ad3c705d30aaf8b8dd7b15d3c38bfc3d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad3c705d30aaf8b8dd7b15d3c38bfc3d_JaffaCakes118
Size

2.7MB
MD5

ad3c705d30aaf8b8dd7b15d3c38bfc3d
SHA1

432d031de9c5763c4cb9af2d632d3a32ee91aace
SHA256

9760ee12d14854ff4b062282bc6c00c499e5452f12d97722cbf55e233e18b4c3
SHA512

83e16491a0bbfa7cd7a326cdbeade3367f46a70819f36762a325a027d7e53fda59c081816185d783ca3f38175aa4a0a866b1976d3e20397f709a8c42668fd515
SSDEEP

49152:3gHla9oxWD3C7sP+j0avVM7DXP72987XrW6JgJKRURQPbnDNSmALjHR4anP:3wa90IY2732wbWKgwRlPbGRRP

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/iLemon/lpk.dll
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/nsisdl.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/iLemon/setup_1.3.1.1002_qd[1].exe	nsis_installer_1
static1/unpack001/iLemon/setup_1.3.1.1002_qd[1].exe	nsis_installer_2

Files

ad3c705d30aaf8b8dd7b15d3c38bfc3d_JaffaCakes118
.rar
iLemon/lpk.dll
.dll windows:5 windows x86 arch:x86

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetProcAddress
RtlMoveMemory
LoadLibraryW
lstrcatW
GetSystemDirectoryW
FreeLibrary
lstrcpynA
LockResource
LoadResource
SizeofResource
FindResourceW
CreateProcessW
RtlZeroMemory
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTempPathW
GetLastError
CreateMutexA
lstrcmpiW
GetModuleFileNameW
GetExitCodeProcess
TerminateProcess
WaitForSingleObject
GetCurrentThreadId
GetFileAttributesW
lstrcpyW
GetTickCount
GetLogicalDrives
FindNextFileW
SetFileAttributesW
CopyFileW
FindClose
FindFirstFileW
WaitForMultipleObjects
TerminateThread
ResumeThread
SetThreadPriority
CreateThread
SetEvent
CreateEventW
DisableThreadLibraryCalls

user32

wsprintfW

shell32

ord64
ord92

shlwapi

SHRegGetValueW
PathFindExtensionW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW
StrStrIW

Exports

Exports

LpkDllInitialize
LpkDrawTextEx
LpkEditControl
LpkExtTextOut
LpkGetCharacterPlacement
LpkGetTextExtentExPoint
LpkInitialize
LpkPSMTextOut
LpkTabbedTextOut
LpkUseGDIWidthCache
ftsWordBreak

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iLemon/setup_1.3.1.1002_qd[1].exe
.exe windows:4 windows x86 arch:x86

59a4a44a250c4cf4f2d9de2b3fe5d95f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:bd:b7:ed:dd:05:9a:29:b3:8e:dc:a0:8a:61:8a:b8:cc:e7:71:fd
Signer

Actual PE Digest

33:bd:b7:ed:dd:05:9a:29:b3:8e:dc:a0:8a:61:8a:b8:cc:e7:71:fd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
CloseHandle
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
GetTempPathA
GetWindowsDirectoryA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 96KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

38e7b5c3ee58b43a91f9679e94aabd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
GetPropA
CharPrevA
MapWindowPoints
DrawFocusRect
GetWindowLongA
GetClientRect
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
LoadCursorA
RemovePropA
DrawTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsisdl.dll
.dll windows:4 windows x86 arch:x86

35098e8775f91723e90a28745ef6495b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
MulDiv
WaitForSingleObject
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
CloseHandle
CreateThread

user32

SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CharPrevA
GetWindowRect
SetDlgItemTextA
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
wsprintfA
SendMessageA
SetWindowTextA
CreateWindowExA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

wsock32

__WSAFDIsSet
ioctlsocket
inet_ntoa
htons
socket
closesocket
shutdown
connect
gethostbyname
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/Data/ConfigData.ejd
1.3.1.1002/Data/ConfigData.exd
1.3.1.1002/Data/ROConfig.ini
1.3.1.1002/Data/doc_classification_rules.xml
1.3.1.1002/Data/festival.xml
1.3.1.1002/Data/shortcut_classification.json
1.3.1.1002/LemonCalendar.exe
.exe windows:5 windows x86 arch:x86

c9297d6a3eb3aa808c0ef537914eb695

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b4:bd:18:05:fa:6a:9a:73:5f:76:ee:54:77:44:24:c2:52:cd:99:86
Signer

Actual PE Digest

b4:bd:18:05:fa:6a:9a:73:5f:76:ee:54:77:44:24:c2:52:cd:99:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\LemonCalendar.pdb

Imports

kernel32

FlushViewOfFile
UnmapViewOfFile
SetEndOfFile
CreateFileMappingW
MapViewOfFile
SetFilePointer
OutputDebugStringW
GetThreadLocale
SetThreadLocale
MoveFileExW
SetFileAttributesW
ExitProcess
FindFirstFileW
DeviceIoControl
ReadFile
FindNextFileW
FindClose
SetErrorMode
CreateDirectoryW
GetFileSize
ExitThread
VirtualProtect
GetLongPathNameW
IsBadReadPtr
SetLastError
LoadLibraryW
SetProcessWorkingSetSize
GetLocalTime
WideCharToMultiByte
CreateThread
CloseHandle
WaitForSingleObject
Sleep
DecodePointer
GetCurrentThreadId
GetTickCount
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetQueuedCompletionStatus
LoadLibraryExW
CreateIoCompletionPort
GetExitCodeThread
PostQueuedCompletionStatus
GetNativeSystemInfo
SetUnhandledExceptionFilter
GetSystemInfo
WriteConsoleW
FlushFileBuffers
SetStdHandle
FindFirstFileExW
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetStdHandle
GetModuleHandleExW
GetFileAttributesExW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
lstrcmpA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
lstrlenA
lstrlenW
TerminateThread
InitializeCriticalSection
GetFileTime
GetVersionExW
DeleteFileW
WriteFile
CreateFileW
MultiByteToWideChar
RaiseException
lstrcmpiW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcessId
HeapDestroy
CreateMutexW
GetCurrentProcess
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
EncodePointer
IsDebuggerPresent
GlobalFree
GlobalAlloc
MulDiv
GetVersion
HeapReAlloc
HeapSize
InterlockedExchange
FreeLibraryAndExitThread

