0a0fb8bd10a28975a285ca78155de3a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0a0fb8bd10a28975a285ca78155de3a0_JaffaCakes118
Size

1.6MB
MD5

0a0fb8bd10a28975a285ca78155de3a0
SHA1

e1c0445e7eae9b95db414f4c20f4f921611e9704
SHA256

4886af81ca1dd877360ae8e280ad275ef04b0a30f980568b5e8568811c36ac98
SHA512

0145c873f6f0e815ce1abd8632cc5d37730563165f4c8fc1eb1ce30cbe8938e86016d97e26cbed7c4e99c04b0e0a9c9fb8f44c29aa1259d69c81d3462f8c9668
SSDEEP

49152:k0dDx6wuLIW1RYe5130UVznhTqbnQDoN57:f3uCeH3xVzh2757

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/cook.dll
unpack001/declrds.ax

Files

0a0fb8bd10a28975a285ca78155de3a0_JaffaCakes118
.cab
PSNetwork.dll
.dll windows:4 windows x86 arch:x86

89ff9c38f56cbc4f6f5a8ed740aab1f1

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord1228
ord6283
ord3721
ord3619
ord809
ord795
ord2614
ord556
ord3663
ord3626
ord2414
ord4275
ord5875
ord2864
ord1088
ord2122
ord1641
ord3797
ord6358
ord6197
ord2859
ord6880
ord926
ord2860
ord4129
ord5683
ord6663
ord4774
ord4402
ord3640
ord693
ord4243
ord3301
ord3910
ord6605
ord2754
ord6696
ord3293
ord6282
ord538
ord6569
ord1085
ord5601
ord802
ord542
ord922
ord6905
ord6007
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2546
ord291
ord5710
ord2824
ord6874
ord539
ord1175
ord4274
ord2763
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3953
ord2725
ord771
ord2528
ord1008
ord497
ord1948
ord5303
ord4699
ord5715
ord817
ord565
ord2726
ord4226
ord6215
ord2086
ord5450
ord6394
ord5440
ord6383
ord283
ord5678
ord5789
ord5787
ord5873
ord6172
ord5736
ord2814
ord834
ord3573
ord3089
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord4278
ord4277
ord5572
ord2915
ord2642
ord1669
ord5681
ord4224
ord2652
ord6334
ord3874
ord3092
ord858
ord1768
ord5280
ord470
ord755
ord4234
ord2301
ord324
ord567
ord6467
ord1168
ord1146
ord641
ord656
ord3610
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord3597
ord4853
ord4376
ord6199
ord2370
ord4202
ord6877
ord3337
ord4171
ord6311
ord2764
ord3097
ord6453
ord3998
ord6907
ord939
ord5953
ord2379
ord4710
ord3996
ord4258
ord2302
ord489
ord768
ord4425
ord825
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord940
ord356
ord535
ord941
ord2770
ord2781
ord4058
ord3181
ord3178
ord3310
ord668
ord2818
ord540
ord3811
ord2820
ord537
ord800
ord860
ord823
ord6375

msvcrt

strcpy
exit
_endthreadex
strstr
_beginthreadex
_mbscmp
memset
memcmp
memcpy
atoi
sprintf
strlen
time
srand
rand
__CxxFrameHandler
_purecall
_stricmp
_strcmpi
_strnicmp
pow
atof
memmove
_mbccpy
_mbsnbcmp
_mbsstr
_mbclen
_mbsncmp
_mbschr
strncpy
fopen
fwrite
fflush
fclose
free
calloc
_mbsicmp
sscanf
_mbsrchr
??8type_info@@QBEHABV0@@Z
_CxxThrowException
_ftol
toupper
_mkdir
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_vsnprintf
_except_handler3
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
malloc
_adjust_fdiv
vsprintf

kernel32

UnlockFile
ReadFile
MoveFileA
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
GlobalFree
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
lstrcpyA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
GetExitCodeThread
CreateFileA
CloseHandle
WideCharToMultiByte
LocalFree
InterlockedDecrement
WriteFile
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
GetLastError
InterlockedExchange
Sleep
EnterCriticalSection
GetTickCount
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetPrivateProfileIntA
DeleteFileA
GetModuleHandleA
OpenFile
GetACP
CopyFileA
SetFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetTempFileNameA
GetTempPathA
SetUnhandledExceptionFilter
VirtualQuery
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
MultiByteToWideChar
LockFile
GetProcAddress
LoadLibraryA
lstrcmpA
DeviceIoControl
GetVersionExA
FreeLibrary
LoadLibraryExA
InterlockedIncrement
IsBadReadPtr
GetWindowsDirectoryA
CreateProcessA
GlobalMemoryStatus
SystemTimeToFileTime
GetSystemTime
GetCurrentThreadId
lstrcpynA
lstrcmpiA
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
TerminateProcess
LeaveCriticalSection
GetSystemInfo

