInfoW
InternetConnectW
InternetOpenW
InternetReadFile
InternetSetCookieW
InternetSetOptionW
DeleteUrlCacheEntryW
HttpSendRequestW
InternetCloseHandle
InternetOpenUrlW
InternetWriteFile
InternetSetCookieExW
HttpEndRequestW
HttpSendRequestExW

psapi

GetModuleBaseNameW
GetModuleFileNameExW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

urlmon

URLDownloadToFileW

wintrust

WinVerifyTrust

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptMsgClose
CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertGetNameStringW

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

iphlpapi

IcmpSendEcho
IcmpCloseHandle
IcmpCreateFile

Sections

.text
Size: 924KB - Virtual size: 923KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 268KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1f23f452093b5c1ff091a2f9fb4fa3e9

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

79:d5:a3:b8:cc:89:7a:c9:5c:be:22:60:7f:14:62:bb:b5:8c:c7:f9:ba:06:67:3c:c2:81:5c:5a:4e:47:ac:56Signer

24:3d:2f:fc:88:70:92:51:dd:08:42:eb:ed:72:b2:72:2b:6b:c6:91Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 128KB

.ndata Size: - Virtual size: 232KB

.rsrc Size: 287KB - Virtual size: 286KB

fdc0e837771d9e26e4849f0d91c59304

Code Sign

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

3f:aa:45:46:26:54:54:43:fc:0d:d5:c8:cd:9d:11:80:64:02:e5:fa:25:a3:d7:5e:61:0f:ad:a3:af:81:9e:74Signer

34:f5:a5:10:ce:31:d1:69:75:5b:77:1f:aa:91:1c:66:ff:bf:59:6fSigner

Headers

File Characteristics

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

79:d5:a3:b8:cc:89:7a:c9:5c:be:22:60:7f:14:62:bb:b5:8c:c7:f9:ba:06:67:3c:c2:81:5c:5a:4e:47:ac:56
Signer

24:3d:2f:fc:88:70:92:51:dd:08:42:eb:ed:72:b2:72:2b:6b:c6:91
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 128KB

.ndata
Size: - Virtual size: 232KB

.rsrc
Size: 287KB - Virtual size: 286KB

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

3f:aa:45:46:26:54:54:43:fc:0d:d5:c8:cd:9d:11:80:64:02:e5:fa:25:a3:d7:5e:61:0f:ad:a3:af:81:9e:74
Signer

34:f5:a5:10:ce:31:d1:69:75:5b:77:1f:aa:91:1c:66:ff:bf:59:6f
Signer

.text
Size: 264KB - Virtual size: 260KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 884B

.reloc
Size: 16KB - Virtual size: 12KB

7c:44:3d:7d:bb:05:4e:45:9c:51:3d:66:5d:fa:8d:b7
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

5d:2d:8c:bf:49:c9:09:4c:7e:a9:9e:6a:68:36:5e:32
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

6b:d4:2d:e9:e5:c7:2f:17:7a:91:c7:ab:bb:3b:0d:4a:59:ff:ec:bd:a3:94:57:d5:36:31:bd:af:96:8d:4a:f7
Signer

b9:64:e5:28:5b:18:e0:c1:ad:b5:60:04:97:e0:ed:5a:33:46:18:56
Signer