user32

CharNextW
DefWindowProcW
DispatchMessageW
GetParent
TranslateMessage
GetMessageW
MapWindowPoints
DestroyWindow
UnregisterClassW
SetWindowPos
SetWindowRgn
ClientToScreen
ShowWindow
GetDC
UpdateLayeredWindow
ReleaseDC
GetDlgItem
SendMessageW
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetCursorPos
PtInRect
PostMessageW
RegisterClassExW
CreateWindowExW
KillTimer
SetTimer
SetWindowTextW
PostQuitMessage
GetForegroundWindow
SetForegroundWindow
SetFocus
RegisterWindowMessageW
SystemParametersInfoW
MoveWindow
GetClassInfoExW
ReleaseCapture
SetCapture
LoadCursorW
TrackMouseEvent
InvalidateRect
EqualRect
GetClientRect
IsIconic
GetWindowRect
BeginPaint
CopyRect
GetMonitorInfoW
MonitorFromWindow
GetWindow
EnableWindow
GetWindowTextW
SetLayeredWindowAttributes
IntersectRect
DrawTextW
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetActiveWindow
SetRectEmpty
SetCursor
ScreenToClient
IsWindowVisible
FindWindowExW
FindWindowW
SendMessageTimeoutW
IsWindow
PeekMessageW
MessageBoxW
OffsetRect
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetSysColor
SetCaretPos
CreateCaret
GetCaretBlinkTime
wsprintfW
UpdateWindow
FillRect
GetFocus
GetWindowTextLengthW
DrawIconEx
GetIconInfo
IsRectEmpty
GetDoubleClickTime
EndPaint

gdi32

GetViewportOrgEx
SetTextCharacterExtra
GetCurrentObject
GetTextColor
CreateSolidBrush
SetBkColor
StretchBlt
SetStretchBltMode
SetPixel
GetDeviceCaps
CreateDIBSection
SetTextColor
SetBkMode
CreateFontIndirectW
GetObjectW
Rectangle
GetStockObject
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
CreateRectRgn
CombineRgn
CreateRoundRectRgn
BitBlt
DeleteDC
SetBitmapBits
GetBitmapBits
SelectObject
CreateCompatibleDC
DeleteObject

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
SystemFunction036

shell32

SHGetSpecialFolderPathW
ord165
ShellExecuteW
SHAppBarMessage

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
RegisterDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
VarBstrCmp
SysAllocString
VarUI4FromStr
SysFreeString
SysAllocStringByteLen
SysStringLen
SysStringByteLen

shlwapi

PathCombineW
PathAppendW
PathFileExistsW
PathRemoveFileSpecW
PathIsDirectoryW
PathFindFileNameW
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
SHGetValueW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdiplusStartup
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDrawString
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipCreateSolidFill
GdipCloneBrush
GdipDeleteBrush
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown

riched20

ord4

psapi

GetModuleFileNameExW

version

VerQueryValueW

netapi32

Netbios

wininet

HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

Sections

.text
Size: 712KB - Virtual size: 711KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 592B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/LemonService.exe
.exe windows:5 windows x86 arch:x86

d5cf1251b62581b50c2339f0b45ca219

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:da:3a:20:bf:f7:fd:a3:ca:a3:93:87:43:73:ef:d3:5b:8c:fe:12
Signer

Actual PE Digest

0d:da:3a:20:bf:f7:fd:a3:ca:a3:93:87:43:73:ef:d3:5b:8c:fe:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\LemonService.pdb

Imports

kernel32

GetVersionExW
WTSGetActiveConsoleSessionId
lstrlenW
GlobalFree
TerminateProcess
Sleep
MultiByteToWideChar
WriteFile
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindFirstFileExW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetFileType
GetACP
GetStdHandle
ExitProcess
GetModuleHandleExW
ExitThread
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
ReleaseSemaphore
VirtualProtect
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GlobalAlloc
GetTickCount
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
LoadLibraryW
GetProcAddress
WideCharToMultiByte
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetCurrentProcessId
DecodePointer
SetLastError
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FlushViewOfFile
OutputDebugStringW
RaiseException
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentProcess
DuplicateHandle
OpenProcess
WaitForSingleObject
LocalFree
SetEvent
ResetEvent
CreateEventW
DeleteCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
CreateFileW
MapViewOfFile
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
LCMapStringW
GetCPInfo
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
GetStringTypeW
TryEnterCriticalSection
GetCurrentThread
WaitForSingleObjectEx
LoadLibraryExW
CreateFileMappingW
CloseHandle
UnmapViewOfFile
GetOEMCP

user32

SendMessageW
PostQuitMessage
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW

advapi32

ReportEventW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
RegOpenKeyExW
DuplicateTokenEx
DeregisterEventSource
RegisterEventSourceW
StartServiceW
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
ConvertSidToStringSidW
GetUserNameW
RegCloseKey
RegQueryValueExW
SystemFunction036

shlwapi

PathCombineW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW

wtsapi32

WTSQueryUserToken

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/RunningHelper.exe
.exe windows:5 windows x86 arch:x86

a2cc57507034af183878aa76af86b32a

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:a7:f3:e2:1f:00:49:7d:55:cb:2a:7a:b7:d7:5e:5b:f0:a9:7a:77
Signer

Actual PE Digest

29:a7:f3:e2:1f:00:49:7d:55:cb:2a:7a:b7:d7:5e:5b:f0:a9:7a:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\RunningHelper.pdb

Imports

kernel32

InitializeCriticalSection
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
MulDiv
lstrcmpW
DeviceIoControl
lstrcmpA
GetFileSize
SetFileAttributesW
lstrlenW
MoveFileExW
lstrlenA
GetFileAttributesExW
SetThreadLocale
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
GlobalFree
RemoveDirectoryW
GetFileAttributesW
GetLongPathNameW
IsBadReadPtr
OpenProcess
GetVersionExW
GetSystemInfo
GetSystemDirectoryW
GetTempPathW
SetUnhandledExceptionFilter
VirtualProtect
ExitProcess
GetNativeSystemInfo
PostQueuedCompletionStatus
GetExitCodeThread
TerminateThread
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
SetErrorMode
Process32NextW
GetExitCodeProcess
CreateProcessA
DuplicateHandle
QueryPerformanceFrequency
Process32FirstW
FormatMessageA
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FindFirstFileExW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
ReadConsoleW
GetCurrentProcessId
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFileType
GetModuleFileNameA
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
SetEvent
ResetEvent
MapViewOfFile
SetEndOfFile
UnmapViewOfFile
CreateProcessW
OutputDebugStringW
SetFilePointer
CreateToolhelp32Snapshot
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
CreateDirectoryW
GetCommandLineW
InterlockedIncrement
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleFileNameW
InterlockedDecrement
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
WideCharToMultiByte
DeleteFileW
TerminateProcess
Sleep
GetTickCount
CreateFileW
GetTimeZoneInformation
GetLocalTime
ReadFile
GetOverlappedResult
WriteFile
InitializeCriticalSectionAndSpinCount
GetThreadLocale
GetACP
CreateThread
GetCurrentProcess
GetModuleHandleW
GetLastError
CreateEventW
WaitForSingleObject
CloseHandle
DeleteCriticalSection
DecodePointer
RaiseException
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
GetPrivateProfileStringW
GetConsoleMode
GetPrivateProfileIntW
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
CreatePipe

user32

CallWindowProcW
DefWindowProcW
ShowWindow
GetClassInfoExW
IsWindow
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
GetDesktopWindow
ReleaseDC
GetDC
InvalidateRect
InvalidateRgn
GetClientRect
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
GetParent
ClientToScreen
CreateAcceleratorTableW
CreateWindowExW
RedrawWindow
SetWindowPos
GetSysColor
GetClassNameW
GetDlgItem
RegisterClassExW
SendMessageW
GetWindow
SetFocus
GetFocus
EndPaint
BeginPaint
SetWindowTextW
UnregisterClassW
IsChild
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
SetTimer
KillTimer
MessageBoxW
MessageBoxA
PostMessageW
FindWindowW
CharNextW
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
LoadCursorW

gdi32

SelectObject
GetObjectW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
DeleteObject
BitBlt
DeleteDC
GetStockObject