user32

EnableWindow
GetMessagePos
RegisterWindowMessageA
FillRect
MessageBeep
GetMenuItemCount
GetMenuItemID
LoadMenuA
GetSubMenu
PostMessageA
SetWindowPos
GetCursorPos
ScreenToClient
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
GetWindowRect
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
DestroyCursor
GetSysColor
wsprintfA
GetMessageA
TranslateMessage
PostThreadMessageA
GetParent
SendMessageA
SetWindowLongA
GetWindowLongA
IsWindowVisible
IsIconic
KillTimer
DispatchMessageA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
SetTimer
OpenClipboard
LoadIconA
DrawIcon
GetClientRect
GetSystemMetrics

gdi32

GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

RegEnumKeyExA
GetUserNameA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ExtractIconA
ShellExecuteExA
ShellExecuteA

ole32

OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysFreeString
VariantClear
GetErrorInfo
SysAllocString

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Xran@std@@YAXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

ws2_32

recvfrom
WSACleanup
sendto
send
recv
inet_addr
WSAStartup
setsockopt
shutdown
WSAEventSelect
WSACreateEvent
WSACloseEvent
WSASocketA
getsockname
getpeername
gethostbyname
gethostname
socket
htons
bind
ntohs
listen
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSASetLastError
WSARecv
WSAResetEvent
WSAEnumNetworkEvents
accept
closesocket
WSASend
inet_ntoa
connect

wininet

InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetSetCookieA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

imagehlp

ImageNtHeader
CheckSumMappedFile

Exports

Exports

??0CPSNetwork@@QAE@ABV0@@Z
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
??4CPSNetwork@@QAEAAV0@ABV0@@Z
??_7CPSNetwork@@6B@
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetCacheTime@CPSNetwork@@QAEHXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ
?GetChannelOnlineCount@CPSNetwork@@QAEKXZ
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetMsg@CPSNetwork@@QAEHAAKPAD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Save@CPSNetwork@@QAEHPBD@Z
?SetLogLevel@CPSNetwork@@QAEHH@Z
?SetParam@CPSNetwork@@QAEXPBD0@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
FIO_Create

Sections

.text
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 291KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerList.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

8d49ea323e6efb7c9906274a39086fad

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5442
ord3318
ord5186
ord354
ord939
ord6467
ord668
ord1980
ord3181
ord2781
ord2770
ord356
ord6905
ord2763
ord5450
ord6394
ord5440
ord6383
ord5572
ord2915
ord4407
ord3742
ord818
ord1270
ord1232
ord4275
ord2152
ord755
ord470
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord6194
ord1641
ord3706
ord3573
ord6197
ord6379
ord1844
ord4400
ord682
ord3089
ord6654
ord2393
ord2862
ord1265
ord6909
ord6720
ord3797
ord6199
ord2614
ord4160
ord3402
ord3619
ord3721
ord809
ord795
ord556
ord1088
ord2122
ord3874
ord6358
ord1200
ord926
ord1929
ord2116
ord6418
ord2919
ord6442
ord1233
ord924
ord3811
ord3310
ord6380
ord4299
ord6215
ord353
ord703
ord404
ord603
ord273
ord275
ord816
ord3908
ord562
ord940
ord923
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord3952
ord2724
ord6354
ord1216
ord1227
ord1877
ord4249
ord2486
ord2687
ord4006
ord2727
ord2730
ord2729
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord693
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord1979
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5314
ord5333
ord2541
ord4949
ord801
ord3996
ord5861
ord541
ord4202
ord2100
ord4459
ord5033
ord4502
ord6030
ord6385
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord5161
ord5162
ord5160
ord4905
ord4742
ord4976
ord4948
ord4358
ord4377
ord4854
ord5287
ord4835
ord3699
ord489
ord2370
ord2302
ord4234
ord4710
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord3640
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord3370
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4402
ord665
ord6928
ord6930
ord4224
ord6907
ord323
ord1640
ord5785
ord640
ord6320
ord6453
ord768
ord860
ord941
ord497
ord1008
ord2528
ord771
ord1146
ord1644
ord2863
ord2864
ord3815
ord5981
ord2795
ord6270
ord2438
ord3654
ord2584
ord4220
ord2859
ord5875
ord2754
ord472
ord5788
ord4297
ord4133
ord2414
ord2567
ord6605
ord6880
ord3301
ord3663
ord3626
ord2860
ord1168
ord1669
ord3754
ord2652
ord2379
ord6696
ord6242
ord289
ord5789
ord613
ord3910
ord3286
ord3293
ord2380
ord2818
ord540
ord2817
ord6877
ord800
ord537
ord2764
ord4129
ord858
ord6648
ord6282
ord535
ord6283
ord4243
ord5649
ord567
ord1776
ord4078
ord6055
ord2582
ord825
ord994
ord823
ord1131

