06f2bb39f8e651901c048722bdbef2a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06f2bb39f8e651901c048722bdbef2a7_JaffaCakes118
Size

2.7MB
MD5

06f2bb39f8e651901c048722bdbef2a7
SHA1

f197ac0798f037e80cc527de21f60f33bb903738
SHA256

db3d46fe6c616b4e5368d4bc8284a63df842f8c10fca2411ff01d38ddfe11fd8
SHA512

2076a1cb8c2ccb8922ce17ea745d94150a21fd22316340983ff0eb975bcf472d69a18c140c5e8b3bc27eda3e0f50993e709f8dc4a7f014aadde3ab93df78af6f
SSDEEP

49152:k9bKzVR8Z65UMzxM8T7X8wXaLHJ5dNclsCKX1WW6JfNsruCiFe5EazKU2FgIwbR1:CbKJR8I51xX7XXqjdq+X1vmfDYERU20z

Score

3^/10

Malware Config

Signatures

Unsigned PE 17 IoCs

Checks for missing Authenticode signature.

resource
06f2bb39f8e651901c048722bdbef2a7_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/pncrt.dll
unpack002/$PLUGINSDIR/System.dll
unpack001/Codecs/RealMediaSplitter.ax
unpack001/Codecs/asfsplliter.ax
unpack001/Codecs/atrc.dll
unpack001/Codecs/cook.dll
unpack001/Codecs/drvc.dll
unpack001/Codecs/raac.dll
unpack001/Lang/en_US.dll
unpack001/Lang/zh_TW.dll
unpack001/QvodUninst.exe
unpack003/$PLUGINSDIR/System.dll
unpack001/ShareModule.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/115br_tom365.exe	nsis_installer_1
static1/unpack001/115br_tom365.exe	nsis_installer_2
static1/unpack001/QvodUninst.exe	nsis_installer_1
static1/unpack001/QvodUninst.exe	nsis_installer_2

Files

06f2bb39f8e651901c048722bdbef2a7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QvodInit.exe
.exe windows:4 windows x86 arch:x86

b15aa047ced3a842c3d63e77ae9cde2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20
Signer

Actual PE Digest

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetTickCount
GetFileAttributesA
Process32First
GetTempFileNameA
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
DeleteFileA
MoveFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy

user32

FindWindowA
PostMessageA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/qvod1.ini
$SYSDIR/pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
115br_tom365.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2011, 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=WoSign Class 3 Code Signing,O=广东雨林木风计算机科技有限公司,L=东莞市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ff:3e:a7:8d:4c:1a:d7:44:ca:fb:27:ff:42:6d:8f:93:02:8c:d2:b8
Signer

Actual PE Digest

ff:3e:a7:8d:4c:1a:d7:44:ca:fb:27:ff:42:6d:8f:93:02:8c:d2:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
115br.exe
.exe windows:4 windows x86 arch:x86

9ffbb4752eb2921890ce0f7a07a73735

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24/07/2009, 00:00

Not After

24/07/2011, 23:59

Subject

CN=广东雨林木风计算机科技有限公司,OU=WoSign Class 3 Code Signing,O=广东雨林木风计算机科技有限公司,L=东莞市,ST=广东省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b3:07:18:cf:49:aa:84:98:43:65:ae:46:80:df:52:6d:21:da:f6:47
Signer

Actual PE Digest

b3:07:18:cf:49:aa:84:98:43:65:ae:46:80:df:52:6d:21:da:f6:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntW
GetPrivateProfileStringA
OutputDebugStringA
LocalFree
FormatMessageW
CompareStringW
GetSystemTime
MulDiv
FreeLibrary
GetLocalTime
GetTickCount
DeviceIoControl
CreateFileA
FreeResource
ResetEvent
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenEventW
CreateMutexW
IsBadReadPtr
ExpandEnvironmentStringsW
TerminateThread
SystemTimeToFileTime
SetLastError
SetProcessWorkingSetSize
GetProcessWorkingSetSize
GetCurrentProcessId
IsBadWritePtr
ExitProcess
GetModuleFileNameA
Process32FirstW
Process32NextW
GetSystemDefaultLCID
GlobalHandle
TlsFree
TlsAlloc
HeapDestroy
lstrcpynA
WinExec
InterlockedExchange
LocalAlloc
GetStartupInfoW
GetLastError
HeapAlloc
GetFileSize
FindFirstFileW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
FindNextFileW
FindClose
GetWindowsDirectoryW
GetProcessHeap
HeapFree
GetTempPathW
DeleteFileW
CreateDirectoryW
lstrcatW
CreateFileW
SetFilePointer
WriteFile
DeleteCriticalSection
InitializeCriticalSection
lstrcpynW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetPrivateProfileStringW
SetEvent
CreateEventW
ResumeThread
SetThreadPriority
WaitForSingleObject
CopyFileW
CloseHandle
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleFileNameW
lstrcpyW
WritePrivateProfileStringW
Sleep
VirtualProtect
VirtualQuery
lstrcmpiA
WriteProcessMemory
CreateToolhelp32Snapshot
Module32FirstW
Module32NextW
GetProcAddress
LoadLibraryExW
LoadLibraryExA
lstrcmpW
LoadLibraryW
LoadLibraryA
GetModuleHandleA
OutputDebugStringW
DebugBreak
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
lstrcmpiW
TlsSetValue
TlsGetValue
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
ReadFile
RaiseException