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
StartServiceW
DeleteService
ControlService
CreateServiceW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
IsTextUnicode
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
SystemFunction036

shell32

ShellExecuteW
SHGetFolderPathW
ord165
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
OleInitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoCreateInstance
OleUninitialize

oleaut32

LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
SysAllocString
VariantClear
VariantInit
VarDateFromStr
SysFreeString
VarUI4FromStr
SystemTimeToVariantTime
SysStringLen
LoadTypeLi
VariantTimeToSystemTime

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
PathFindFileNameW
StrCpyNW
StrCmpNA
PathAddBackslashW
StrStrIW
PathIsRootW
PathCanonicalizeW
PathRemoveBackslashW
PathIsPrefixW
SHGetValueW
SHDeleteValueW
PathAppendW
PathFileExistsW

wininet

HttpOpenRequestW
HttpSendRequestW
InternetSetOptionW
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetCloseHandle
InternetSetFilePointer
InternetReadFile
InternetConnectW

ws2_32

WSAEventSelect
WSACreateEvent
WSAEnumNetworkEvents
shutdown
WSAGetLastError
WSASocketW
WSACloseEvent
closesocket
WSACleanup
WSAStartup
GetAddrInfoW
FreeAddrInfoW
WSASetLastError
gethostname
WSAConnect

netapi32

Netbios

crypt32

CryptBinaryToStringW
CryptStringToBinaryW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

version

VerQueryValueW

psapi

GetModuleFileNameExW

Sections

.text
Size: 677KB - Virtual size: 677KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/RunningHelper64.exe
.exe windows:5 windows x64 arch:x64

88ad4cf862ab2fe76a03bdb0ea05c473

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:16:bd:21:46:c8:a6:15:87:a2:f4:42:79:5e:5a:8e:45:2c:88:c9
Signer

Actual PE Digest

69:16:bd:21:46:c8:a6:15:87:a2:f4:42:79:5e:5a:8e:45:2c:88:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\RunningHelper64.pdb

Imports

kernel32

GlobalAlloc
SetLastError
SetFileAttributesW
lstrlenW
MoveFileExW
GetFileAttributesExW
CreateFileMappingW
GlobalFree
IsBadReadPtr
GetTempPathW
SetUnhandledExceptionFilter
VirtualProtect
ExitProcess
SetErrorMode
GetExitCodeProcess
CreateProcessA
DuplicateHandle
FormatMessageA
WriteConsoleW
GetConsoleCP
FlushFileBuffers
SetFilePointerEx
SetStdHandle
FindFirstFileExW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
ReadConsoleW
GetConsoleMode
EnumSystemLocalesW
GetUserDefaultLCID
GetTimeFormatW
GetDateFormatW
GetFileType
GetModuleFileNameA
GetStdHandle
GetModuleHandleExW
RtlUnwindEx
RtlPcToFileHeader
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
GetStringTypeW
LoadLibraryExA
GetCurrentProcessId
SetEvent
ResetEvent
MapViewOfFile
SetEndOfFile
UnmapViewOfFile
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryW
CreateDirectoryW
GetCommandLineW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetModuleFileNameW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
DeleteFileW
TerminateProcess
WideCharToMultiByte
CreateFileW
GetTimeZoneInformation
GetLocalTime
ReadFile
WriteFile
InitializeCriticalSectionAndSpinCount
GetACP
GetCurrentProcess
GetModuleHandleW
GetLastError
CreateEventW
WaitForSingleObject
CloseHandle
DeleteCriticalSection
DecodePointer
RaiseException
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
InitializeSListHead
EncodePointer
IsDebuggerPresent
OutputDebugStringW
IsValidLocale
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
QueryPerformanceFrequency
CreatePipe

user32

IsWindow
KillTimer
MessageBoxW
CharNextW
DestroyWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
SystemFunction036

shell32

ShellExecuteW
ord165
SHGetSpecialFolderPathW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VarUI4FromStr

shlwapi

PathCombineW
PathFindFileNameW
PathAppendW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW

version

VerQueryValueW

Sections

.text
Size: 474KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/Skin/CLD_DefaultSkin.skn
.zip
Calendar/ban_light.png
.png
Calendar/date_gray.png
.png
Calendar/date_light.png
.png
Calendar/date_white.png
.png
Calendar/festival.png
.png
Calendar/festival_gray.png
.png
Calendar/jieqi.png
.png
Calendar/lunar.png
.png
Calendar/month.png
.png
Calendar/month_gray.png
.png
Calendar/month_white.png
.png
Calendar/text.png
.png
Calendar/xiu_light.png
.png
MainWnd/BackGround_Default.png
.png
MainWnd/MainWnd.xml
.xml
MainWnd/Window_Mask.png
.png
MainWnd/Window_Shadow.png
.png
MainWnd/btn_check.png
.png
MainWnd/btn_red.png
.png
MainWnd/icon16.png
.png
MainWnd/month.png
.png
MainWnd/selected_Circle.png
.png
MainWnd/selected_red.png
.png
MainWnd/setting_line.png
.png
MainWnd/today_normal.png
.png
MainWnd/today_on.png
.png
Numbers/0.png
.png
Numbers/1.png
.png
Numbers/2.png
.png
Numbers/3.png
.png
Numbers/4.png
.png
Numbers/5.png
.png
Numbers/6.png
.png
Numbers/7.png
.png
Numbers/8.png
.png
Numbers/9.png
.png
Numbers/h0.png
.png
Numbers/h1.png
.png
Numbers/h2.png
.png
Numbers/h3.png
.png
Numbers/h4.png
.png
Numbers/h5.png
.png
Numbers/h6.png
.png
Numbers/h7.png
.png
Numbers/h8.png
.png
Numbers/h9.png
.png
Numbers/line.png
.png
1.3.1.1002/Skin/DefaultSkin.skn
.zip
Common/BkgSelectedHover.png
.png
Common/BkgSelectedNormal.png
.png
Common/BkgSelectedPressed.png
.png
Common/SplitterH.png
.png
Common/SplitterV.png
.png
Common/Tracker.png
.png
Common/apphoverbk.png
.png
Common/blue_btn.png
.png
Common/btn_complete.png
.png
Common/button_state4.png
.png
Common/checkbox.png
.png
Common/checkbox_gray.png
.png
Common/close.png
.png
Common/close2.png
.png
Common/close3.png
.png
Common/close4.png
.png
Common/commonbtn.png
.png
Common/guide1.png
.png
Common/guide2.png
.png
Common/item_bkg.png
.png
Common/left_btn.png
.png
Common/logo.png
.png
Common/min.png
.png
Common/popupwndbg.png
.png
Common/progress_bkg.png
.png
Common/progress_download.png
.png
Common/right_btn.png
.png
Common/scroll.png
.png
Common/scroll_bkg.png
.png
Common/shortcut_10.png
.png
Common/shortcut_16.png
.png
Common/shortcut_21.png
.png
Common/sysbtn_close.png
.png
Common/tab_item.png
.png
Common/textbk_blue.png
.png
Common/textbk_blue2.png
.png
Common/textbk_gray.png
.png
Common/textbk_gray2.png
.png
Common/textbk_green.png
.png
Common/textbk_green2.png
.png
Common/textbk_orange.png
.png
Common/textbk_orange2.png
.png
Common/textbk_purple.png
.png
Common/textbk_purple2.png
.png
Common/textbk_red.png
.png
Common/textbk_red2.png
.png
Common/textbk_yellow.png
.png
Common/textbk_yellow2.png
.png
Common/tooltip.png
.png
Common/tooltip_down.png
.png
Common/top.png
.png
Common/trans_bkg.png
.png
Common/web_bkg.png
.png
FolderView/FolderFrame.xml
FolderView/FolderThemeBkg.png
.png
FolderView/btn_add.png
.png
FolderView/btn_iconmode.png
.png
FolderView/btn_lock.png
.png
FolderView/btn_noiconmode.png
.png
FolderView/btn_unlock.png
.png
FolderView/drop_createfolder.png
.png
FolderView/drop_createfolder_hover.png
.png
FolderView/folder_view_bg_down.png
.png
FolderView/folder_view_bg_normal.png
.png
FolderView/icon-showicon.png
.png
FolderView/icon-showlist.png
.png
Icon/animation_calendar.png
.png
Icon/animation_movie.png
.png
Icon/animation_net.png
.png
Icon/animation_news.png
.png
Icon/animation_note.png
.png
Icon/animation_onekeytrim.png
.png
Icon/animation_shopping.png
.png
Icon/change_textbk.png
.png
Icon/change_textbk_xp.bmp
Icon/color_blue.png
.png
Icon/color_blue_xp.bmp
Icon/color_green.png
.png
Icon/color_green_xp.bmp
Icon/color_grey.png
.png
Icon/color_grey_xp.bmp
Icon/color_orange.png
.png
Icon/color_orange_xp.bmp
Icon/color_purple.png
.png
Icon/color_purple_xp.bmp
Icon/color_red.png
.png
Icon/color_red_xp.bmp
Icon/color_reset.png
.png
Icon/color_reset_xp.bmp
Icon/color_yellow.png
.png
Icon/color_yellow_xp.bmp
Icon/create_folder.png
.png
Icon/create_folder_15_16.bmp
Icon/create_shortcut.png
.png
Icon/create_shortcut_15_16.bmp
Icon/display_size.png
.png
Icon/gadgets.png
.png
Icon/lemon.png
.png
Icon/lemon_12_13_xp.bmp
Icon/new_folder.png
.png
Icon/new_folder_12_13_xp.bmp
Icon/onekey_cleanup.png
.png
Icon/onekey_cleanup_12_13_xp.bmp
Icon/personalization.png
.png
ItemIcon/bigsword.png
.png
ItemIcon/jd.png
.png
ItemIcon/jd32px.png
.png
ItemIcon/kb32.png
.png
ItemIcon/kb376.png
.png
ItemIcon/kb48.png
.png
ItemIcon/safe_nav48.png
.png
ItemIcon/se32px.png
.png
ItemIcon/se48px.png
.png
ItemIcon/shop1.png
.png
ItemIcon/taobao32px.png
.png
ItemIcon/taobao48px.png
.png
ItemIcon/vip48.png
.png
ItemIcon/yy.png
.png
ItemIcon/zhanlong.png
.png
MainFrame/MainFrame.xml
.xml
MainFrame/ToolBar.xml
MainFrame/ToolTip.xml
.xml
MainFrame/UserGuide.xml
.xml
MainFrame/WhatsNew.xml
.xml
MsgBox/INfo_L.png
.png
MsgBox/INfo_s.png
.png
MsgBox/LayerdMessageBox.xml
SettingCenter/PageAdvanced.xml
SettingCenter/PageCalender.xml
SettingCenter/PageCommon.xml
SettingCenter/PageToolbar.xml
SettingCenter/PageUpdate.xml
SettingCenter/SettingCenterWnd.xml
TipWnd/FloatWnd.xml
.xml
TipWnd/TipWnd.xml
.xml
TipWnd/bkg.png
.png
TipWnd/btn_bt.png
.png
TipWnd/btn_clear.png
.png
TipWnd/btn_pic.png
.png
TipWnd/btn_ring.png
.png
TipWnd/btn_wallpaper.png
.png
TipWnd/btn_weixin.png
.png
TipWnd/button.png
.png
TipWnd/close.png
.png
TipWnd/close2.png
.png
TipWnd/device.png
.png
TipWnd/float_bkg.png
.png
WebBrowser/WebWnd.xml
WebBrowser/error.png
.png
WebBrowser/loading_animation.png
.png
WebBrowser/loading_back.png
.png
WebBrowser/web_bkg.png
.png
WebBrowser/webwnd_close.png
.png
WebBrowser/webwnd_logo.png
.png
WebBrowser/webwnd_min.png
.png
1.3.1.1002/Skin/SN_DefaultSkin.skn
.zip
Common/Options.png
.png
Common/bkg_trans.png
.png
Common/blue.png
.png
Common/close.png
.png
Common/edit.png
.png
Common/green.png
.png
Common/item_hover.png
.png
Common/mask.png
.png
Common/popupwndbg.png
.png
Common/radio_off.png
.png
Common/radio_on.png
.png
Common/red.png
.png
Common/scroll.png
.png
Common/scroll_bkg.png
.png
Common/scroll_bkg2.png
.png
Common/scroll_fore2.png
.png
Common/white.png
.png
Common/window_shadow.png
.png
Common/yellow.png
.png
Icon/color_blue.png
.png
Icon/color_blue_xp.bmp
Icon/color_green.png
.png
Icon/color_green_xp.bmp
Icon/color_red.png
.png
Icon/color_red_xp.bmp
Icon/color_white.png
.png
Icon/color_white_xp.bmp
Icon/color_yellow.png
.png
Icon/color_yellow_xp.bmp
NoteBox.xml
NoteWnd.xml
1.3.1.1002/SmartDesktop.exe
.exe windows:5 windows x86 arch:x86

d96dd33b73a9121dc64f9478bc594bd2

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:54:0b:1a:33:02:7f:eb:ad:39:39:50:5d:c4:2b:86:34:e0:62:82
Signer