msvcrt

abs
strncpy
strcpy
_mbscmp
atol
exit
_endthreadex
_beginthreadex
memset
atoi
sprintf
time
strlen
__CxxFrameHandler
_stricmp
memcpy
_access
strcat
_ftol
strstr
free
malloc
_purecall
strcmp
rand
srand
fclose
fflush
fwrite
fopen
atof
_mbsicmp
memmove
toupper
memcmp
_mbsnbcpy
_snprintf
_mbsnbcat
_ui64toa
_atoi64
wcscmp
wcslen
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
fseek
ftell
fread
strtoul
strchr
wcsncpy
_mbsstr

kernel32

GlobalFree
GetSystemTime
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
MoveFileExA
CreateProcessA
GetWindowsDirectoryA
FindResourceA
LoadResource
SizeofResource
LockResource
LCMapStringA
MultiByteToWideChar
IsDBCSLeadByte
GetDiskFreeSpaceExA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
CancelWaitableTimer
lstrlenW
WideCharToMultiByte
CreateEventA
LockFile
WriteFile
UnlockFile
ReadFile
MoveFileA
FindFirstFileA
FindNextFileA
GetLastError
FindClose
GetFileSize
SetFilePointer
SetEndOfFile
CreateFileA
GetFileAttributesA
GetModuleFileNameA
Sleep
CreateDirectoryA
lstrcatA
GetACP
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileA
lstrcmpiA
LoadLibraryA
GetProcAddress
FreeLibrary
SuspendThread
OpenMutexA
CreateMutexA
LocalFree
LocalAlloc
OutputDebugStringA
lstrcpyA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetTickCount
MulDiv

user32

PostMessageA
GetKeyState
EqualRect
ShowWindow
SetForegroundWindow
CopyIcon
RedrawWindow
GetMonitorInfoA
MonitorFromWindow
FrameRect
CharLowerA
SetRect
DestroyCursor
GetSysColor
GetMenuItemInfoA
GetCursorPos
SetWindowPos
SendMessageA
IsRectEmpty
CopyImage
PtInRect
GetMenuStringW
GetMenuItemID
ModifyMenuA
GetWindowTextLengthW
GetWindowTextW
GetWindow
SetPropA
SetCapture
GetCapture
GetWindowLongA
GrayStringA
GetClipCursor
ClipCursor
SetCursor
DrawTextA
TabbedTextOutA
InvertRect
SetRectEmpty
FillRect
SetWindowRgn
GetClientRect
InflateRect
GetClassInfoA
DefWindowProcA
LoadCursorA
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ClientToScreen
InvalidateRect
KillTimer
SetTimer
GetSystemMetrics
SendMessageTimeoutA
LoadMenuA
IsWindowVisible
IsWindow
EnableWindow
CopyRect
ReleaseDC
GetDC
GetWindowRect
CheckMenuItem
GetMenuItemCount
GetPropA
GetParent
EnableMenuItem
DeleteMenu
GetSubMenu
SetWindowLongA
MessageBoxA
PeekMessageA
DispatchMessageA
ReleaseCapture
MsgWaitForMultipleObjects
ScreenToClient

gdi32

GetDeviceCaps
CreateFontA
CreateFontIndirectA
GetStockObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreatePolygonRgn
CreateRectRgn
CombineRgn
CreateSolidBrush
GetCurrentObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
GetTextColor
GetTextExtentPoint32A
GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegSetValueA
RegOpenKeyExA
RegQueryValueA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

comctl32

ImageList_GetImageInfo
_TrackMouseEvent

ole32

CoCreateInstance
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

LoadRegTypeLi

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xran@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

socket
bind
closesocket
getsockname
htons
sendto
recvfrom
ntohs
inet_addr
gethostname
gethostbyname
WSAStartup
WSACleanup
inet_ntoa