user32

SetFocus
ShowWindow
IsWindow
LoadStringW
GetWindowTextW
UnhookWindowsHookEx
DefWindowProcW
SetTimer
DrawIconEx
BeginPaint
GetClipboardData
EndPaint
InvalidateRect
SendMessageW
GetParent
DestroyMenu
TrackPopupMenu
GetCursorPos
IsWindowVisible
GetKeyState
KillTimer
GetSubMenu
LoadMenuW
GetMonitorInfoW
LoadIconW
MonitorFromPoint
CallWindowProcW
DestroyWindow
SetMenuItemInfoW
EndDialog
SetWindowPos
GetMenuItemInfoW
SetMenuDefaultItem
LoadStringA
DialogBoxIndirectParamW
MessageBoxA
DrawFrameControl
DrawEdge
GetDlgItem
GetSysColorBrush
CheckMenuItem
IsIconic
OpenClipboard
SetLayeredWindowAttributes
GetDesktopWindow
CopyRect
GetWindowTextLengthW
SetWindowTextW
ClientToScreen
wvsprintfW
CharNextW
CharLowerW
DestroyIcon
SetForegroundWindow
BringWindowToTop
GetWindowThreadProcessId
RedrawWindow
SendMessageTimeoutW
GetWindowDC
UpdateLayeredWindow
FillRect
SetWindowsHookExW
PostThreadMessageW
CallNextHookEx
CharUpperW
GetClassNameW
PostMessageW
RegisterWindowMessageW
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
EmptyClipboard
SetClipboardData
CloseClipboard
SetDlgItemTextW
GetFocus
MessageBoxW
GetDlgItemTextW
MoveWindow
LoadImageW
ScreenToClient
DialogBoxParamW
RegisterClassExW
wsprintfW
LoadCursorW
GetClassInfoExW
SetWindowLongW
GetMessagePos
CreateWindowExW
GetMessageExtraInfo
GetPropW
SetPropW
RemovePropW
IsMenu
GetMenuItemID
InsertMenuW
SetMenuInfo
TrackPopupMenuEx
GetMenuStringW
RegisterClipboardFormatW
CreateDialogParamW
RemoveMenu
PeekMessageW
GetSystemMenu
UnregisterHotKey
RegisterHotKey
CopyIcon
GetClassLongW
SetClassLongW
MonitorFromWindow
SetWindowRgn
GetSystemMetrics
LockWindowUpdate
DeleteMenu
DrawStateW
mouse_event
CreatePopupMenu
AppendMenuW
GetMenuItemCount
ModifyMenuW
SetScrollInfo
FrameRect
InflateRect
IsWindowEnabled
DrawFocusRect
DrawTextW
GetDlgCtrlID
MessageBeep
GetCapture
UpdateWindow
IsDlgButtonChecked
EqualRect
FindWindowW
EnableWindow
InvalidateRgn
CreateAcceleratorTableW
GetSysColor
SetRect
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowExW
EnumChildWindows
GetForegroundWindow
WindowFromPoint
IsChild
EnableMenuItem
GetActiveWindow
PostQuitMessage
ReleaseDC
SetCursor
ReleaseCapture
SetCapture
GetDC
PtInRect
OffsetRect
SetRectEmpty
IsRectEmpty

gdi32

PatBlt
CreateBitmap
SetBrushOrgEx
EnumFontsW
SelectPalette
RealizePalette
SetStretchBltMode
StretchBlt
CreateDCW
CreateRoundRectRgn
CombineRgn
GetTextExtentPoint32W
CreatePen
MoveToEx
LineTo
CreateFontIndirectW
SetBkColor
ExtTextOutW
GetObjectW
CreateSolidBrush
GetDeviceCaps
CreateDIBSection
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetTextColor
SetBkMode
GetStockObject
CreatePatternBrush
CreateFontW
DPtoLP
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenProcessToken
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
GetLengthSid
CopySid
GetUserNameW
RegCloseKey
RegGetKeySecurity
RegOpenKeyExW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
InitializeAcl
RegSetValueExW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyW
RegQueryValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegEnumKeyW
AllocateAndInitializeSid
GetSidIdentifierAuthority

shell32

SHGetPathFromIDListW
SHFileOperationW
Shell_NotifyIconW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHGetFileInfoW
DragQueryFileW
SHCreateDirectoryExW
SHGetFolderLocation
SHBrowseForFolderW
ord155
SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleLockRunning
CoUninitialize
CoInitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoMarshalInterThreadInterfaceInStream
DoDragDrop
CoGetObject
OleInitialize
OleUninitialize
StringFromGUID2
CoGetMalloc
ReleaseStgMedium
CoGetInterfaceAndReleaseStream
CreateStreamOnHGlobal
StringFromCLSID
CoTaskMemFree
CoCreateInstance
OleRun

oleaut32

SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantInit
VariantCopy
LoadRegTypeLi
OleCreateFontIndirect
DispCallFunc
SetErrorInfo
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
SysAllocStringLen
SysAllocString
SysStringLen
VariantClear
SysFreeString
GetErrorInfo
CreateErrorInfo

comctl32

ImageList_Create
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_ReplaceIcon
CreateStatusWindowW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_AddMasked

urlmon

UrlMkSetSessionOption
CoInternetGetSession

shlwapi

PathRemoveArgsW
PathUnquoteSpacesW
PathIsDirectoryW
PathRemoveFileSpecW
StrRetToStrW
SHDeleteKeyW
SHSetValueW
SHDeleteValueW
PathFindFileNameW
PathFileExistsW
PathFindFileNameA
SHGetValueW
PathMatchSpecW
PathFindExtensionW