Actual PE Digest

86:54:0b:1a:33:02:7f:eb:ad:39:39:50:5d:c4:2b:86:34:e0:62:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\SmartDesktop.pdb

Imports

kernel32

GetPrivateProfileStringW
GetExitCodeThread
SetFileAttributesW
OpenEventW
LoadLibraryExW
GetSystemTime
SetFileTime
CreateThread
CreateMutexW
DecodePointer
TerminateProcess
MulDiv
lstrcmpW
GetCommandLineW
GetVolumeInformationW
GetPrivateProfileIntW
VirtualFree
VirtualAlloc
SetThreadPriority
SuspendThread
ResumeThread
GetCurrentThread
GetThreadPriority
GetSystemInfo
VirtualProtectEx
GetThreadContext
FlushInstructionCache
VirtualQuery
OpenThread
GetVersion
GetFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
WritePrivateProfileStringW
GetThreadLocale
SetThreadLocale
lstrlenA
RemoveDirectoryW
MoveFileExW
GetLongPathNameW
CreateSemaphoreW
ReleaseSemaphore
InterlockedExchange
SetUnhandledExceptionFilter
VirtualProtect
ExitProcess
GetFileAttributesExW
SetErrorMode
GetExitCodeProcess
CreateProcessA
DeleteFileW
FormatMessageA
CopyFileW
FindFirstFileExW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
IsValidCodePage
FindNextFileW
GetModuleFileNameA
GetFileType
GetStdHandle
GetModuleHandleExW
ExitThread
GetACP
RtlUnwind
SetEvent
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
UnhandledExceptionFilter
GetLocaleInfoW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
WaitForSingleObjectEx
DuplicateHandle
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
WinExec
WaitForSingleObject
LoadLibraryW
ResetEvent
TerminateThread
InitializeCriticalSection
CreateEventW
WaitForMultipleObjects
ReadDirectoryChangesW
FindClose
FindFirstFileW
GetNativeSystemInfo
GetVersionExW
GetTempPathW
GetCurrentThreadId
OpenFileMappingW
SetFilePointer
MapViewOfFile
SetEndOfFile
UnmapViewOfFile
FlushViewOfFile
GlobalSize
GlobalReAlloc
ReadProcessMemory
WriteProcessMemory
lstrcpyW
lstrcpynW
lstrlenW
GetWindowsDirectoryW
CreateDirectoryW
WriteFile
ReadFile
GetFileSize
GetProcAddress
GetModuleHandleW
DeleteCriticalSection
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
GetLastError
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
CreateFileW
CloseHandle
Sleep
ExpandEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
MoveFileW
IsBadReadPtr
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemDirectoryW
OutputDebugStringW
VirtualFreeEx
GetCurrentProcess
CompareStringW
FreeLibrary
LCMapStringW
GetCurrentProcessId
CreateFileMappingW
GetTimeFormatW
GetDateFormatW
FlushFileBuffers
SetFilePointerEx
lstrcmpiW
SystemTimeToFileTime
GetLocalTime
DeviceIoControl
GetFileAttributesW
GetModuleFileNameW
GetPrivateProfileSectionW
GetTickCount
lstrcmpA
SetLastError
CreateProcessW
VirtualAllocEx
WriteConsoleW
OpenProcess
LockResource
SetStdHandle
SizeofResource
CreatePipe

user32

SetCapture
ClientToScreen
CreateAcceleratorTableW
GetWindow
IsChild
EndPaint
BeginPaint
SetWindowTextW
SetClipboardViewer
ChangeClipboardChain
WindowFromPoint
MsgWaitForMultipleObjects
SetActiveWindow
ReleaseCapture
InvalidateRgn
GetDesktopWindow
DestroyAcceleratorTable
PeekMessageW
GetMessageW
TranslateMessage
DestroyIcon
GetIconInfo
keybd_event
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClipboardFormatW
FindWindowExW
GetWindowRect
GetSystemMetrics
UnregisterClassW
UpdateWindow
InvalidateRect
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
MoveWindow
SystemParametersInfoW
SetRectEmpty
GetDlgItem
SendMessageW
PostQuitMessage
DestroyWindow
ShowWindow
IsWindow
ReleaseDC
GetDC
PtInRect
GetCursorPos
IsRectEmpty
IntersectRect
OffsetRect
BringWindowToTop
CharNextW
CreateIconIndirect
PrivateExtractIconsW
FindWindowW
EqualRect
UpdateLayeredWindow
SetFocus
GetFocus
DrawIconEx
LoadImageW
GetParent
FillRect
GetSysColor
SetTimer
KillTimer
GetMenuDefaultItem
ScreenToClient
IsClipboardFormatAvailable
MonitorFromWindow
InflateRect
SendMessageTimeoutW
GetWindowThreadProcessId
CreatePopupMenu
GetMenuStringW
DestroyMenu
GetMenuItemCount
DeleteMenu
EnableMenuItem
GetSubMenu
GetMenuItemID
CopyRect
WindowFromDC
PostMessageW
SetRect
TrackPopupMenu
AppendMenuW
SetMenuItemBitmaps
RedrawWindow
GetMenuItemInfoW
InsertMenuW
LoadIconW
InsertMenuItemW
CreateMenu
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
DrawTextW
SetForegroundWindow
IsWindowVisible
MonitorFromPoint
GetMonitorInfoW
RegisterWindowMessageW
SetCursor
GetClientRect
GetActiveWindow
GetWindowTextW
GetDoubleClickTime
IsIconic
TrackMouseEvent
SetWindowRgn
EnableWindow
GetForegroundWindow
GetWindowTextLengthW
CheckMenuItem
GetKeyState
MessageBoxW
SetLayeredWindowAttributes
AttachThreadInput
GetCaretBlinkTime
CreateCaret
SetCaretPos
wsprintfW
MessageBoxA
DispatchMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
SetWindowPos
GetClassNameW
MapWindowPoints

gdi32

GetTextColor
CreateFontIndirectW
Rectangle
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
CreateRectRgn
CombineRgn
CreateRoundRectRgn
SetPixel
SetBkMode
StretchBlt
SetStretchBltMode
CreateSolidBrush
SetTextColor
GetClipBox
GetCurrentObject
GetObjectType
CreateFontW
EnumFontFamiliesW
GetPixel
GdiFlush
GetDeviceCaps
BitBlt
CreateDIBSection
SetBitmapBits
GetBitmapBits
ExtTextOutW
SetBkColor
DeleteDC
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
SetTextCharacterExtra
GetViewportOrgEx
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegNotifyChangeKeyValue
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
GetUserNameW
IsTextUnicode
RegOpenKeyExW
SystemFunction036