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA

shlwapi

PathFindFileNameA
PathGetDriveNumberA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
InternetOpenA
InternetGetConnectedState
InternetReadFile
HttpQueryInfoA
InternetOpenUrlA
InternetCrackUrlA
InternetSetOptionA
InternetQueryOptionA
HttpEndRequestA
InternetReadFileExA
InternetSetStatusCallback
InternetConnectA
HttpSendRequestExA
HttpOpenRequestA
HttpSendRequestA
HttpAddRequestHeadersA
InternetGetCookieA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PowerPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4d3ffa65ed362b8a091aad83f8b30fbf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6199
ord4476
ord6143
ord539
ord613
ord289
ord6111
ord1175
ord2393
ord1567
ord268
ord3619
ord809
ord556
ord1088
ord2122
ord3797
ord6358
ord1200
ord2860
ord6385
ord6876
ord6930
ord5450
ord6394
ord5440
ord6383
ord6379
ord772
ord6142
ord500
ord5860
ord3986
ord5606
ord939
ord4284
ord5873
ord5834
ord2841
ord2448
ord2044
ord2107
ord5861
ord6883
ord6663
ord703
ord404
ord603
ord273
ord275
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5785
ord1640
ord323
ord816
ord3908
ord562
ord940
ord1233
ord5575
ord6194
ord6378
ord3815
ord6442
ord4204
ord6928
ord5981
ord2652
ord4224
ord1669
ord5710
ord2763
ord3716
ord790
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2724
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord1205
ord3952
ord6354
ord1216
ord1227
ord6010
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord4006
ord2727
ord2730
ord2729
ord1226
ord1210
ord2439
ord5572
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord5649
ord4287
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5332
ord5328
ord5331
ord5314
ord5333
ord2541
ord4949
ord2998
ord4459
ord5033
ord4502
ord6030
ord2956
ord1601
ord3474
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord6311
ord4171
ord2753
ord3546
ord4317
ord2243
ord5788
ord472
ord5787
ord6646
ord6334
ord2450
ord4133
ord4297
ord3005
ord4033
ord433
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1979
ord665
ord924
ord922
ord1641
ord641
ord795
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord2688
ord801
ord541
ord283
ord2795
ord6215
ord2086
ord2642
ord6648
ord3092
ord2116
ord2614
ord6778
ord1168
ord2567
ord3874
ord2380
ord765
ord4299
ord6453
ord6605
ord6880
ord609
ord2108
ord2078
ord3574
ord4396
ord2575
ord3698
ord6467
ord4275
ord3742
ord926
ord4160
ord4202
ord2764
ord533
ord5194
ord1997
ord5448
ord798
ord2915
ord941
ord4278
ord4023
ord6282
ord6283
ord5683
ord4277
ord4129
ord5875
ord5789
ord2754
ord6172
ord2859
ord5768
ord2864
ord4034
ord535
ord1949
ord818
ord2135
ord823
ord1146
ord1644
ord2863
ord6270
ord2379
ord2438
ord3654
ord2584
ord4220
ord470
ord755
ord4710
ord6380
ord6197
ord4234
ord2302
ord2370
ord2414
ord3663
ord3626
ord825
ord324
ord567
ord540
ord860
ord858
ord800
ord537
ord6877
ord2818
ord354
ord5186
ord3318
ord2919
ord4113
ord5442
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3573
ord3721
ord4424
ord3402
ord5290
ord1776
ord1693
ord6055
ord1131

msvcrt

strstr
_mbsicmp
abs
fopen
fwrite
fflush
fclose
sprintf
time
strcmp
memset
atoi
_ftol
__CxxFrameHandler
_stricmp
strlen
_mbsstr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_beginthreadex
_endthreadex
exit
memcpy
strcpy
_access
_mbscmp
ftell
fseek
toupper
memcmp
wcsncpy
pow
atol
strcat
strchr
_mbsrchr
strncpy
strncmp
memmove
strrchr
wcstol
wcscmp
wcslen
rand
srand
strtoul
calloc
free
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc

kernel32

UnmapViewOfFile
lstrlenW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
OpenFile
GetCurrentProcess
GetCurrentProcessId
GetSystemTime
OpenProcess
GetExitCodeProcess
TerminateProcess
WinExec
lstrcpynA
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
MulDiv
GlobalFree
CreateEventA
FindResourceA
LoadResource
SizeofResource
LockResource
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersionExA
DeviceIoControl
InterlockedDecrement
WriteFile
ReadFile
GetLastError
SetFilePointer
CreateFileA
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
FreeLibrary
LoadLibraryA
GetProcAddress
MoveFileA
CopyFileA
GetWindowsDirectoryA
GetModuleFileNameA
CreateDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
LocalFree
LocalAlloc
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
CloseHandle
lstrcpyA
GetPrivateProfileStringA
GetTickCount
Sleep
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
lstrcatA