gdiplus

GdipSetSmoothingMode
GdipDrawLinesI
GdipSetSolidFillColor
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipImageSelectActiveFrame
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipLoadImageFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipCreatePen1
GdipSetPageUnit
GdipDrawLineI
GdipDeletePen
GdipGetImageGraphicsContext
GdipGetImagePixelFormat
GdipCreateBitmapFromScan0
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipCreateSolidFill
GdipCloneBrush
GdipCreateStringFormat
GdipSetStringFormatFlags
GdipSetStringFormatAlign
GdipSetPenStartCap
GdipSetStringFormatTrimming
GdipSetStringFormatHotkeyPrefix
GdipDrawString
GdipDeleteBrush
GdipDeleteStringFormat
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCloneImage
GdipAlloc
GdipGetGenericFontFamilySansSerif
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipMeasureString
GdipFree
GdipGetDC
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipDisposeImage
GdipSetTextRenderingHint
GdipCreateFromHDC
GdipDeleteFont
GdipGetImageHeight
GdipGetImageWidth
GdipCreateHBITMAPFromBitmap
GdipCreateFromHDC2
GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDeleteGraphics
GdipSetPenMode
GdipGetImageEncoders
GdipSaveImageToFile
GdipGetImageEncodersSize
GdipGraphicsClear
GdiplusShutdown
GdipImageRotateFlip
GdiplusStartup
GdipSetStringFormatLineAlign

netapi32

Netbios

msvcrt

wcscmp
wcsstr
memcpy
??2@YAPAXI@Z
free
realloc
memset
wcspbrk
memmove
wcslen
iswdigit
_wtoi
wcschr
wcsncmp
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
swprintf
_wtol
_itow
_CxxThrowException
memcmp
wcsncpy
_purecall
wcscat
_wcsicmp
_snwprintf
_ftol
_vsnprintf
strlen
_strtime
strcat
_strdate
_wcsrev
malloc
fopen
fclose
fwrite
ftell
fseek
abs
fputs
_snprintf
wcsrchr
wcsncat
iswspace
sprintf
strncpy
strcpy
qsort
fgets
wcscpy
wcstol
fread
_wfopen
_strlwr
strncat
sqrt
isspace
isalnum
time
_wcsicoll
_beginthread
_wcsupr
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__CxxFrameHandler

imagehlp

ImageDirectoryEntryToData

setupapi

SetupIterateCabinetW

dsound

ord1

winmm

waveOutWrite

rpcrt4

UuidCreateSequential

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessMemoryInfo

Sections

.text
Size: 668KB - Virtual size: 665KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IcoCache/114la.com_favicon.ico
IcoCache/115.com_favicon.ico
IcoCache/search8.taobao.com_favicon.ico
IcoCache/www.baidu.com_favicon.ico
IcoCache/www.google.com.hk_favicon.ico
Recent.ini
ThumbnailCache/u.115.com.jpeg
.jpg
ThumbnailCache/www.114la.com.jpeg
.jpg
ThumbnailCache/www.915.com.jpeg
.jpg
ThumbnailCache/www.tom365.com.jpeg
.jpg
ThumbnailCache/www.xiazaiba.com.jpeg
.jpg
cfg.ini
html/404error.html
.html .js polyglot
html/config.html
.js
html/error.html
.html .js polyglot
html/last.html
.html .js polyglot
html/start.html
.html .js polyglot
html/static/css/config.css
html/static/css/last.css
html/static/css/reset.css
html/static/css/start.css
html/static/images/115.gif
.gif
html/static/images/194x136.jpg
.jpg
html/static/images/baidu.gif
.gif
html/static/images/c_btn.png
.png
html/static/images/c_left.png
.png
html/static/images/c_left_bg.png
.png
html/static/images/c_line.png
.png
html/static/images/c_plug.png
.png
html/static/images/c_top.png
.png
html/static/images/google.gif
.gif
html/static/images/mouse/MouseGesture_0.png
.png
html/static/images/mouse/MouseGesture_1.png
.png
html/static/images/mouse/MouseGesture_10.png
.png
html/static/images/mouse/MouseGesture_11.png
.png
html/static/images/mouse/MouseGesture_12.png
.png
html/static/images/mouse/MouseGesture_13.png
.png
html/static/images/mouse/MouseGesture_14.png
.png
html/static/images/mouse/MouseGesture_15.png
.png
html/static/images/mouse/MouseGesture_16.png
.png
html/static/images/mouse/MouseGesture_17.png
.png
html/static/images/mouse/MouseGesture_18.png
.png
html/static/images/mouse/MouseGesture_19.png
.png
html/static/images/mouse/MouseGesture_2.png
.png
html/static/images/mouse/MouseGesture_3.png
.png
html/static/images/mouse/MouseGesture_4.png
.png
html/static/images/mouse/MouseGesture_5.png
.png
html/static/images/mouse/MouseGesture_6.png
.png
html/static/images/mouse/MouseGesture_7.png
.png
html/static/images/mouse/MouseGesture_8.png
.png
html/static/images/mouse/MouseGesture_9.png
.png
html/static/images/mp3.gif
.gif
html/static/images/pic.gif
.gif
html/static/images/s_add.png
.png
html/static/images/s_bg.png
.png
html/static/images/s_btn.png
.png
html/static/images/s_con.png
.png
html/static/images/s_form.png
.png
html/static/images/s_ico.png
.png
html/static/images/s_ico_bg.png
.png
html/static/images/s_last.png
.png
html/static/images/s_load.gif
.gif
html/static/images/s_test_204_127.png
.png
html/static/images/s_top.png
.png
html/static/images/taobao.gif
.gif
html/static/images/video.gif
.gif
html/static/images/zhidao.gif
.gif
html/static/js/suggest.js
.js
setting.ini
skin/default/add.png
.png
skin/default/addr_go.png
.png
skin/default/addr_goframe.png
.png
skin/default/addr_history.png
.png
skin/default/addr_hover_left.png
.png
skin/default/addr_hover_right.png
.png
skin/default/addr_left.png
.png
skin/default/addr_right.png
.png
skin/default/addr_safe.png
.png
skin/default/addr_stop.png
.png
skin/default/ani_download.gif
.gif
skin/default/ani_webfav.gif
.gif
skin/default/arrow_down.png
.png
skin/default/arrow_up.png
.png
skin/default/bg.png
.png
skin/default/bitmap_fav.bmp
skin/default/bitmap_nodes.bmp
skin/default/bitmap_page.bmp
skin/default/bottom_left.PNG
.png
skin/default/bottom_right.PNG
.png
skin/default/button_bg.png
.png
skin/default/button_close.png
.png
skin/default/button_maxi.png
.png
skin/default/button_menu_bg.png
.png
skin/default/button_mini.png
.png
skin/default/button_restore.png
.png
skin/default/change_skin.png
.png
skin/default/chevron.png
.png
skin/default/close-tab.png
.png
skin/default/date.png
.png
skin/default/del.png
.png
skin/default/download_close.png
.png
skin/default/edit.png
.png
skin/default/edit_left.png
.png
skin/default/edit_right.png
.png
skin/default/filtrate.png
.png
skin/default/frame_left.png
.png
skin/default/frame_right.PNG
.png
skin/default/loading.png
.png
skin/default/move_tab.png
.png
skin/default/no_trace.png
.png
skin/default/page.png
.png
skin/default/pluginbar_bg.png
.png
skin/default/progress_bg.png
.png
skin/default/progress_fw.png
.png
skin/default/scrollbar_bg.png
.png
skin/default/scrollbar_thumb.png
.png
skin/default/search.png
.png
skin/default/search_botton.png
.png
skin/default/search_choose.png
.png
skin/default/side_band_top_bg.png
.png
skin/default/side_favorite.png
.png
skin/default/side_grip.png
.png
skin/default/side_history.png
.png
skin/default/side_leftband.png
.png
skin/default/side_top_bg.png
.png
skin/default/side_top_close.png
.png
skin/default/side_top_fixed.png
.png
skin/default/side_top_moved.png
.png
skin/default/site.png
.png
skin/default/skin.ini
skin/default/status_bg.png
.png
skin/default/status_curpage.png
.png
skin/default/status_download.png
.png
skin/default/status_loading.png
.png
skin/default/status_netuser.png
.png
skin/default/status_newpage.png
.png
skin/default/status_nonetuser.png
.png
skin/default/status_nosound.png
.png
skin/default/status_ok.png
.png
skin/default/status_sound.png
.png
skin/default/tab_add.png
.png
skin/default/tab_all.png
.png
skin/default/tab_background.png
.png
skin/default/tab_item.png
.png
skin/default/tab_left.png
.png
skin/default/tab_right.png
.png
skin/default/tab_sidebarbutton.png
.png
skin/default/tool_back.PNG
.png
skin/default/tool_browsermode.png
.png
skin/default/tool_forward.PNG
.png
skin/default/tool_home.PNG
.png
skin/default/tool_refresh.png
.png
skin/default/tool_restore.png
.png
skin/default/tool_showmenu.png
.png
skin/default/webzoom.png
.png
skin/default/¸ßÁÁ.png
.png
skin/default/»»·ô.png
.png
skin/default/ÉÏ.png
.png
skin/default/ÏÂ.png
.png
uninst.exe.nsis
AddIn/VisLrc.dll
.dll windows:4 windows x86 arch:x86

405f85e6c10ba505edbac8ea83c4ca8c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

82:8d:a3:bb:cc:60:a2:4e:27:69:84:46:83:19:5d:c9:43:8e:c5:b2
Signer

Actual PE Digest

82:8d:a3:bb:cc:60:a2:4e:27:69:84:46:83:19:5d:c9:43:8e:c5:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
OutputDebugStringW
GetLastError
MulDiv
FindClose
FindFirstFileW
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileA
GetCPInfo
LCMapStringW
LCMapStringA
CreateFileW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
MultiByteToWideChar
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
WriteFile
ExitProcess
SetFilePointer
ReadFile
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
lstrlenA
InterlockedDecrement
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcmpW
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleA
GetProcAddress
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapAlloc
HeapFree
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetPrivateProfileIntW
HeapCreate
SetEnvironmentVariableA

user32

SetWindowPos
CreateWindowExW
GetClientRect
SetRectEmpty
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindow
SetWindowLongW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawTextW
PostMessageW
CharLowerW
LoadStringW
CharNextW
wvsprintfW
InvalidateRgn
InvalidateRect
SetCapture
SetWindowTextW
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetParent
GetClassNameW
ReleaseCapture
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
BeginPaint
FillRect
EndPaint
CallWindowProcW
GetDlgItem
SendMessageW
GetSysColor
IsWindow
DestroyWindow
wsprintfW
LoadImageW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW

gdi32

SetBkMode
SetTextColor
GetMapMode
SetMapMode
GetWindowExtEx
GetViewportExtEx
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetTextExtentPoint32W

ole32

CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning

oleaut32

SysStringLen
OleCreateFontIndirect
OleLoadPicture
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
LoadRegTypeLi

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

VisCurTime_
VisDraw_
VisFileName_
VisFree_
VisGetProperty_
VisInit_
VisSetFormat_
VisSetProperty_
VisTotalTime_

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/ColorFilter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

d6358db2b2f2325d29c23c3433a0656f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:35:f8:c6:6b:8f:ff:73:21:78:55:34:38:c4:3d:7f:45:58:10:6f
Signer

Actual PE Digest

59:35:f8:c6:6b:8f:ff:73:21:78:55:34:38:c4:3d:7f:45:58:10:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
??3@YAXPAX@Z
free
__CxxFrameHandler
wcslen
sscanf
strncmp
strncpy
_filelength
_read
_purecall
_open
_close
_CIpow
atoi
sprintf
strstr
fflush
fwrite
fclose
fopen
fseek
_ftol
??2@YAPAXI@Z
_onexit

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleHandleA
CreateThread
InterlockedExchange
SetErrorMode
lstrcmpiA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetACP
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
SystemTimeToTzSpecificLocalTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
GetTickCount

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

user32

ShowWindow
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
InvalidateRect
SetWindowLongA
GetWindowLongA
wsprintfA
DrawTextA
SetDlgItemInt
CheckRadioButton
GetParent
CreateWindowExA
GetDlgItem
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
MoveWindow
GetDesktopWindow
CreateDialogParamA

gdi32

ExtTextOutA
SelectObject
GetTextExtentPoint32A
SetBkColor
SetTextColor
CreateDIBitmap
GetDIBits
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
DeleteDC

comctl32

ord16
ord17

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/RealMediaSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

092c362fafa1e9277558c0e5612fdfba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\vcexample\guliverkli\guliverkli\trunk\guliverkli\src\filters\parser\realmediasplitter\Release\RealMediaSplitter.pdb

Imports

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcatA
SetErrorMode
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
DeleteFileA
Sleep
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
CreateThread
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
RaiseException
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualProtect

user32

DestroyMenu
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
GetClassNameA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
WinHelpA
EnableWindow
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
wsprintfA
UnregisterClassA
CharUpperA
SetWindowTextA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA
PathAddBackslashA
PathIsUNCA
PathStripToRootA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/asfsplliter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

61540ae4d5f1fe29babe6b430f77a241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateReader

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

user32

wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcrt

free
??1type_info@@UAE@XZ
_CxxThrowException
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm

kernel32

DisableThreadLibraryCalls
LocalFree
GetModuleFileNameA
lstrlenA
GetVersionExA
GetLastError
SetThreadPriority
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CreateThread
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
InterlockedIncrement
SetEvent
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/atrc.dll
.dll windows:4 windows x86 arch:x86

5132cde9ac8899a69f40dfaacc320c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_ftol
??3@YAXPAX@Z
memmove
calloc
free
malloc
_CIpow
floor
??2@YAPAXI@Z
_assert
_except_handler3
_purecall
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/f4v.swf
Codecs/raac.dll
.dll windows:4 windows x86 arch:x86

2569b16af6a5e82c06ef6aed87f5e148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
memmove
_CxxThrowException
calloc
free
malloc
exp
fputs
printf
pow
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
log10
atan
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_iob
log
_purecall
_except_handler3

kernel32

DisableThreadLibraryCalls
IsBadReadPtr

Exports

Exports

RACloseCodec
RACreateDecoderInstance
RACreateEncoderInstance
RADecode
RAFlush
RAFreeDecoder
RAGetBackend
RAGetFlavorProperty
RAGetGUID
RAInitDecoder
RAOpenCodec2
RASetComMode

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/en_US.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/zh_TW.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetAgent.dll
.dll windows:4 windows x86 arch:x86

f618d4cb4d41a461355f2eab6ae077ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92
Signer

Actual PE Digest

10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSACloseEvent
recv
WSAGetLastError
send
socket
WSACreateEvent
connect
WSAEventSelect
htons
gethostbyname

kernel32

GetStdHandle
LCMapStringW
LCMapStringA
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
GetLastError
MoveFileW
DeleteFileW
CreateDirectoryW
CloseHandle
GetFileType
CreateFileW
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapAlloc
SetStdHandle
SetHandleCount
GetStartupInfoA
SetEndOfFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

CreateAndRunAgent
GetDownloadLen
GetFileLen
Seek
Terminate

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodBand.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0e32a3b828b41920c248142fcbc590d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8
Signer

Actual PE Digest

02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetTickCount
GetFileAttributesA
CloseHandle
Sleep
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA

user32

LoadStringA
InsertMenuItemA
LoadImageA
FindWindowA
SendMessageA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA

ole32

CoTaskMemFree
StringFromIID
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodInit.exe
.exe windows:4 windows x86 arch:x86

b15aa047ced3a842c3d63e77ae9cde2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20
Signer

Actual PE Digest

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetTickCount
GetFileAttributesA
Process32First
GetTempFileNameA
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
DeleteFileA
MoveFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy

user32

FindWindowA
PostMessageA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodInsert.dll
.dll regsvr32 windows:4 windows x86 arch:x86

512da446183fb702675cbe4761220c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

56:29:3e:1a:f2:9f:18:a5:ae:0b:b8:75:12:f9:da:06:e8:8e:a9:77
Signer

Actual PE Digest

56:29:3e:1a:f2:9f:18:a5:ae:0b:b8:75:12:f9:da:06:e8:8e:a9:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
HeapDestroy
lstrcpyW
lstrcatW
LocalFree
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileW
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
FlushFileBuffers
GetModuleHandleW
LCMapStringW
LCMapStringA
CompareStringW
CompareStringA
UnhandledExceptionFilter
GetModuleHandleA
HeapSize
TerminateProcess
SetLastError
TlsFree
TlsAlloc
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
RtlUnwind
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
GetSystemDefaultLangID
OpenMutexW
OpenSemaphoreW
GetSystemTime
CreateProcessW
GetFileAttributesW
CreateDirectoryW
SetEnvironmentVariableW
CopyFileW
GetTickCount
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
FindFirstFileW
FindClose
Sleep
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetVersionExW
GetProcAddress
InterlockedDecrement
lstrlenW
GetUserDefaultLangID
WriteFile

user32

LoadStringW
GetClientRect
FillRect
GetDC
ReleaseDC
SendMessageW
IsWindow
SetCapture
CharNextW
SetWindowPos
CreateWindowExW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
ReleaseCapture
wvsprintfW
GetActiveWindow
DrawTextW
DialogBoxParamW
ClientToScreen
FindWindowW
CreateMenu
GetSubMenu
CharLowerW
UnionRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetQueueStatus
DispatchMessageW
DestroyWindow
SetTimer
SetRectEmpty
MoveWindow
InvalidateRect
ShowWindow
FindWindowExW
PostMessageW
SetWindowTextW
BringWindowToTop
ShowCursor
GetDesktopWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
SetSysColors
GetSysColor
EnumChildWindows
LoadImageW
GetClassNameW
LoadBitmapW
GetParent
GetKeyState
MessageBoxW
SetDlgItemInt
GetDlgItemTextW
CheckRadioButton
SetDlgItemTextW
GetDlgCtrlID
EndDialog
CopyRect
SetRect
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
UnregisterHotKey
KillTimer
TrackPopupMenu
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetCursor
LoadCursorW

gdi32

TextOutW
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject
SetDIBits
CreatePatternBrush
Rectangle
SetBkMode
GetDIBits
SetTextColor
StretchDIBits
SetStretchBltMode
CreateDIBSection
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SelectObject
CreateDCW
CreateMetaFileW

comdlg32

ChooseColorW
GetOpenFileNameW
ChooseFontA
GetSaveFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleRegGetMiscStatus
WriteClassStm
CoUninitialize
CoFreeUnusedLibraries
OleSaveToStream
CreateDataAdviseHolder
OleLoadFromStream

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString

ws2_32

WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htonl
connect
recv
inet_addr
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
gethostbyname
inet_ntoa

winmm

timeGetTime
timeSetEvent

quartz

AMGetErrorTextW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ord16

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodPlayer.exe
.exe windows:4 windows x86 arch:x86

1804f662d6972fd3d24222e8aab5fa2e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:1e:70:83:26:88:9a:f5:e0:4b:72:31:eb:e1:44:a6:79:da:58:fe
Signer

Actual PE Digest

99:1e:70:83:26:88:9a:f5:e0:4b:72:31:eb:e1:44:a6:79:da:58:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
GlobalSize
CreateProcessW
OpenSemaphoreW
GetDiskFreeSpaceExW
SystemTimeToTzSpecificLocalTime
RemoveDirectoryW
FileTimeToSystemTime
GetWindowsDirectoryA
MoveFileW
GetTickCount
GetTempPathW
CreateMutexW
OpenMutexW
HeapDestroy
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
FindNextChangeNotification
CompareStringW
CompareStringA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
SetSystemPowerState
SetThreadExecutionState
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
DeviceIoControl
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
SetFileAttributesW
GetLocalTime
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
GetProcAddress
InterlockedDecrement
GetVersionExW
FreeLibrary
LoadLibraryW
SetStdHandle
RaiseException

user32

GetDlgCtrlID
CheckRadioButton
SetDlgItemTextW
GetDlgItemTextW
EndDialog
DialogBoxParamW
ClientToScreen
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
GetMenuItemInfoW
SetMenuItemInfoW
DeleteMenu
EnableWindow
ExitWindowsEx
SetDlgItemInt
GetActiveWindow
DrawTextW
IsMenu
CloseClipboard
GetClipboardData
OpenClipboard
GetDlgItemInt
GetDlgItemTextA
OffsetRect
UpdateWindow
SetForegroundWindow
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CallNextHookEx
GetWindowRect
GetDesktopWindow
MessageBoxW
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
CreateMenu
MessageBeep
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
DefWindowProcW
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
wsprintfW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyWindow
SetRectEmpty
LoadCursorW
SetTimer
RegisterClassExW
GetClassInfoExW
InvalidateRect
FindWindowExW
ShowCursor
CharLowerW
LoadMenuW
SetRect
RegisterWindowMessageW
GetWindow
GetSystemMetrics
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
FindWindowW
LoadIconW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
GetSubMenu
RegisterHotKey
TranslateAcceleratorW
UnhookWindowsHookEx
SetWindowsHookExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetKeyboardState
MapWindowPoints
TrackPopupMenuEx
IsWindowVisible
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
SetWindowRgn
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetParent
SetCursor
GetCursorPos
ScreenToClient
PtInRect
BringWindowToTop
KillTimer
GetWindowTextLengthW

gdi32

SetViewportOrgEx
Rectangle
CreatePatternBrush
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
GetPixel
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
CreateFontIndirectW
GetStockObject
GetDeviceCaps
CreateRectRgn
CombineRgn
GetObjectW
StretchBlt
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
RoundRect
CreateCompatibleDC
DeleteObject

comdlg32

ChooseColorW
ChooseFontA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW

shell32

SHFileOperationW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
ExtractIconW
DragFinish
DragAcceptFiles
ShellExecuteW
SHBrowseForFolderW
DragQueryFileW
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
OleInitialize

oleaut32

SysFreeString
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
VariantInit
VariantCopy
VariantClear
SysAllocString
GetErrorInfo

ws2_32

gethostbyname
inet_ntoa
ntohl
WSACleanup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_addr
htons
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
WSAStartup

winmm

mciSendStringW
timeGetTime

quartz

AMGetErrorTextW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ord16
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
ImageList_LoadImageW
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

urlmon

CoInternetGetSession

Sections

.text
Size: 984KB - Virtual size: 983KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodTerminal.exe
.exe windows:4 windows x86 arch:x86

9232d0b3056ac0dcec0880d50328a24b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5d:ee:fb:9e:de:d9:5f:93:48:45:f6:44:27:4d:97:74:fd:fc:87:fa
Signer

Actual PE Digest

5d:ee:fb:9e:de:d9:5f:93:48:45:f6:44:27:4d:97:74:fd:fc:87:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
inet_addr
recvfrom
getpeername
inet_ntoa
ntohs
gethostbyname
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
htonl
connect
select
setsockopt
socket
htons
bind
listen
WSACreateEvent
WSAEventSelect
ntohl
send
WSAJoinLeaf
WSASocketA
ioctlsocket
gethostname
recv
WSAStartup
WSAGetLastError
WSACloseEvent
sendto
closesocket

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

ole32

CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysStringLen
SysFreeString

kernel32

InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
SetLastError
TlsAlloc
GetCurrentThreadId
GetVersion
GetCommandLineA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MoveFileExA
Sleep
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetTempPathA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InterlockedDecrement
QueryPerformanceCounter
GetSystemTime
InterlockedIncrement
CopyFileA
CreateSemaphoreA
OpenSemaphoreA
HeapFree
HeapAlloc
GetProcessHeap
MoveFileA
LocalFree
LocalAlloc
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
GetDiskFreeSpaceExA
GetLastError
TerminateProcess
ReadFile
PeekNamedPipe
GetWindowsDirectoryA
GetStartupInfoA
CreatePipe
GetProcAddress
LoadLibraryA
lstrlenA
lstrlenW
CreateThread
RtlUnwind
GetFileType
CreateFileA
CreateDirectoryA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ResumeThread
TlsSetValue
TlsGetValue
ExitThread
CreateDirectoryW
CreateFileW
GetTimeZoneInformation
GetSystemTimeAsFileTime
RaiseException
ExitProcess
GetCurrentProcess

user32

CreateWindowExA
LoadIconA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage

advapi32

RegOpenKeyA
RegCloseKey

Sections

.text
Size: 412KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodUninst.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/QvodInit.exe
.exe windows:4 windows x86 arch:x86

b15aa047ced3a842c3d63e77ae9cde2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20
Signer

Actual PE Digest

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
TerminateProcess
CreateProcessA
GetTickCount
GetFileAttributesA
Process32First
GetTempFileNameA
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
DeleteFileA
MoveFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetModuleHandleA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy

user32

FindWindowA
PostMessageA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShareModule.dll
.dll regsvr32 windows:4 windows x86 arch:x86

eda7961bf20b390522a65b66a7689197

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetFileAttributesW
OpenMutexW
DebugBreak
OutputDebugStringW
GetModuleFileNameW
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
GetShortPathNameW
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
WaitForSingleObject
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrcatW
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
LoadLibraryA
GetOEMCP
ResetEvent
CloseHandle
CreateEventW
SetEvent
lstrlenW
MultiByteToWideChar
lstrlenA
Sleep
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntW
FindResourceW
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
FlushFileBuffers
WriteFile
RaiseException
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
CompareStringW
CompareStringA
UnhandledExceptionFilter
GetFileType
CreateFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
HeapReAlloc
GetCommandLineA
GetVersion
ReadFile
SetFilePointer
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
HeapSize
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError

user32

LoadStringW
CharNextW
wvsprintfW
CharLowerW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegEnumValueW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

RegisterTypeLi
SysFreeString
SysAllocString
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen

ws2_32

setsockopt
socket
htons
ntohs
closesocket
WSAStartup
ntohl
WSAGetLastError
recv
send
htonl
inet_addr
connect

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/Default.xml
Skin/Default/back.bmp
Skin/Default/backleft.bmp
Skin/Default/backmid.bmp
Skin/Default/backright.bmp
Skin/Default/bgline.bmp
Skin/Default/bleft1.bmp
Skin/Default/bottom.bmp
Skin/Default/bottomleft.bmp
Skin/Default/bottomright.bmp
Skin/Default/bright1.bmp
Skin/Default/caption.bmp
Skin/Default/close.bmp
Skin/Default/full.bmp
Skin/Default/icon.bmp
Skin/Default/info.bmp
Skin/Default/infofull.bmp
Skin/Default/left.bmp
Skin/Default/left1.bmp
Skin/Default/listbutton.bmp
Skin/Default/listbutton2.bmp
Skin/Default/listsplit.bmp
Skin/Default/lsearchb1.bmp
Skin/Default/lsearchb2.bmp
Skin/Default/lsearchbg.bmp
Skin/Default/lsearchbg1.bmp
Skin/Default/max.bmp
Skin/Default/media_del.bmp
Skin/Default/media_files.bmp
Skin/Default/media_files_2.bmp
Skin/Default/media_fill.bmp
Skin/Default/media_info.bmp
Skin/Default/media_search.bmp
Skin/Default/media_sham.bmp
Skin/Default/media_sham_2.bmp
Skin/Default/mediaeditdel.bmp
Skin/Default/mediare.bmp
Skin/Default/mediatolist.bmp
Skin/Default/mediatree.bmp
Skin/Default/menu.bmp
Skin/Default/min.bmp
Skin/Default/mtk.bmp
Skin/Default/mute.bmp
Skin/Default/mute2.bmp
Skin/Default/next.bmp
Skin/Default/nowplay.bmp
Skin/Default/open.bmp
Skin/Default/pause.bmp
Skin/Default/play.bmp
Skin/Default/playlist_toolbar.bmp
Skin/Default/pre.bmp
Skin/Default/processp.bmp
Skin/Default/progress.bmp
Skin/Default/progress_point_a.bmp
Skin/Default/progress_point_b.bmp
Skin/Default/progress_thumb.bmp
Skin/Default/reold.bmp
Skin/Default/right.bmp
Skin/Default/right1.bmp
Skin/Default/scroll_back.bmp
Skin/Default/scroll_back_h.bmp
Skin/Default/scroll_down.bmp
Skin/Default/scroll_left.bmp
Skin/Default/scroll_limit.bmp
Skin/Default/scroll_limit_h.bmp
Skin/Default/scroll_right.bmp
Skin/Default/scroll_up.bmp
Skin/Default/search_botton.bmp
Skin/Default/search_icon.bmp
Skin/Default/stop.bmp
Skin/Default/tab.bmp
Skin/Default/tab1.bmp
Skin/Default/tabs_fill.bmp
Skin/Default/tabs_left.bmp
Skin/Default/tabs_mid.bmp
Skin/Default/tabs_right.bmp
Skin/Default/tabs_search_fill.bmp
Skin/Default/tabs_search_left.bmp
Skin/Default/top.bmp
Skin/Default/topleft.bmp
Skin/Default/topleft1.bmp
Skin/Default/topright.bmp
Skin/Default/topright1.bmp
Skin/Default/volume.bmp
Skin/Default/volumeb.bmp
Skin/Default/volumep.bmp
Skin/Logo.bmp
Skin/MiNi/back.bmp
Skin/MiNi/info.bmp
Skin/MiNi/mute.bmp
Skin/MiNi/mute2.bmp
Skin/MiNi/next.bmp
Skin/MiNi/open.bmp
Skin/MiNi/pause.bmp
Skin/MiNi/play.bmp
Skin/MiNi/pre.bmp
Skin/MiNi/processp.bmp
Skin/MiNi/progress.bmp
Skin/MiNi/progress_thumb.bmp
Skin/MiNi/progressd.bmp
Skin/MiNi/volume.bmp
Skin/MiNi/volumeb.bmp
Skin/MiNi/volumep.bmp
Skin/Mini.xml
Tip/PopMessage.xml
.xml
Tip/QvodTip.exe
.exe windows:4 windows x86 arch:x86

3d812c4c97128ca0e08c8dab57ae38e0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff
Signer

Actual PE Digest

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
HeapAlloc
RaiseException
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapFree
RtlUnwind
LocalFree
WideCharToMultiByte
GetLastError
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
ReadFile
CloseHandle
LoadLibraryW
DeleteCriticalSection
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
lstrcpynA
lstrcpynW
GetVersionExW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
DeleteFileW
GetModuleFileNameW
lstrlenW
Sleep
InterlockedIncrement
TerminateProcess
InterlockedDecrement

user32

GetSysColor
GetDlgItem
FillRect
IsChild
GetClassNameW
GetParent
RedrawWindow
GetDesktopWindow
PostQuitMessage
DestroyWindow
UpdateLayeredWindow
GetClientRect
ReleaseDC
GetDC
EqualRect
GetWindowRect
CreateWindowExW
RegisterClassExW
DefWindowProcW
EndPaint
CreateAcceleratorTableW
ReleaseCapture
SetCapture
InvalidateRgn
DrawTextW
SetRectEmpty
MoveWindow
SetCursor
GetFocus
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindow
RegisterWindowMessageW
CallWindowProcW
RemoveMenu
PeekMessageW
PtInRect
CreatePopupMenu
GetMenuItemCount
AppendMenuW
GetMenuItemInfoW
DestroyMenu
MessageBeep
IsWindowVisible
SetFocus
LoadStringA
KillTimer
SetLayeredWindowAttributes
InvalidateRect
SetTimer
SendMessageW
MapWindowPoints
IsWindow
TrackPopupMenuEx
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
SystemParametersInfoW
FindWindowW
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
LoadStringW
SetWindowLongW
GetWindowLongW
BeginPaint

gdi32

GetTextExtentPoint32W
StretchBlt
SetBkMode
SetTextColor
GetStockObject
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
OleCreate
OleSetContainedObject
OleDraw
CoCreateInstance

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tip/QvodTips.dll
.dll windows:4 windows x86 arch:x86

d7778d884b245e49861f228104669703

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2009, 00:00

Not After

02/06/2011, 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:a3:23:63:dc:99:e7:e5:ec:ca:74:bd:2a:42:2c:91:a2:c6:fc:ca
Signer

Actual PE Digest

30:a3:23:63:dc:99:e7:e5:ec:ca:74:bd:2a:42:2c:91:a2:c6:fc:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

connect
socket
htons
gethostbyname
WSAStartup
recv
send
WSAGetLastError
closesocket

kernel32

SetEndOfFile
CreateFileA
LoadLibraryA
GetOEMCP
GetACP
ReadFile
GetLocaleInfoW
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
lstrlenW
CreateThread
TerminateThread
SetEnvironmentVariableA
GetLocalTime
GetCurrentThreadId
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetProcAddress
GetUserDefaultLCID
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
RaiseException
GetLastError
DeleteFileA
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
GetFileAttributesA
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
WriteFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA

advapi32

RegCloseKey
RegOpenKeyA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantCopy
SysAllocString
VariantClear

Exports

Exports

Close_QvodTips
Query_QvodTips
Start_QvodTips

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tip/back.bmp
Tip/close.bmp
Tip/maintext.bmp
Tip/view.bmp

Sharing

General

Malware Config

Signatures

Files

dfb06052e74b26a42b0e490bd1c07959

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 38KB - Virtual size: 37KB

0b51ce6ce6bf8d5c68b3ea9f3ac1bf2c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 322B

b15aa047ced3a842c3d63e77ae9cde2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate

Extended Key Usages

Key Usages

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 38KB - Virtual size: 37KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 322B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

73:ab:0e:ee:ad:d2:7b:3b:7a:57:3e:bb:ef:0b:90:0d:19:06:53:20
Signer

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 24KB - Virtual size: 25KB

.rsrc
Size: 36KB - Virtual size: 34KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

.text
Size: 212KB - Virtual size: 211KB

.rdata
Size: 27KB - Virtual size: 27KB

.data
Size: 19KB - Virtual size: 26KB

.rsrc
Size: 1024B - Virtual size: 896B

.reloc
Size: 11KB - Virtual size: 10KB

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

5d:69:0c:9e:b1:7e:24:a7:a2:35:76:a8:7e:24:db:81
Certificate

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

ff:3e:a7:8d:4c:1a:d7:44:ca:fb:27:ff:42:6d:8f:93:02:8c:d2:b8
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 17KB - Virtual size: 16KB