shell32

SHParseDisplayName
ord165
SHGetFolderPathW
ShellExecuteW
SHFileOperationW
ord88
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord18
ord155
DragQueryFileW
ExtractIconExW
SHGetFileInfoW
SHGetMalloc
ShellExecuteExW
SHGetFolderLocation
SHBindToParent
SHAddToRecentDocs
SHCreateDirectoryExW
SHAppBarMessage

ole32

ReleaseStgMedium
DoDragDrop
StringFromGUID2
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
RegisterDragDrop
RevokeDragDrop
CoLockObjectExternal
CLSIDFromProgID
CoGetClassObject
OleLockRunning
OleDuplicateData
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
StgOpenStorage
OleUninitialize
StgCreateDocfile
OleInitialize
StgIsStorageFile
CLSIDFromString
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoTaskMemFree
OleGetClipboard
CoCreateInstance

oleaut32

SysAllocStringLen
VariantCopy
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
LoadRegTypeLi
SysStringLen
LoadTypeLi
OleCreateFontIndirect
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
DispCallFunc
SysFreeString

shlwapi

StrCmpNA
SHDeleteValueW
PathIsPrefixW
UrlGetPartW
ord176
StrCpyNW
PathRemoveBackslashW
ord2
PathAddBackslashW
SHGetValueW
StrCpyW
PathIsUNCW
PathIsRelativeW
PathCanonicalizeW
StrRetToBufW
PathIsDirectoryW
PathIsRootW
StrChrW
StrCmpIW
StrCmpW
StrStrIW
PathRemoveFileSpecW
PathRemoveExtensionW
PathCombineW
PathFindNextComponentA
PathCanonicalizeA
StrToIntW
PathFileExistsW
PathFindFileNameW
PathAppendW
PathFindExtensionW

imagehlp

ImageDirectoryEntryToData

comctl32

ImageList_Read
ord17
ord410
ord412
ord413
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_Add
ImageList_Write
ImageList_Create
ImageList_Remove
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ImageList_GetIcon

msimg32

AlphaBlend

gdiplus

GdipCreateFromHDC
GdipSetTextRenderingHint
GdipDrawString
GdipCreateFontFamilyFromName
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipDeleteFontFamily
GdipCreateFont
GdipDeleteFont
GdipGetImageEncodersSize
GdipGetImagePixelFormat
GdipDrawImageRectI
GdipCreateBitmapFromFile
GdiplusShutdown
GdiplusStartup
GdipCreateHBITMAPFromBitmap
GdipCloneBrush
GdipDeleteBrush
GdipCreateSolidFill
GdipSaveImageToStream
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCreateBitmapFromStream
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdipAlloc
GdipFree

wininet

InternetCrackUrlW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetSetFilePointer

urlmon

URLDownloadToFileW

crypt32

CryptStringToBinaryA
CryptBinaryToStringW
CryptStringToBinaryW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW

oleacc

AccessibleObjectFromWindow

iphlpapi

GetIpAddrTable
GetAdaptersInfo

psapi

GetModuleFileNameExW

riched20

ord4

netapi32

Netbios

version

VerQueryValueW

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 396KB - Virtual size: 396KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 183KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
1.3.1.1002/SmartNote.exe
.exe windows:5 windows x86 arch:x86

417863e4ebc5229914597ed0b1682896

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:dd:74:52:8f:d6:30:8e:60:3f:56:05:db:d0:ba:3c:8b:c2:27:bb
Signer

Actual PE Digest

0c:dd:74:52:8f:d6:30:8e:60:3f:56:05:db:d0:ba:3c:8b:c2:27:bb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\SmartNote.pdb

Imports

kernel32

FindFirstFileW
IsBadReadPtr
FindNextFileW
FindClose
GetSystemInfo
GetFileSize
SetUnhandledExceptionFilter
VirtualProtect
ExitProcess
SetErrorMode
GetThreadLocale
SetThreadLocale
CreateDirectoryW
SetFileAttributesW
MoveFileExW
GetTickCount
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
WriteConsoleW
FlushFileBuffers
SetStdHandle
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetTimeZoneInformation
GetACP
GetStdHandle
GetModuleHandleExW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
SetEvent
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
GetCPInfo
GetStringTypeW
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
MapViewOfFile
CreateFileMappingW
SetEndOfFile
UnmapViewOfFile
GlobalFree
GlobalAlloc
GetVersionExW
lstrcmpiW
FreeLibrary
GetProcAddress
GetModuleHandleW
CopyFileW
GetLocalTime
WriteFile
OutputDebugStringW
CloseHandle
SetFilePointer
CreateFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
FlushViewOfFile
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
CreateThread
Sleep
TerminateThread
WaitForSingleObject
InitializeCriticalSection
GetFileTime
DeleteFileW
MulDiv
GetVersion
LoadLibraryW
GetConsoleCP
WideCharToMultiByte
ReadFile
SetLastError
IsValidCodePage
DecodePointer
HeapDestroy
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
lstrlenW
GetModuleFileNameW
TerminateProcess
GetCurrentProcessId
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateMutexW
GetCurrentProcess
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
FindFirstFileExW

user32

MapWindowPoints
SetTimer
KillTimer
SetWindowTextW
GetWindowTextLengthW
GetFocus
FillRect
UpdateWindow
wsprintfW
SetWindowPos
EqualRect
RegisterWindowMessageW
GetActiveWindow
UnregisterClassW
CallWindowProcW
DefWindowProcW
GetWindowLongW
SetWindowLongW
GetKeyState
GetCursorPos
IsClipboardFormatAvailable
TrackPopupMenu
AppendMenuW
SetMenuItemBitmaps
InsertMenuW
CreatePopupMenu
DestroyMenu
FindWindowW
SendMessageTimeoutW
GetClientRect
GetParent
GetWindowRect
OffsetRect
GetSysColor
SetCaretPos
MessageBoxW
GetMonitorInfoW
MonitorFromWindow
GetWindow
ShowWindow
SetForegroundWindow
EnableWindow
SendMessageW
DestroyWindow
PostQuitMessage
IsWindowVisible
CharNextW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
RegisterClassExW
GetClassInfoExW
LoadCursorW
CreateWindowExW
GetDlgItem
PtInRect
MoveWindow
GetSystemMetrics
SetFocus
SetRectEmpty
CreateCaret
GetCaretBlinkTime
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
IsRectEmpty
GetIconInfo
IsIconic
InvalidateRect
TrackMouseEvent
SetCapture
ReleaseCapture
SetWindowRgn
GetForegroundWindow
CopyRect
DrawIconEx
ClientToScreen
SetCursor
RegisterClipboardFormatW
PostMessageW
SystemParametersInfoW
BeginPaint
IsWindow
SetActiveWindow
DrawTextW
IntersectRect
GetDoubleClickTime
ScreenToClient
ReleaseDC
UpdateLayeredWindow
GetDC
SetLayeredWindowAttributes
GetWindowTextW
EndPaint