user32

InsertMenuItemA
GetMessageA
TranslateMessage
GetMenuState
GetMenuStringA
RegisterClassA
DefWindowProcA
GetClassInfoA
CharLowerA
IntersectRect
IsRectEmpty
MoveWindow
OffsetRect
mouse_event
IsWindow
GetDC
ReleaseDC
GetCapture
CreatePopupMenu
AppendMenuA
CheckMenuItem
EnableMenuItem
DeleteMenu
InsertMenuA
GetPropA
RemoveMenu
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SetParent
SetRectEmpty
ShowCursor
GrayStringA
TabbedTextOutA
wsprintfA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
SetWindowLongA
ReleaseCapture
RedrawWindow
DestroyCursor
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringW
GetMenuItemID
ModifyMenuA
UpdateWindow
CopyRect
GetSystemMetrics
SystemParametersInfoA
GetWindowLongA
IsWindowVisible
SetCapture
GetParent
ClientToScreen
KillTimer
SetTimer
PostMessageA
SetRect
ScreenToClient
PtInRect
SetCursor
LoadMenuA
GetSubMenu
GetCursorPos
GetClientRect
PostThreadMessageA
EnableWindow
DispatchMessageA
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SendMessageA
SetPropA
InflateRect
FrameRect
GetWindowRect
GetSysColor
FillRect
DrawTextA
InvalidateRect

gdi32

SetBkColor
GetViewportExtEx
GetWindowExtEx
SetMapMode
GetMapMode
PtVisible
RectVisible
CreateBitmap
ExtTextOutA
Escape
GetNearestColor
Rectangle
GetTextMetricsA
GetObjectA
CreateFontIndirectA
StretchBlt
CreateRectRgnIndirect
CombineRgn
FillRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
PatBlt
DeleteObject
SetTextColor
SetBkMode
GetTextExtentPoint32A
SelectObject
LPtoDP
TextOutA
CreateSolidBrush
DPtoLP

advapi32

RegSetValueA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

ShellExecuteA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

olepro32

ord251

oleaut32

SafeArrayDestroy
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString
VariantClear
SysAllocStringLen
SysAllocString
LoadRegTypeLi

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xran@std@@YAXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

psnetwork

?SetParam@CPSNetwork@@QAEXPBD0@Z
??1CPSNetwork@@UAE@XZ
??0CPSNetwork@@QAE@XZ
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
?Save@CPSNetwork@@QAEHPBD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ

ws2_32

WSACleanup
inet_ntoa
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
declrds.ax
.dll regsvr32 windows:5 windows x86 arch:x86

c53e1b93459a17d1cb7b4726efad232a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
MulDiv
QueryPerformanceCounter
Sleep
FreeLibrary
GetModuleFileNameA
lstrlenA
CreateThread
GetVersionExA
DisableThreadLibraryCalls
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
CloseHandle
CreateEventA
SetEvent
WaitForSingleObject
GetSystemInfo
GetCurrentThreadId
GetProcAddress
GetModuleHandleA
MultiByteToWideChar
GetThreadPriority
SetThreadPriority
GetCurrentThread
GetTickCount
GetLastError
GetProfileIntA

user32

GetDC
wsprintfA
ReleaseDC
GetDesktopWindow
IsRectEmpty

gdi32

GetSystemPaletteEntries

winmm

timeGetTime

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
free
_adjust_fdiv
malloc
_initterm

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegDeleteKeyA

ole32

CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
powerplayer.inf
pp2play.dll
.dll windows:4 windows x86 arch:x86

93ec8221d196be6cab22f103acb62f3c

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetVersionExA
CloseHandle
WriteFile
GetTickCount
ReadFile
SetStdHandle
GetOEMCP
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetCPInfo
FlushFileBuffers
MoveFileA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
GetModuleHandleA
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetCurrentProcess
TerminateProcess
ExitProcess
GetVersion
GetCommandLineA
HeapFree
HeapAlloc
GetFileAttributesA
RaiseException
RtlUnwind
InterlockedExchange
CopyFileA
GetSystemDirectoryA
GetModuleFileNameA
GetACP
LCMapStringA
GetLastError
WideCharToMultiByte
WritePrivateProfileStringA
LeaveCriticalSection
GetPrivateProfileIntA
GetLocaleInfoA
GetSystemDefaultLCID
lstrlenA
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
Sleep
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryA
GetProcAddress
SetFilePointer

user32

EnumDisplayMonitors
GetClientRect
IsWindow
SetDlgItemTextA
PeekMessageA
UnregisterClassA
RegisterClassExA
EnumDisplayDevicesA
LoadImageA
FillRect
DrawTextA
GetDC
ReleaseDC
RegisterClassA
DeleteMenu
EnableMenuItem
GetMenuItemCount
wsprintfA
CheckMenuItem
DestroyMenu
CreatePopupMenu
InsertMenuA
AppendMenuA
TrackPopupMenu
RemoveMenu
GetCursorPos
PtInRect
LoadCursorA
SetCursor
BeginPaint
EndPaint
DefWindowProcA
MonitorFromWindow
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
SetMenu
GetMenu
GetMessageA
TranslateMessage
DispatchMessageA
InvalidateRect
KillTimer
SetTimer
SetFocus
DestroyWindow
GetSystemMetrics
BringWindowToTop
SetParent
GetWindowLongA
GetWindowTextA
SetWindowTextA
GetParent
GetDesktopWindow
GetWindowRect
SetWindowPos
SendMessageA
PostMessageA
UpdateWindow
ShowWindow
CreateWindowExA
SetWindowLongA
SetRect
GetMonitorInfoA

shell32

SHGetPathFromIDListA
SHGetMalloc
ShellExecuteA
SHGetSpecialFolderLocation

gdi32

SetBkMode
SetTextColor
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetDIBits
DeleteDC
CreateCompatibleBitmap
GetObjectA
GetStockObject
SelectObject
Rectangle
GetTextExtentPoint32A
CreateCompatibleDC
DeleteObject

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CLSIDFromString
StringFromGUID2
CoInitializeEx
CoUninitialize

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegOpenKeyExA

oleaut32

SysStringLen
SysFreeString

Exports

Exports

PP2Play_Init
PP2Play_Uninit

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ppssg.dll
.dll regsvr32 windows:4 windows x86 arch:x86

fc9006c9d2c31bd1ee9dddc8a0ddcbb2

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetFileAttributesA
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
ReadFile
UnlockFile
WriteFile
LockFile
CreateDirectoryA
RemoveDirectoryA
WritePrivateProfileStringA
GetPrivateProfileIntA
HeapFree
InitializeCriticalSection
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryExA
lstrcpynA
HeapCreate
HeapDestroy
LoadLibraryA
GetTickCount
Sleep
CreateEventA
InterlockedIncrement
GetVersionExA
GetLocalTime
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SuspendThread
OpenMutexA
CreateMutexA
LocalFree
LocalAlloc
OutputDebugStringA
lstrcpyA
lstrlenA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
SetLastError
GetLastError
GetExitCodeThread
GetProcessHeap
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
IsBadWritePtr
VirtualFree
ExitProcess
RaiseException
RtlUnwind
ExitThread
GetCurrentThreadId
CreateThread
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
HeapReAlloc
HeapSize
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetEnvironmentVariableA

user32

TranslateMessage
wsprintfA
MessageBoxA
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA

advapi32

CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

ws2_32

inet_addr
inet_ntoa
WSACleanup
WSAStartup
gethostname
gethostbyname

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetXML
IL
LSG
LSGEX
MDSKAMS
MENMS
MGBIMS
MNRMS
MP2PRMS
MPTMS
MQFBURLMS
MRCMS
MRDSMS
MRFBMS
MRFBMS2
MRURLIDMS
OUDPMR
OUDPMREx
PSGBF
SHF
UnSinker

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vodnet.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a20303380b5bd6435fa74273ffa33026

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\PPStream-Vod-Work\XSearchNew\ppsvod\PPStreamVod\Release\PPStreamVod.pdb