gdi32

Rectangle
CreatePen
RestoreDC
ExtSelectClipRgn
CreateRectRgnIndirect
SaveDC
CreateFontIndirectW
SetTextCharacterExtra
GetCurrentObject
SetTextColor
SetBkMode
GetTextColor
CreateRectRgn
CombineRgn
GetViewportOrgEx
GetStockObject
SetBitmapBits
GetBitmapBits
StretchBlt
SetStretchBltMode
DeleteDC
BitBlt
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
CreateDIBSection
DeleteObject
CreateDCW
GetDeviceCaps
SetBkColor
CreateSolidBrush
CreateRoundRectRgn

comdlg32

ChooseColorW
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

advapi32

CryptAcquireContextW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
CryptGenRandom
CryptReleaseContext
RegQueryValueExW
SystemFunction036

shell32

SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW
ord165

ole32

RegisterDragDrop
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CreateStreamOnHGlobal
OleInitialize
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
VarBstrCmp
SysAllocStringLen
SysAllocString
SysFreeString

shlwapi

PathRemoveFileSpecW
PathCombineW
PathFindFileNameW
PathFileExistsW
PathIsDirectoryW
PathAppendW

comctl32

ord17
InitCommonControlsEx

msimg32

AlphaBlend

gdiplus

GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipDeleteBrush
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateSolidFill
GdipSetTextRenderingHint
GdipDrawString
GdipDeleteGraphics
GdipCloneBrush
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipCreateFromHDC

riched20

ord4

psapi

GetModuleFileNameExW

version

VerQueryValueW

Sections

.text
Size: 618KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 138KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellExtHelper.dll
.dll regsvr32 windows:5 windows x86 arch:x86

01b8902ca8b4ce36dbb021eb8ca67764

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cb:3e:9b:a0:91:ab:fd:37:73:fd:39:de:97:72:39:b0:8a:94:d6:a5
Signer

Actual PE Digest

cb:3e:9b:a0:91:ab:fd:37:73:fd:39:de:97:72:39:b0:8a:94:d6:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\ShellExtHelper.pdb

Imports

kernel32

SetThreadPriority
InitializeCriticalSection
SuspendThread
ResumeThread
Sleep
GetCurrentThread
GetThreadPriority
GetSystemInfo
VirtualProtectEx
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
VirtualQuery
OpenThread
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
GetFileSize
ReadFile
MapViewOfFile
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetLongPathNameW
lstrlenW
GetFileAttributesExW
lstrlenA
TerminateProcess
VirtualAlloc
GetNativeSystemInfo
ResetEvent
PostQueuedCompletionStatus
GetExitCodeThread
CreateIoCompletionPort
InterlockedExchange
GetQueuedCompletionStatus
SetErrorMode
GetThreadLocale
SetStdHandle
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
LoadLibraryExA
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
GetCurrentProcess
SetThreadLocale
VirtualFree
EncodePointer
WideCharToMultiByte
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
FlushViewOfFile
GetTickCount
SetEndOfFile
WriteProcessMemory
ReadProcessMemory
OpenProcess
VirtualAllocEx
GlobalSize
GlobalReAlloc
lstrcmpA
MultiByteToWideChar
GetCommandLineW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
TerminateThread
GetProcAddress
FreeLibrary
InterlockedDecrement
InterlockedIncrement
DecodePointer
GetVersionExW
LoadLibraryW
CreateEventW
WaitForSingleObject
SetEvent
SetLastError
GetCurrentThreadId
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
LockResource
FindResourceExW
FindResourceW
OutputDebugStringW
GetModuleFileNameW
GetLocalTime
CloseHandle
SetFilePointer
WriteFile
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ExpandEnvironmentStringsW

user32

InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
BringWindowToTop
IsIconic
IsWindowVisible
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RedrawWindow
GetClientRect
GetWindowRect
GetCursorPos
ClientToScreen
ScreenToClient
GetWindowLongW
SetWindowLongW
GetParent
FindWindowW
SystemParametersInfoW
SendMessageTimeoutW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
FindWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharNextW
PostQuitMessage
IsWindow
ShowWindow
DestroyWindow
LoadImageW
SetMenuItemBitmaps
GetMenuItemInfoW
SetWindowPos
MessageBoxW
MapWindowPoints
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetMenuItemCount
InsertMenuW

gdi32

GetCurrentObject
GetDeviceCaps
GetPixel
SelectObject
SetTextColor
GetObjectW
DeleteObject
CreateDIBSection
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
SetWindowOrgEx
BitBlt
DeleteDC
SetBkMode

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SystemFunction036

shell32

ord165
SHGetFolderPathW
SHAppBarMessage
ord155
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

StringFromGUID2
ReleaseStgMedium
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString

shlwapi

UrlGetPartW
StrCmpNA
PathIsPrefixW
PathRemoveBackslashW
PathCanonicalizeW
PathFindExtensionW
PathIsDirectoryW
PathFindNextComponentA
PathCanonicalizeA
SHGetValueW
PathRemoveFileSpecW
PathFileExistsW
PathCombineW
PathAppendW
PathFindFileNameW

gdiplus

GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDrawImageRectI

wininet

InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
HttpQueryInfoW
InternetReadFile
InternetSetOptionW

dbghelp

ImageDirectoryEntryToData

crypt32

CryptBinaryToStringW
CryptBinaryToStringA
CryptStringToBinaryW

netapi32

Netbios

version

VerQueryValueW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

psapi

GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
HookClockTray
RunMessageService
UnHookClockTray

Sections

.text
Size: 495KB - Virtual size: 495KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 156KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ShellExtHelper64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

6235e0be62bd6e8818809534d5dcdab2

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:26:ad:b8:9d:96:27:72:0b:97:e7:c9:57:84:1a:bf:42:bc:7f:72
Signer

Actual PE Digest

34:26:ad:b8:9d:96:27:72:0b:97:e7:c9:57:84:1a:bf:42:bc:7f:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\ShellExtHelper64.pdb

Imports

kernel32

SuspendThread
ResumeThread
Sleep
GetCurrentThread
GetThreadPriority
GetSystemInfo
VirtualProtectEx
GetThreadContext
GetCurrentProcessId
FlushInstructionCache
VirtualQuery
OpenThread
DeleteFileW
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeviceIoControl
GetFileSize
ReadFile
MapViewOfFile
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetLongPathNameW
lstrlenW
GetFileAttributesExW
lstrlenA
TerminateProcess
ExpandEnvironmentStringsW
GetNativeSystemInfo
ResetEvent
InitializeCriticalSection
GetExitCodeThread
CreateIoCompletionPort
GetQueuedCompletionStatus
SetErrorMode
VirtualFree
SetStdHandle
GetCommandLineA
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
ExitProcess
WriteConsoleW
GetFileType
GetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
GetStringTypeW
LoadLibraryExA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
IsDebuggerPresent
SetThreadPriority
GetCurrentProcess
VirtualAlloc
SetThreadLocale
GetThreadLocale
EncodePointer
WideCharToMultiByte
MapViewOfFileEx
CreateFileMappingW
UnmapViewOfFile
FlushViewOfFile
GetTickCount
SetEndOfFile
WriteProcessMemory
ReadProcessMemory
OpenProcess
VirtualAllocEx
GlobalSize
GlobalReAlloc
lstrcmpA
MultiByteToWideChar
GetCommandLineW
GetModuleHandleW
LoadLibraryExW
lstrcmpiW
TerminateThread
GetProcAddress
FreeLibrary
DecodePointer
GetVersionExW
LoadLibraryW
CreateEventW
WaitForSingleObject
SetEvent
SetLastError
GetCurrentThreadId
CreateFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
FindResourceExW
LockResource
FindResourceW
OutputDebugStringW
GetModuleFileNameW
GetLocalTime
CloseHandle
SetFilePointer
WriteFile
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
PostQueuedCompletionStatus

user32

InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
UpdateWindow
DrawTextW
TrackPopupMenu
AppendMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
BringWindowToTop
IsIconic
IsWindowVisible
UnregisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
SendMessageW
RedrawWindow
GetClientRect
GetWindowRect
GetCursorPos
ClientToScreen
ScreenToClient
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
FindWindowW
SystemParametersInfoW
SendMessageTimeoutW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
GetWindowThreadProcessId
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
FindWindowExW
GetMessageW
TranslateMessage
DispatchMessageW
PostThreadMessageW
CharNextW
PostQuitMessage
IsWindow
ShowWindow
DestroyWindow
GetMenuItemInfoW
SetWindowPos
MessageBoxW
MapWindowPoints
GetWindowLongW
GetWindow
MonitorFromWindow
GetMonitorInfoW
GetMenuItemCount
InsertMenuW
SetMenuItemBitmaps
LoadImageW

gdi32

DeleteObject
GetDeviceCaps
GetPixel
SelectObject
SetBkMode
SetTextColor
DeleteDC
CreateDIBSection
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
BitBlt
GetCurrentObject
SetWindowOrgEx

advapi32

RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
SystemFunction036

shell32

SHAppBarMessage
ord155
SHGetDesktopFolder
DragQueryFileW
SHGetSpecialFolderPathW
ord165
SHGetFolderPathW
ShellExecuteW

ole32

StringFromGUID2
ReleaseStgMedium
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CreateStreamOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
VarUI4FromStr
SysStringLen
LoadRegTypeLi
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString

shlwapi

StrCmpNA
PathRemoveBackslashW
PathCanonicalizeW
PathFindExtensionW
PathIsDirectoryW
PathFindNextComponentA
PathCanonicalizeA
PathRemoveFileSpecW
PathFindFileNameW
UrlGetPartW
PathIsPrefixW
PathFileExistsW
PathCombineW
PathAppendW
SHGetValueW

gdiplus

GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

wininet

InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
HttpQueryInfoW
InternetSetOptionW

dbghelp

ImageDirectoryEntryToData

crypt32

CryptBinaryToStringW
CryptBinaryToStringA
CryptStringToBinaryW

netapi32

Netbios

version

VerQueryValueW

iphlpapi

GetAdaptersInfo
GetIpAddrTable

psapi

GetModuleFileNameExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
HookClockTray
RunMessageService
UnHookClockTray

Sections

.text
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 179KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
iLemon.exe
.exe windows:5 windows x86 arch:x86

7a34c2ae064cdbf9a6c40829cfe149f2

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/04/2015, 00:00

Not After

27/05/2016, 23:59

Subject

CN=Newstart Software Technology Co. Ltd,OU=Technical department,O=Newstart Software Technology Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:83:16:c7:d6:97:78:9f:80:76:0e:cf:18:5d:33:c9:2b:c1:ed:a1
Signer

Actual PE Digest

fa:83:16:c7:d6:97:78:9f:80:76:0e:cf:18:5d:33:c9:2b:c1:ed:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\My Works\VC CHENXI\LemonDesktop\SmartDesktop\Output\Bin\Release\iLemon.pdb

Imports

kernel32

SetLastError
GetVersionExW
GetSystemInfo
WideCharToMultiByte
MultiByteToWideChar
RemoveDirectoryW
MoveFileExW
SetFileAttributesW
GetFileAttributesW
GetLongPathNameW
GetModuleFileNameW
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
DecodePointer
RaiseException
GetLastError
GetCurrentProcess
OpenProcess
SetEvent
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
Process32FirstW
FindFirstFileExW
GetCommandLineW
GetCommandLineA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
TerminateProcess
GetCurrentThreadId
Process32NextW
ResetEvent
CreateEventW
InitializeCriticalSectionAndSpinCount
CreateFileW
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindClose
FindNextFileW
DeleteFileW
FindFirstFileW
Sleep
GetCurrentProcessId
GetTickCount
GetFileType
GetACP
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
RtlUnwind
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
IsProcessorFeaturePresent
InitializeSListHead
OutputDebugStringW
IsDebuggerPresent
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LCMapStringW
GetCPInfo
EncodePointer
GetStringTypeW
CreateToolhelp32Snapshot
GetModuleHandleW
GetProcAddress
DeleteCriticalSection

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SystemFunction036

shell32

ShellExecuteW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit

shlwapi

PathIsPrefixW
PathRemoveBackslashW
PathCombineW
PathRemoveFileSpecW
PathIsRootW
SHGetValueW
PathAppendW
ord176
PathIsDirectoryW
PathFindFileNameW
PathFileExistsW
PathCanonicalizeW

psapi

GetModuleFileNameExW

Sections

.text
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 133KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
iLemon/下载银行-提供免费绿色软件下载.url
.url
iLemon/下载银行.txt

Sharing

General

Malware Config

Signatures

Files

00c5fd00087020a0645079ce30f4148b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: - Virtual size: 672B

.rsrc Size: 39KB - Virtual size: 38KB

.reloc Size: 512B - Virtual size: 494B

59a4a44a250c4cf4f2d9de2b3fe5d95f

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49Certificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

33:bd:b7:ed:dd:05:9a:29:b3:8e:dc:a0:8a:61:8a:b8:cc:e7:71:fdSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 96KB

.rsrc Size: 29KB - Virtual size: 28KB

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 672B

.rsrc
Size: 39KB - Virtual size: 38KB

.reloc
Size: 512B - Virtual size: 494B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

33:bd:b7:ed:dd:05:9a:29:b3:8e:dc:a0:8a:61:8a:b8:cc:e7:71:fd
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 96KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 586B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 616B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 880B

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

39:48:ed:41:55:38:14:c0:3c:99:37:bb:2a:52:49
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

b4:bd:18:05:fa:6a:9a:73:5f:76:ee:54:77:44:24:c2:52:cd:99:86
Signer