Imports

kernel32

TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
ExitProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
ExitThread
TerminateProcess
GetFileType
VirtualAlloc
VirtualQuery
GetCommandLineA
HeapReAlloc
TlsGetValue
HeapSize
SetUnhandledExceptionFilter
GetCurrentProcessId
LCMapStringA
LCMapStringW
GetTimeZoneInformation
UnhandledExceptionFilter
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetStartupInfoA
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetDriveTypeA
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
GetCurrentThread
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
FileTimeToLocalFileTime
MulDiv
GlobalAlloc
FormatMessageA
GlobalLock
GlobalUnlock
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GlobalFree
VirtualProtect
FileTimeToSystemTime
GetLocalTime
FindResourceExA
OpenFile
GetModuleHandleA
GlobalMemoryStatus
HeapCreate
HeapAlloc
HeapDestroy
FreeLibrary
GetProcessHeap
HeapFree
GetSystemInfo
lstrcpynA
GetFileTime
LoadLibraryA
CompareStringW
CompareStringA
QueryPerformanceCounter
QueryPerformanceFrequency
GetVersion
RaiseException
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetProcAddress
DeviceIoControl
CreateFileA
FindFirstFileA
FindNextFileA
FindClose
CreateDirectoryA
LockFile
WriteFile
UnlockFile
ReadFile
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
CreateThread
ResumeThread
lstrcpyA
LocalFree
LocalAlloc
OutputDebugStringA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
GetExitCodeThread
MultiByteToWideChar
CreateEventA
GetLastError
SetLastError
CreateProcessA
GetModuleFileNameA
CloseHandle
Sleep
DeleteFileA
RemoveDirectoryA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
lstrlenA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTickCount
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
SetStdHandle
InitializeCriticalSection

user32

LoadCursorA
GetSysColorBrush
DestroyMenu
ValidateRect
SetCursor
PostQuitMessage
EndPaint
BeginPaint
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
ReleaseDC
GetDC
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
RegisterWindowMessageA
WinHelpA
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
GetKeyState
SetForegroundWindow
UpdateWindow
GetClientRect
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
PtInRect
GetWindow
MapDialogRect
ShowWindow
GetCapture
GetActiveWindow
SetActiveWindow
GetAsyncKeyState
GetFocus
SetFocus
GetDlgItem
IsWindowEnabled
TranslateMessage
CreateWindowExA
GetSystemMetrics
GetWindowLongA
GetCursorPos
GetSysColor
SetWindowPos
ScreenToClient
GetWindowRect
GetMessageA
wsprintfA
UnregisterClassA
CharUpperA
IsWindow
PostMessageA
GetParent
PeekMessageA
DispatchMessageA
MessageBoxA
PostThreadMessageA
SetWindowLongA
SendMessageA
EnableWindow
SetTimer
IsWindowVisible

gdi32

TextOutA
EnumFontFamiliesExA
PtVisible
DeleteObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
GetObjectA
SetMapMode
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPoint32A
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegCreateKeyA
RegDeleteValueA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
CryptDestroyHash
CryptGetHashParam
CryptHashData
CryptCreateHash
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
CryptReleaseContext
CryptAcquireContextA

comctl32

PropertySheetA
DestroyPropertySheetPage
CreatePropertySheetPageA
ord17
ImageList_Destroy

shlwapi

UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

ws2_32

setsockopt
inet_ntoa
WSAGetLastError
inet_addr
shutdown
send
recv
WSASocketA
closesocket
gethostname
sendto
WSACleanup
recvfrom
WSAStartup
htonl
WSACloseEvent
WSAEventSelect
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
listen
ntohs
getsockname
bind
htons
socket
connect
gethostbyname

ole32

CoCreateGuid
StringFromCLSID
CoTaskMemFree

oleaut32

VariantInit
VariantChangeType
VariantClear
SysFreeString
SysAllocString

wininet

InternetReadFile
HttpQueryInfoA
InternetGetLastResponseInfoA
InternetOpenUrlA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieA

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

CreateVodInstance
CreateVodInstanceByPPSAP
DestroyVodInstance
Disconnect
DllRegisterServer
DllUnregisterServer
EventNotify
GetChannelName
GetChannelOnlineCount
GetHttpURL
GetPlayingURL
GetStatus
GetStreamingType
PlayURL
PlayURLForTest
SetEchoSvr
SetParam
SetParamEx
ShowPropertyDlg
StopFile

Sections

.text
Size: 564KB - Virtual size: 562KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vodres.dll
.dll regsvr32 windows:4 windows x86 arch:x86

42445454e96b350b4dec24d742496c89

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrlenA
GetTickCount
GetDiskFreeSpaceExA
GetDriveTypeA
GetLogicalDriveStringsA
GetPrivateProfileIntA
DeleteFileA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
RemoveDirectoryA
GetExitCodeThread
SetLastError
TerminateThread
WaitForSingleObject
SetEvent
ResetEvent
lstrcpyA
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
CreateThread
GetFileAttributesA
GetModuleFileNameA
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
GetSystemInfo
UnlockFile
WriteFile
LockFile
PostQueuedCompletionStatus
MultiByteToWideChar
Sleep
GetCurrentThreadId
_llseek
HeapAlloc
GetProcessHeap
lstrcpynA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
FlushViewOfFile
GlobalMemoryStatus
OpenEventA
CreateEventA
GetPrivateProfileStringA
QueryPerformanceCounter
GetVersionExA
GetLocalTime
HeapFree
GetLocaleInfoW
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
IsValidCodePage
IsValidLocale
GetModuleHandleA
GetCurrentProcessId
LoadLibraryExW
LoadLibraryExA
LoadLibraryW
LoadLibraryA
lstrcmpiA
GetCurrentProcess
VirtualProtectEx
WriteProcessMemory
VirtualQuery
GetProcAddress
Module32Next
Module32First
CreateToolhelp32Snapshot
ReadFile
CloseHandle
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
RtlUnwind
ExitProcess
RaiseException
GetSystemTimeAsFileTime
ExitThread
TerminateProcess
GetFileType
GetCommandLineA
GetCPInfo
LCMapStringA
LCMapStringW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
GetACP
GetOEMCP
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualProtect
FreeEnvironmentStringsA

user32

GetMessageA
GetParent
PostMessageA
wsprintfA
PostThreadMessageA
IsWindow

advapi32

CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegDeleteKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptReleaseContext

imagehlp

ImageDirectoryEntryToData

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Exports

Exports

CFA
CFW
CH
DllRegisterServer
DllUnregisterServer
GFS
GOR
GetDelayTmCnt
InitialRootDir
OF
RF
RFE
RegMessageRecv
SFP
SFPE
SetQuitFlag
Uninitial
WF
WFE

Sections

.text
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xd.dll
.dll regsvr32 windows:4 windows x86 arch:x86

036c43a1af3b8244071b107c21a5011a

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12/07/2007, 00:00

Not After

11/07/2008, 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GetFileAttributesA
CreateFileA
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
MoveFileA
ReadFile
UnlockFile
WriteFile
LockFile
CreateDirectoryA
RemoveDirectoryA
lstrcmpiA
InitializeCriticalSection
GetFileTime
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetTickCount
GetVersionExA
GetLocalTime
GetSystemTime
FileTimeToSystemTime
GetPrivateProfileIntA
ReleaseMutex
Sleep
GetCurrentProcessId
GetWindowsDirectoryA
CompareStringW
CompareStringA
FlushFileBuffers
SetStdHandle
SuspendThread
OpenMutexA
CreateMutexA
LocalFree
LocalAlloc
OutputDebugStringA
lstrcpyA
lstrlenA
ResetEvent
SetEvent
WaitForSingleObject
TerminateThread
CloseHandle
SetLastError
GetExitCodeThread
FileTimeToLocalFileTime
GetLastError
SetEnvironmentVariableA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
InterlockedExchange
HeapSize
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
RaiseException
RtlUnwind
ExitThread
CreateThread
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapFree
GetCommandLineA
HeapAlloc
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
UnhandledExceptionFilter
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetTimeZoneInformation
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA

user32

MsgWaitForMultipleObjects
PeekMessageA
MessageBoxA
TranslateMessage
DispatchMessageA

advapi32

CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
CryptCreateHash

ws2_32

setsockopt
select
__WSAFDIsSet
shutdown
socket
connect
WSAStartup
htons
bind
closesocket
ioctlsocket
WSACleanup
gethostbyname
inet_addr
send
recv
WSAGetLastError
htonl

Exports

Exports

DllRegisterServer
DllUnregisterServer
FX
GLM
GX

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

89ff9c38f56cbc4f6f5a8ed740aab1f1

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

ws2_32

wininet

version

imagehlp

Exports

Exports

Sections

.text Size: 496KB - Virtual size: 496KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 26KB - Virtual size: 291KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 46KB - Virtual size: 46KB

8d49ea323e6efb7c9906274a39086fad

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0eCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

msvcp60

ws2_32

rasapi32

shlwapi

version

wininet

Exports

Exports

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 44KB - Virtual size: 43KB

.reloc Size: 29KB - Virtual size: 28KB

4d3ffa65ed362b8a091aad83f8b30fbf

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 496KB - Virtual size: 496KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 26KB - Virtual size: 291KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 46KB - Virtual size: 46KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 44KB - Virtual size: 43KB

.reloc
Size: 29KB - Virtual size: 28KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

.text
Size: 239KB - Virtual size: 238KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 36KB - Virtual size: 35KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 8KB - Virtual size: 26KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 944B

.reloc
Size: 3KB - Virtual size: 2KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate