150471d6990312c802a4683731f81870_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

150471d6990312c802a4683731f81870_JaffaCakes118
Size

11.1MB
MD5

150471d6990312c802a4683731f81870
SHA1

6ecedbdb21064a1922f42fbed809ebe1e6124771
SHA256

efeae8bae5769ff1413aec946d3f0c36bd6a24373417e28aaef95b178a7a30d0
SHA512

62cd0ffd15ced8666ba9deb32d633648132300e3ba12d6d802ed7dbe9e100296e656b284785d103d473ef4c57d29f96e2e9d6f1549c2ed4bb87d1cb28a611601
SSDEEP

196608:Eyu41CqWebSR5p1jRzaKqynB6DklT3WA6R1o1Lb4JgXP1L6STUcsN8in3D/lzzxB:L1CqWjp7Wz8VlTmhLoZmq1+STs8in3jB

Score

3^/10

Malware Config

Signatures

Unsigned PE 11 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/AnimGif.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/Internet.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/Timeout.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsplugin.dll
unpack001/$PLUGINSDIR/time.dll
unpack004/360QVM.dll
unpack004/deepscan/heavygate.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

150471d6990312c802a4683731f81870_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:d3:f1:21:fa:3d:7e:9d:eb:78:b4:4d:de:70:bb:01:e5:06:7f:c8
Signer

Actual PE Digest

5c:d3:f1:21:fa:3d:7e:9d:eb:78:b4:4d:de:70:bb:01:e5:06:7f:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AnimGif.dll
.dll windows:4 windows x86 arch:x86

b4b71331b921e2f441a2b05306cd7dae

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileA
ReadFile
lstrcmpiA
SetFilePointer
CloseHandle
TerminateThread
CreateThread
Sleep
lstrcpyA
GlobalFree

user32

ValidateRect
FillRect
InvalidateRgn
GetDC
ReleaseDC
CallWindowProcA
GetSysColor
FindWindowExA
IsWindowVisible
GetClientRect
IsWindow
GetWindowLongA
SetWindowLongA
RedrawWindow
SetRect

gdi32

FillRgn
CreateDIBitmap
CreateCompatibleDC
CreateSolidBrush
GetPixel
DeleteDC
StretchBlt
CreateRectRgn
SetDIBitsToDevice
DeleteObject
SetRectRgn
CombineRgn
SelectObject

msvcrt

strtoul
strchr
??2@YAPAXI@Z
__dllonexit
_onexit
??3@YAXPAX@Z

Exports

Exports

play
stop

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Internet.dll
.dll windows:4 windows x86 arch:x86

04281f88c3d826e409dc7c24629e7efc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
GlobalFree

user32

wsprintfA

wsock32

inet_addr
gethostname
gethostbyname
WSACleanup
WSAStartup

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

Exports

Exports

GetLocalHostIP
GetLocalHostName
GetUrlCode
Ver

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Timeout.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

ExecTimeout

Sections

CODE
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

6bc108eed3ca99f68adee56e9c99fac6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 657B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ad.gif
.gif
$PLUGINSDIR/bg.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsplugin.dll
.dll windows:4 windows x86 arch:x86

214e6840266876a8fd4e8310469c01cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindNextFileA
lstrcmpiA
FindFirstFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetFileAttributesExA
MoveFileExA
DeleteFileA
SuspendThread
Module32NextW
Module32FirstW
FindClose
GetProcAddress
GetModuleHandleA
Thread32Next
Thread32First
Sleep
GlobalFree
lstrcpyA
FreeLibrary
LoadLibraryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetSystemWindowsDirectoryA
OpenProcess
TerminateProcess
GetLongPathNameA
GetCurrentProcess
OpenThread
CloseHandle

user32

FindWindowA
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegCloseKey
RegEnumValueA
RegOpenKeyExA
OpenProcessToken

shlwapi

PathFileExistsA
PathAppendA
PathRemoveFileSpecA
PathRemoveBackslashA
PathCombineA
StrChrA
StrCmpNA

psapi

GetModuleFileNameExA
EnumProcesses
GetModuleBaseNameA
EnumProcessModules

msvcrt

_wcsicmp
fopen
fclose
_vsnprintf
_except_handler3
memset
_mbslwr
_mbscmp
strchr

Exports

Exports

CheckCompSoft
GetCID
KillLeakFixer
KillProcess
RegVer2IniVer
RemoveCompSoft
RemoveCompSoft2

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 421B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sdEng.cab
.7z
360Pack.dll
.dll windows:4 windows x86 arch:x86

35e7d02548001250037df5fb457bbf84

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringByteLen
VariantClear
SysFreeString
SysAllocString

user32

CharUpperW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
wcsncmp
wcsncpy
wcschr
wcstok
qsort
memset
_purecall
fclose
_iob
free
malloc
memcpy
memcmp
memmove
wcslen
__CxxFrameHandler
_CxxThrowException
_errno
_vsnwprintf
wcscpy
strerror
wcscmp
wcsrchr
_snwprintf
swprintf
realloc
swscanf

kernel32

TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
CreateMutexW
GetCurrentProcessId
TlsSetValue
OpenThread
TlsGetValue
FindNextFileW
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
GetFileAttributesW
GetCurrentThreadId
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
CopyFileW
OutputDebugStringW
MoveFileExW
SetLastError
WaitForSingleObject
VirtualFree
VirtualAlloc
GetStdHandle
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetLastError
CreateDirectoryW
DeleteFileW
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
GetTempFileNameW
FindClose
FindFirstFileW
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
SetEndOfFile
CompareFileTime
GetProcAddress
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar

Exports

Exports

CreateObject

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360QBack/BackDsk.dat
.xml
360QBack/BackIE.dat
.xml
360QBack/BackRun.dat
.xml
360QBack/QuickBack.dat
.xml
360Quart.exe
.exe windows:4 windows x86 arch:x86

0abd156d002b3ae14be7ec7dd2654900

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:51:e1:c2:96:f3:e5:f0:ac:38:ab:7b:4f:6f:1b:cf:d3:4e:c3:4f
Signer

Actual PE Digest

ff:51:e1:c2:96:f3:e5:f0:ac:38:ab:7b:4f:6f:1b:cf:d3:4e:c3:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

qtquart

ord2
ord8
ord1
ord4
ord7
ord6
ord5
ord9
ord3

mfc42u

ord5674
ord4128
ord4292
ord5784
ord472
ord5782
ord5732
ord1633
ord5871
ord858
ord1761
ord3605
ord2081
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord3693
ord765
ord616
ord2100
ord2085
ord2072
ord2111
ord2108
ord4118
ord283
ord2372
ord2559
ord809
ord656
ord4279
ord6330
ord4155
ord2281
ord536
ord4282
ord4219
ord6921
ord4273
ord4124
ord5568
ord2910
ord4199
ord537
ord5438
ord665
ord3313
ord5180
ord354
ord1971
ord6381
ord942
ord2606
ord6920
ord5706
ord5679
ord6868
ord2755
ord6867
ord2442
ord927
ord3579
ord543
ord803
ord6303
ord4162
ord521
ord860
ord6918
ord5852
ord539
ord941
ord3701
ord323
ord640
ord682
ord3625
ord4394
ord4197
ord548
ord2813
ord940
ord2756
ord3993
ord6898
ord2810
ord6003
ord1634
ord535
ord5977
ord3281
ord861
ord289
ord613
ord2854
ord2746
ord3288
ord6688
ord4532
ord3991
ord2092
ord6238
ord3296
ord6879
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord1230
ord2144
ord5781
ord3591
ord5860
ord6057
ord5567
ord5575
ord5790
ord6667
ord2859
ord3569
ord2567
ord2406
ord3658
ord3621
ord3566
ord567
ord693
ord609
ord3635
ord3365
ord5286
ord4396
ord1768
ord6051
ord2574
ord3567
ord3397
ord4390
ord2566
ord4238
ord5273
ord6370
ord3792
ord2634
ord6211
ord4294
ord540
ord3092
ord470
ord755
ord2371
ord3087
ord6195
ord324
ord1165
ord1143
ord641
ord3592
ord4419
ord4621
ord3356
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord4704
ord4992
ord4847
ord4370
ord5261
ord4229
ord538
ord1569
ord925
ord800
ord1131
ord2613
ord823
ord2506
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord4166
ord562
ord5778
ord816
ord6193
ord6354
ord795
ord3716
ord804
ord3724
ord3389
ord4400
ord2579
ord3084
ord2572
ord818
ord3737
ord2114
ord556
ord6726
ord2070
ord1088
ord3871
ord2444
ord6871
ord6597
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord3131
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord4269
ord922
ord2291
ord2332
ord2350
ord2293
ord2359
ord2358
ord2362
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord356
ord2762
ord2773
ord4053
ord3173
ord1972
ord668
ord2858
ord2914
ord3614
ord2855
ord5945

msvcrt

_iob
fputc
isalpha
towlower
_wcsnicmp
_CIpow
strtod
fprintf
longjmp
tolower
_wfsopen
atof
wcstod
_snprintf
abort
_wfopen
fopen
__CxxLongjmpUnwind
_setjmp3
fwrite
fseek
ftell
fclose
fread
memchr
__CxxFrameHandler
wcsrchr
wcsncpy
wcslen
wcsncat
isspace
_beginthreadex
_wcsupr
_wcsicmp
wcscmp
_wtoi
strstr
_wstati64
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
_wtoi64
atoi
_vsnwprintf
wcsstr
wcsncmp
isalnum
time
wcschr
_beginthread
malloc
_endthreadex
free
_exit
_XcptFilter
strchr
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_wsplitpath
_purecall
sscanf
_ftol
_wmakepath
ceil
floor
strncmp

kernel32

GetFileAttributesW
GetTimeZoneInformation
CreateProcessW
InterlockedCompareExchange
Sleep
GetModuleHandleW
ReadProcessMemory
ResumeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
GetCurrentProcessId
ProcessIdToSessionId
GetACP
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
GetLongPathNameW
LoadLibraryA
GetLogicalDriveStringsW
QueryDosDeviceW
OpenProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetVersion
GetFileAttributesExW
WaitForMultipleObjects
CopyFileW
ResetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
CreateThread
InterlockedExchange
FreeLibrary
SetFileAttributesW
OutputDebugStringA
CreateFileW
GetFileSize
ReadFile
SetFilePointer
GetDiskFreeSpaceExW
FindFirstFileW
MoveFileExW
FindNextFileW
FindClose
WaitForSingleObject
SetEvent
CreateEventW
InterlockedIncrement
InterlockedDecrement
GetLocalTime
SystemTimeToFileTime
FileTimeToSystemTime
lstrlenW
lstrcmpW
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
WritePrivateProfileStringW
GetCurrentThreadId
CreateMutexW
LoadLibraryW
GetProcAddress
CreateMutexA
GetLastError
CloseHandle
ReleaseMutex
GetModuleFileNameW
GetPrivateProfileStringW
lstrlenA
LocalFree
lstrcpynW
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempFileNameW
GetTempPathW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ExpandEnvironmentStringsW
MulDiv
SetEnvironmentVariableW
SetThreadPriority
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
WriteFile
QueryPerformanceCounter
SetNamedPipeHandleState
CreateFileA
ReadFileEx
WaitForSingleObjectEx
GetStartupInfoW
TerminateThread
GetExitCodeProcess

user32

GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnumWindows
GetWindow
EnumChildWindows
OffsetRect
IsRectEmpty
GetUpdateRgn
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
ScreenToClient
GetCursorPos
SetCursor
LoadCursorW
GetKeyState
SetWindowPos
GetDesktopWindow
ReleaseDC
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
ModifyMenuW
TabbedTextOutW
GrayStringW
DrawIconEx
GetSysColor
SetRectEmpty
GetParent
SetTimer
SetWindowLongW
GetWindowLongW
FillRect
PtInRect
DrawTextW
SetWindowTextW
RedrawWindow
KillTimer
PostMessageW
UpdateWindow
InflateRect
GetDlgCtrlID
CopyRect
IntersectRect
FrameRect
GetDC
CharLowerBuffW
WaitForInputIdle
InvalidateRect
WindowFromPoint
SystemParametersInfoW
IsWindow
GetWindowRect
GetDlgItem
IsZoomed
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetSystemMetrics
DrawIcon
SendMessageW
GetClientRect
EnableWindow
LoadIconW
LoadImageW
FindWindowW
IsIconic
ShowWindow
RegisterWindowMessageW
SetForegroundWindow

gdi32

Escape
GetDeviceCaps
SetDIBits
PtVisible
ExtTextOutW
TextOutW
RectVisible
GetTextMetricsW
SetBkColor
CreateRectRgnIndirect
CreateCompatibleDC
SetStretchBltMode
StretchBlt
GetBkColor
SelectObject
SetBkMode
GetStockObject
SelectClipRgn
CreateRectRgn
CombineRgn
DeleteObject
CreateFontIndirectW
GetObjectW
GetBkMode
CreateBitmap
GetBitmapBits
ExtCreateRegion
SetRectRgn
GetDIBits
SetPixel
StretchDIBits
CreateDIBSection
CreateCompatibleBitmap
GetCurrentObject
BitBlt
DeleteDC
GetTextColor

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW
ord66
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantCopy
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString
SysStringByteLen
VariantInit
VariantClear
CreateErrorInfo
GetErrorInfo
SetErrorInfo
VariantChangeType

shlwapi

PathAppendW
StrCmpW
SHDeleteValueW
PathIsDirectoryW
PathFileExistsW
SHGetValueW
StrCmpNIW
PathAddBackslashW
SHSetValueW
StrCmpIW
StrCmpNW
PathRemoveFileSpecW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

wininet

HttpOpenRequestW
HttpQueryInfoW
InternetCloseHandle
InternetOpenW
InternetConnectW
HttpSendRequestW
InternetCrackUrlW

comctl32

_TrackMouseEvent

olepro32

ord251

msvcp60

??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

msimg32

AlphaBlend
TransparentBlt

Sections

.text
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360ave.def
360nzp.dll
.dll windows:4 windows x86 arch:x86

cccd758235337e2e5320108ff1254bf1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysStringByteLen
VariantClear
SysAllocString

user32

CharUpperW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
wcsncmp
wcsncpy
wcschr
wcstok
qsort
memset
_purecall
fclose
_iob
free
malloc
memcpy
memcmp
memmove
__CxxFrameHandler
_CxxThrowException
_vsnwprintf
wcscpy
strerror
wcscmp
wcsrchr
_snwprintf
swprintf
realloc
swscanf
_errno
wcslen

kernel32

HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
CreateMutexW
GetCurrentProcessId
TlsSetValue
OpenThread
TlsGetValue
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
GetFileAttributesW
GetCurrentThreadId
GetLocalTime
GetFileAttributesExW
GetFileSizeEx
SetFilePointerEx
CopyFileW
OutputDebugStringW
MoveFileExW
SetLastError
WaitForSingleObject
VirtualFree
VirtualAlloc
GetStdHandle
FreeLibrary
LoadLibraryExW
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetLastError
CreateDirectoryW
DeleteFileW
lstrlenW
GetFullPathNameW
GetCurrentDirectoryW
GetTempFileNameW
FindClose
FindFirstFileW
FindNextFileW
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
SetEndOfFile
CompareFileTime
GetProcAddress
SystemTimeToFileTime
GetSystemTime
MultiByteToWideChar

Exports

Exports

CreateNZPObject
DeleteNZPObject

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sd.dat
AVEI.dll
.dll windows:5 windows x86 arch:x86

dec4767491dedbcf3145152c6b5ab511

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
WriteFile
GetStdHandle
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
HeapAlloc
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
lstrcmpA
LoadLibraryW
CloseHandle
CreateFileW
LocalFree
GetSystemTime
FormatMessageW
OutputDebugStringW
CreateFileA
lstrlenA
ReadFile
SetFilePointer
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetProcessHeap
OpenThread
SetEnvironmentVariableW
GetEnvironmentVariableW
SetFilePointerEx
GetFileSizeEx
LocalFileTimeToFileTime
SystemTimeToFileTime
DeviceIoControl
HeapFree
MultiByteToWideChar
GetLastError
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetModuleFileNameW
IsBadReadPtr
FreeEnvironmentStringsA
FreeLibrary
GetModuleHandleA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers

version

VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA

Exports

Exports

CloseScanner
CreateScanner
CreateScannerEx
Scan
ScanMem
ScanW
SetScannerConfig

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AVEngine.dll
.dll windows:5 windows x86 arch:x86

155fb92d7cbe6653e0ecee2f3b019b3a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\building\360project\gve\trunk\bin\release\AVEngine.pdb

Imports

kernel32

GetModuleFileNameA
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
CreateDirectoryA
GetLastError
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileSize
GetFileType
GetFileTime
SetFileTime
CopyFileA
CopyFileW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetTempPathA
GetWindowsDirectoryA
GetTempPathW
GetWindowsDirectoryW
GetFileInformationByHandle
MultiByteToWideChar
WideCharToMultiByte
VirtualAlloc
VirtualProtect
FindResourceW
LoadResource
LockResource
InterlockedDecrement
InterlockedIncrement
SetLastError
LoadLibraryW
InterlockedCompareExchange
Sleep
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
lstrlenA
HeapFree
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
ExitProcess
GetStdHandle
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW

ole32

CLSIDFromString

oleaut32

SysAllocStringByteLen
SysStringLen
VariantChangeType
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear
GetErrorInfo

Exports

Exports

BAPIInitialize
ClearEnviroment
CreateEnviroment
GetClassObject

Sections

.text
Size: 550KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Hookport.sys
.sys windows:5 windows x86 arch:x86

6e0d692ecd60190f19618b42cd7a340a

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\svn\hookport\objfre_w2K_x86\i386\hookport.pdb

Imports

ntoskrnl.exe

ExFreePool
ExAllocatePoolWithTag
KeInitializeSpinLock
ExGetPreviousMode
MmIsAddressValid
strrchr
ZwQuerySystemInformation
RtlInitAnsiString
NtBuildNumber
PsGetVersion
ZwSetEvent
IoFreeMdl
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
_except_handler3
MmUnlockPages
wcsncmp
ZwClose
KeDetachProcess
_wcsnicmp
_stricmp
KeAttachProcess
ObfDereferenceObject
PsLookupProcessByProcessId
ZwDuplicateObject
ZwOpenProcess
ZwQueryObject
MmGetSystemRoutineAddress
RtlInitUnicodeString
IofCompleteRequest
KeUnstackDetachProcess
KeStackAttachProcess
PsSetCreateProcessNotifyRoutine
IoDeleteDevice
IoDeleteSymbolicLink
IoCreateSymbolicLink
IoCreateDevice
InitSafeBootMode
KeTickCount
KeBugCheckEx
RtlImageDirectoryEntryToData
ObReferenceObjectByHandle
InterlockedExchange

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MbrScan.dll
.dll windows:4 windows x86 arch:x86

0edc59317adcc56c55831f28f024302e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
GetCurrentProcess
lstrlenA
WideCharToMultiByte
DeviceIoControl
GetModuleFileNameA
CreateFileA
SetFilePointer
ReadFile
GetLastError
CloseHandle
WriteFile
GetVersionExA
OutputDebugStringA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
TerminateProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedIncrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
LCMapStringA

user32

MessageBoxA

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey

Exports

Exports

??4CPttLnkGkiller@@QAEAAV0@ABV0@@Z
Init
RunKiller

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QuickRule.dll
.dll windows:4 windows x86 arch:x86

afee8733b37742c18e934ebadc501501

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
InterlockedDecrement
lstrlenW
GetModuleFileNameW
InterlockedIncrement
FreeLibrary
GetProcAddress
LoadLibraryW
SetFilePointer
ReadFile
CloseHandle
GetFileSize
CreateFileW
DebugBreak
OutputDebugStringW
lstrlenA
FlushFileBuffers
WriteFile
GetLastError
SetEndOfFile
SystemTimeToFileTime
GetSystemTime

user32

CharNextW
LoadStringW
wvsprintfW

msvcrt

_wcsicmp
wcsrchr
iswdigit
_wtoi
free
_initterm
malloc
_adjust_fdiv
memmove
wcsncpy
_wcslwr
_wcsnicmp
wcschr
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler

msvcp60

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

shlwapi

PathFileExistsW

Exports

Exports

CreateObject

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDPlugin/Sola.dll
.dll windows:4 windows x86 arch:x86

9d649dcda37df66793b9939d588d5968

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
ReadFile
CreateFileW
GetDriveTypeW
ExpandEnvironmentStringsW
MoveFileExW
GetFileSize
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
CloseHandle
SetFileAttributesW
DeleteFileW
GetTickCount

advapi32

RegEnumKeyA
RegCloseKey
RegOpenKeyExA

msvcrt

??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
wcslen
_wsplitpath
_vsnwprintf
free
_initterm
malloc
_adjust_fdiv

shlwapi

PathCombineW
StrCmpNIW
StrCmpIW
PathFindExtensionW
PathFileExistsW
StrStrW
StrCmpNA
PathAppendW
SHDeleteKeyA
StrStrIA
SHGetValueA

Exports

Exports

QueryInterface

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UpTip.dat
UpTip.exe
.exe windows:4 windows x86 arch:x86

77feb7fb3038babe1a442f11043b5eaa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetLastError
CreateMutexA
InitializeCriticalSection
HeapDestroy
ReleaseMutex
FlushInstructionCache
GetCurrentProcess
GetStartupInfoW
GetModuleHandleW
GetModuleFileNameA
GetPrivateProfileStringA
GetModuleFileNameW
LeaveCriticalSection
GetPrivateProfileStringW
GetTempPathW
CopyFileW
GetCurrentThreadId
EnterCriticalSection
DeleteCriticalSection

user32

GetDlgItem
SetWindowPos
IsDialogMessageW
SendMessageW
GetDlgCtrlID
GetClassNameW
SetWindowTextW
MapWindowPoints
GetWindow
LoadImageW
SetWindowLongW
GetWindowLongW
PostQuitMessage
DestroyWindow
GetClientRect
ChildWindowFromPoint
ScreenToClient
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
DefWindowProcW
CreateDialogParamW
ShowWindow
GetWindowRect
SystemParametersInfoW
GetParent
PostMessageW

gdi32

SelectObject
CreateCompatibleDC
GetStockObject
BitBlt
DeleteDC
SetBkMode
GetObjectW

shell32

ShellExecuteW

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

ole32

CoInitialize
CoUninitialize

comctl32

InitCommonControlsEx

shlwapi

PathAppendA
StrCmpIW
PathAppendW

msvcrt

_stricmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
memmove
??2@YAPAXI@Z
strncpy
??3@YAXPAX@Z
free
_vsnprintf
wcsstr
wcsncpy
wcsncat
wcslen
wcsrchr
realloc

wininet

InternetReadFile
HttpQueryInfoW
InternetOpenUrlA
InternetOpenW
InternetCloseHandle

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 492KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
arfp.db
deepscan/360MalwareSection.dll
.dll windows:4 windows x86 arch:x86

9f3aa70b40b6fbb0a8c2e5f1729bdece

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetLocalTime
LoadLibraryW
CopyFileW
GetSystemTimeAsFileTime
lstrcpynW
GetCurrentThreadId
SetFilePointer
GetCurrentProcessId
GetTempPathW
WideCharToMultiByte
FreeLibrary
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LocalFree
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrlenA
lstrlenW
MultiByteToWideChar
GetFileAttributesW
WriteFile
lstrcpynA
GetProcAddress
GetFileSize
ReadFile
CreateFileW
CreateMutexW
GetLastError
GetLongPathNameW
MoveFileExW
FindNextFileW
ResetEvent
FindClose
FindFirstFileW
CreateFileA
DeviceIoControl
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
GetACP
OutputDebugStringW
FormatMessageW
GetSystemTime
LocalAlloc
lstrcmpA
GetFileType
WaitForMultipleObjects
SetEvent
UnlockFileEx
LockFileEx
GetFileAttributesExW
FlushFileBuffers
SystemTimeToFileTime
WaitForSingleObject
ReleaseMutex
CloseHandle
InterlockedIncrement
CreateEventW
SetFileAttributesW
DeleteFileW
InterlockedCompareExchange
Sleep
InterlockedDecrement

user32

wsprintfA

advapi32

SetEntriesInAclW
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
FreeSid
ConvertStringSidToSidW
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyExW
RegQueryValueExA
SetSecurityDescriptorDacl

shell32

SHGetFileInfoW
SHGetSpecialFolderPathW
ord165

shlwapi

PathFindFileNameW
PathRemoveFileSpecW
PathCanonicalizeW
StrStrIW
SHGetValueW
PathAddBackslashW
PathFileExistsW
PathRemoveBackslashW
SHDeleteValueW
PathIsDirectoryW
StrCmpNIW
PathAppendW

msvcrt

_initterm
_adjust_fdiv
_onexit
?terminate@@YAXXZ
__dllonexit
wcscat
tolower
swscanf
memchr
qsort
strncpy
wcschr
_snwprintf
wcsrchr
strerror
wcscpy
wcstok
_errno
wcsncpy
wcscmp
_purecall
wcsncmp
time
_CxxThrowException
swprintf
_vsnprintf
_vsnwprintf
realloc
atoi
memmove
malloc
_wcslwr
??2@YAPAXI@Z
_except_handler3
_atoi64
wcslen
__CxxFrameHandler
free
??1type_info@@UAE@XZ

crypt32

CertGetNameStringW
CryptMsgClose
CertGetCertificateContextProperty
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

version

VerQueryValueW
GetFileVersionInfoSizeW

netapi32

Netbios

wininet

HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetStatusCallbackA
InternetWriteFile
InternetSetOptionA
InternetCloseHandle
InternetCrackUrlW
InternetOpenA
InternetConnectA
HttpOpenRequestA

winmm

timeGetTime

Exports

Exports

Section_Close
Section_DefRestoreCallback
Section_DeleteBatchInfo
Section_DeleteRecord
Section_DeleteRecords
Section_DropAll
Section_Duplicate
Section_GetMaxSize
Section_GetModifyId
Section_GetNextRecord
Section_GetNextRecords
Section_GetPrevRecord
Section_GetRecord
Section_GetRecordByIndex
Section_GetRecordCount
Section_GetTotalFileSize
Section_InitQH360Log
Section_Insert
Section_Open
Section_PreExitDll
Section_Restore
Section_SetMaxSize

Sections

.text
Size: 180KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.360MalW
Size: 4KB - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/360upk.dll
.dll windows:5 windows x86 arch:x86

2ce836a986ba8d86a2b4374a5875ae5e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\2wxy\uppack2\360upk\Release\360upk.pdb

Imports

kernel32

GetModuleFileNameA
GetProcAddress
LoadLibraryA
IsBadReadPtr
FreeLibrary
GetLastError
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateFileA
CreateFileW
CloseHandle
ReadFile
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetFileSize
GetFileType
GetFileTime
SetFileTime
CopyFileA
CopyFileW
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
GetFileAttributesA
GetFileAttributesW
SetFileAttributesA
SetFileAttributesW
GetWindowsDirectoryA
GetTempPathA
GetWindowsDirectoryW
GetTempPathW
GetFileInformationByHandle
MultiByteToWideChar
WideCharToMultiByte
VirtualProtect
VirtualAlloc
VirtualFree
SetLastError
Sleep
InterlockedCompareExchange
HeapAlloc
HeapFree
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Exports

Exports

BeginQueryPEID
ClearEnviroment
CreateEnviroment
EndQueryPEID
GetClassObject
QueryPEIDA
QueryPEIDW

Sections

.text
Size: 419KB - Virtual size: 418KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/360verify.dll
.dll windows:4 windows x86 arch:x86

ce928fde4597fcf5a0df8d3d7203f05e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
lstrcmpiA
GetLastError
LocalFree
LocalAlloc
CreateFileW
FreeLibrary
FindResourceExA
LoadLibraryExA
lstrlenW
WideCharToMultiByte
CreateFileA
CloseHandle
DeviceIoControl
GetSystemTimeAsFileTime
lstrlenA
GetFileSize
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
IsBadCodePtr
SetUnhandledExceptionFilter
GetCPInfo
ReadFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

SHSetValueA
SHGetValueA

netapi32

Netbios

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

crypt32

CertGetNameStringA

Exports

Exports

CheckFileTrustA
CheckFileTrustExA
CheckFileTrustExW
CheckFileTrustW
GetCIDA
GetCIDW
Validate360ResourceSignA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/BAPI.dll
.dll regsvr32 windows:5 windows x86 arch:x86

3c4348cd4fe041ba2fbe4804092e8dd9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\build\BAPIx64\Dll\Release\BAPI.pdb

Imports

kernel32

WaitForSingleObject
GetTickCount
TerminateThread
ExitThread
ReleaseMutex
CreateThread
FreeLibrary
MoveFileExW
LoadLibraryW
CopyFileW
GetVersionExW
GetFileAttributesW
GetModuleHandleA
DeleteFileW
SetFileAttributesW
GetCurrentProcess
VirtualFreeEx
VirtualAllocEx
UnlockFile
LockFile
GetCurrentThread
OpenProcess
LocalFree
GetFileSize
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetShortPathNameW
GetLongPathNameW
GetCurrentDirectoryW
GetLastError
MultiByteToWideChar
GetModuleFileNameW
IsDBCSLeadByte
WideCharToMultiByte
GetSystemDirectoryW
GetSystemWindowsDirectoryW
SetErrorMode
GetEnvironmentVariableW
GetFullPathNameW
GetWindowsDirectoryW
CloseHandle
TlsAlloc
GetProcAddress
SetLastError
CreateFileW
TlsSetValue
InitializeCriticalSection
GetProcessHeap
GetModuleHandleW
TlsGetValue
DefineDosDeviceW
CreateMutexW
FlushFileBuffers
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
RaiseException
InterlockedDecrement
InterlockedIncrement
TlsFree
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
HeapReAlloc
VirtualAlloc
DeleteCriticalSection
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree

advapi32

BuildExplicitAccessWithNameW
RevertToSelf
SetEntriesInAclW
GetNamedSecurityInfoW
ImpersonateLoggedOnUser
LookupPrivilegeValueW
SetNamedSecurityInfoW
LookupAccountNameW
AccessCheck
GetExplicitEntriesFromAclW
DeleteAce
GetUserNameW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
StartServiceW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
AdjustTokenPrivileges

oleaut32

SysFreeString
SysAllocString

ntdll

RtlInitString
_wcsicmp
RtlCompareString
RtlFreeAnsiString
wcsrchr
RtlNtStatusToDosError
RtlDosPathNameToNtPathName_U
wcsncmp
wcschr
RtlCompareMemory
RtlLeaveCriticalSection
RtlAllocateHeap
RtlAppendUnicodeStringToString
RtlPrefixUnicodeString
RtlOemStringToUnicodeString
RtlFreeUnicodeString
NtWaitForSingleObject
RtlEqualUnicodeString
RtlUnicodeStringToOemString
RtlUnicodeStringToAnsiString
RtlInitAnsiString
NtFsControlFile
RtlInitUnicodeString
RtlFreeHeap
NtDeviceIoControlFile
RtlAnsiStringToUnicodeString
RtlEnterCriticalSection
memmove
RtlIsDosDeviceName_U
RtlCopyUnicodeString
RtlInitializeCriticalSection
wcsncpy
RtlDeleteCriticalSection
_wcsnicmp

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shlwapi

PathIsRootW
SHDeleteKeyW
PathFileExistsW
StrRChrW
StrCmpIW
PathFindExtensionW
PathAppendW

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

netapi32

NetShareGetInfo

Exports

Exports

BRegCloseKey
BRegCreateKey
BRegCreateKeyEx
BRegCreateKeyExW
BRegCreateKeyW
BRegDeleteKey
BRegDeleteKeyEx
BRegDeleteKeyExW
BRegDeleteKeyW
BRegDeleteValue
BRegDeleteValueW
BRegEnumKey
BRegEnumKeyEx
BRegEnumKeyExW
BRegEnumKeyW
BRegEnumValue
BRegEnumValueW
BRegOpenKey
BRegOpenKeyEx
BRegOpenKeyExW
BRegOpenKeyW
BRegQueryValueEx
BRegQueryValueExW
BRegSetValueEx
BRegSetValueExW
BfsSetFileApisToANSI
BfsSetFileApisToOEM
DllRegisterServer
DsFileUnlock
DsGetFileLockType
DsSetTargetAccess
FSCloseHandle
FSCopyFile
FSCopyFileW
FSCreateFile
FSCreateFileW
FSDeleteFile
FSDeleteFileW
FSFindClose
FSFindFirstFile
FSFindFirstFileW
FSFindNextFile
FSFindNextFileW
FSGetFileAttributes
FSGetFileAttributesEx
FSGetFileAttributesExW
FSGetFileAttributesW
FSGetFileSize
FSGetFileSizeEx
FSGetLongPathName
FSGetLongPathNameW
FSGetShortPathName
FSGetShortPathNameW
FSMoveFileA
FSMoveFileExA
FSMoveFileExW
FSMoveFileW
FSPathFileExists
FSPathFileExistsW
FSPathIsDirectory
FSPathIsDirectoryW
FSReadFile
FSRemoveDirectory
FSRemoveDirectoryW
FSSearchPath
FSSearchPathW
FSSetFileAttributes
FSSetFileAttributesW
FSSetFilePointer
FSSetFilePointerEx
FSUnlockAll
FSWriteFile
FsForceKill
FsSearchPathExW
InitEngine
InitRegEngine
Install
IsConnect
JudgeVersion
SetDllBase
SetupInstall
UninitEngine
UninitRegEngine
Uninstall

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/BAPIDRV.sys
.sys windows:5 windows x86 arch:x86

051ba75e0ce44bfe373254bbd9b35b24

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58
Signer

Actual PE Digest

18:b3:08:3b:c9:aa:b7:13:71:41:f7:dd:b5:d9:89:bc:16:11:8f:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\build\bapidrv\driver\objfre_wxp_x86\i386\BAPIDRV.pdb

Imports

ntoskrnl.exe

IoCreateFile
RtlCopyUnicodeString
ZwUnmapViewOfSection
_except_handler3
_stricmp
MmGetSystemRoutineAddress
RtlInitUnicodeString
ExInitializeResourceLite
DbgPrint
IoFreeMdl
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
IoAllocateMdl
RtlAnsiStringToUnicodeString
RtlInitAnsiString
IofCallDriver
ObfDereferenceObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
IofCompleteRequest
SeReleaseSubjectContext
SeTokenIsAdmin
SeCaptureSubjectContext
RtlFreeUnicodeString
IoDeleteDevice
KeWaitForSingleObject
ProbeForWrite
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoFileObjectType
IoGetAttachedDevice
IoFreeIrp
KeSetEvent
KeGetCurrentThread
IoAllocateIrp
IoGetBaseFileSystemDeviceObject
RtlCompareUnicodeString
MmIsAddressValid
ZwQuerySystemInformation
ObQueryNameString
ZwSetInformationObject
NtClose
ZwWaitForSingleObject
PsCreateSystemThread
KeUnstackDetachProcess
KeStackAttachProcess
PsLookupProcessByProcessId
RtlEqualUnicodeString
ZwDuplicateObject
PsGetCurrentProcessId
ZwOpenProcess
ExGetPreviousMode
IoGetCurrentProcess
PsProcessType
ZwOpenKey
MmSystemRangeStart
PsGetVersion
IoCreateSymbolicLink
ZwCreateSection
strrchr
RtlImageDirectoryEntryToData
ZwEnumerateValueKey
ZwEnumerateKey
ZwDeleteValueKey
ZwDeleteKey
ZwQueryValueKey
ZwSetValueKey
ZwCreateKey
ObOpenObjectByName
MmUserProbeAddress
ExAllocatePoolWithQuotaTag
strncpy
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
SeDeleteObjectAuditAlarm
_strnicmp
PsGetCurrentThreadId
ZwFlushKey
KeEnterCriticalRegion
KeLeaveCriticalRegion
ObReferenceObjectByName
IoDriverObjectType
ZwQueryDirectoryObject
ZwOpenDirectoryObject
ObfReferenceObject
ZwCreateFile
KeTickCount
KeBugCheckEx
NtBuildNumber
IoCheckEaBufferValidity
SePrivilegeCheck
SeExports
SeAppendPrivileges
memmove
KeDelayExecutionThread
IoQueryFileInformation
IoCancelIrp
KeReadStateEvent
IoEnqueueIrp
KeClearEvent
ExRaiseStatus
ExEventObjectType
RtlVolumeDeviceToDosName
ObCreateObject
SeSetAccessStateGenericMapping
RtlMapGenericMask
SeCaptureSecurityDescriptor
ObOpenObjectByPointer
ZwOpenSymbolicLinkObject
ObReferenceObjectByPointer
IoDeviceObjectType
SeDeleteAccessState
ObInsertObject
SeCreateAccessState
ExQueueWorkItem
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
ZwClose
ZwMapViewOfSection
ExFreePoolWithTag
ExAllocatePoolWithTag
IoCreateDevice
ProbeForRead

hal

KfRaiseIrql
KfLowerIrql
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/CQhCltHttpW.dll
.dll windows:4 windows x86 arch:x86

886770578fd13c1cb53e532d6d513b86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
GetModuleFileNameW
LoadLibraryW
GetProcAddress
SetLastError
FreeLibrary
Sleep
InterlockedCompareExchange
FindClose
DeviceIoControl
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetEnvironmentVariableW
TlsAlloc
SetEnvironmentVariableW
TlsFree
CreateMutexW
OutputDebugStringW
FormatMessageW
LocalFree
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
lstrcmpA
CreateFileA
GetFileType
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
ReleaseMutex
CreateMutexA
GetCurrentProcess
GetModuleHandleA
GlobalAlloc
GlobalFree
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetVersionExA
LocalFileTimeToFileTime
FileTimeToSystemTime
lstrcpynA
FindFirstFileW
GetFileSize
SystemTimeToFileTime
GetSystemTime
CompareFileTime
IsBadWritePtr
GetTickCount
GetACP
IsBadReadPtr
GetFileAttributesW
RemoveDirectoryW
CopyFileW
SetEvent
WaitForMultipleObjects
ResetEvent
WaitForSingleObject
lstrlenW
CreateEventW
GetVersionExW
GetModuleHandleW
WideCharToMultiByte
CloseHandle
WriteFile
CreateFileW
MultiByteToWideChar
lstrlenA
MoveFileExW
DeleteFileW
GetFileAttributesExW
ReadFile

shlwapi

StrChrIA
PathIsDirectoryW
StrStrA
PathAppendW
PathFileExistsW
StrStrIA

msvcrt

_strnicmp
_itoa
_strdup
malloc
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
_onexit
__dllonexit
tolower
swscanf
_wcslwr
memchr
qsort
swprintf
wcschr
_snwprintf
wcstok
_CxxThrowException
wcsncmp
fputc
fwrite
_fdopen
fprintf
ftell
wcscpy
wcscat
wcscmp
bsearch
_purecall
_ismbcdigit
sprintf
_iob
clock
isalpha
isdigit
ldiv
strerror
_errno
strchr
_stricmp
memmove
_ftol
_vsnprintf
_except_handler3
islower
strtok
strrchr
atoi
memset
time
srand
rand
wcsrchr
realloc
wcsncpy
isspace
toupper
isxdigit
wcslen
_vsnwprintf
??2@YAPAXI@Z
__CxxFrameHandler
strncpy
fopen
fclose
fread
free

winmm

timeGetTime

iphlpapi

GetNetworkParams

user32

GetDesktopWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegEnumKeyExW
RegCloseKey

version

GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetSetOptionA
InternetCrackUrlW
InternetCloseHandle
InternetQueryOptionW
InternetErrorDlg
InternetSetStatusCallbackA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
HttpEndRequestA
InternetWriteFile
InternetReadFileExA
HttpQueryInfoA
InternetConnectA
InternetOpenA

ws2_32

ntohl
getpeername
WSAStartup
inet_ntoa
WSACleanup

Exports

Exports

cancel_cqhclthttp_req
close_cqhclthttp_object
cqhclthttp_GetErrorMsg
cqhclthttp_GetErrorNo
cqhclthttp_GetOpt
cqhclthttp_GetToBuffer
cqhclthttp_GetToBuffer2
cqhclthttp_GetToFile
cqhclthttp_GetToFile2
cqhclthttp_IsNoContentLen
cqhclthttp_PostToBuffer
cqhclthttp_PostToBuffer2
cqhclthttp_PostToFile
cqhclthttp_PostToFile2
cqhclthttp_SetOpt
cqhclthttp_get_head_info
cqhclthttp_set_head_info
cqhclthttp_set_limit_byte
cqhclthttp_uploadlog
cqhctlhttp_GetCurrentMode
cqhctlhttp_GetIP
create_cqhclthttp_object
is_support_afd
set_cqhclthttp_mode
set_retry_count

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/CloudEngine.dll
.dll windows:4 windows x86 arch:x86

77dda875bd7e5d90aad0a8fb74d640ea

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

StrRChrW
SHGetValueW
PathRemoveFileSpecW
PathAppendW
StrStrIW
SHSetValueW
PathFindFileNameW
StrChrW
StrStrW
PathIsDirectoryW
SHDeleteValueW
StrCmpIW
StrCmpW
PathCombineW
SHDeleteKeyW
PathFileExistsW

wininet

InternetCrackUrlW
InternetGetConnectedState
InternetSetOptionA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallbackA

iphlpapi

GetAdaptersInfo

mfc42u

ord800
ord2546
ord4480
ord6371
ord4269
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord1165
ord5285
ord5710
ord2977
ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord6466
ord5929
ord3805
ord920
ord837
ord832
ord3753
ord3403
ord3222
ord3049
ord3420
ord3875
ord2910
ord537
ord5706
ord927
ord922
ord940
ord3820
ord3074
ord4075
ord4616
ord6640
ord2755
ord4272
ord6868
ord4197
ord4418
ord3733
ord815
ord538
ord561
ord861
ord3948
ord2717
ord535
ord2810
ord858
ord823
ord2756
ord540
ord4124
ord2606
ord942
ord539
ord6279
ord6278
ord1115
ord1173
ord1568
ord269
ord826
ord600
ord1571
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord2504

msvcrt

_errno
wcstok
wcscpy
strerror
_snwprintf
swprintf
realloc
_vsnprintf
exit
wcsncat
?terminate@@YAXXZ
__CxxFrameHandler
_vsnwprintf
wcsncpy
_purecall
_wcsicmp
_wtoi
wcscmp
wcslen
free
malloc
wcsncmp
wcschr
wcsrchr
_ftol
_i64toa
fwrite
fclose
fread
fseek
_wfopen
swscanf
time
_except_handler3
_CxxThrowException
__dllonexit
_onexit
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ

kernel32

WaitForMultipleObjects
GetFileAttributesW
UnlockFileEx
LockFileEx
FindFirstFileW
FindNextFileW
FindClose
MoveFileExW
FlushFileBuffers
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
GetSystemTimeAsFileTime
CreateFileA
GetCurrentThreadId
OutputDebugStringW
MultiByteToWideChar
FormatMessageW
GetSystemTime
WideCharToMultiByte
LocalAlloc
LocalFree
lstrlenW
SetFilePointer
ReadFile
GetWindowsDirectoryW
WriteFile
CreateThread
ResumeThread
GetShortPathNameW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetLongPathNameW
CreateFileW
DeviceIoControl
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
GetFileAttributesExW
DeleteFileW
CreateDirectoryW
SystemTimeToFileTime
CreateMutexW
GetDriveTypeW
GetFullPathNameW
GetTickCount
InterlockedCompareExchange
Sleep
GetExitCodeProcess
TerminateProcess
CreateProcessW
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetModuleHandleW
GetCurrentProcess
SetLastError
GetVersionExW
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
CreateEventW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW

user32

MessageBoxW
FindWindowW
LoadStringW
SendMessageTimeoutW
GetActiveWindow

advapi32

RegCloseKey
RegOpenKeyW
RegEnumKeyW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantCopy

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSAStartup
WSACleanup
gethostbyname

netapi32

Netbios

winmm

timeGetTime

Exports

Exports

Create360SafeEngine
CreateCloudEngine
CreateCloudEngineLocker
CreateFileReportLog
CreatePluginFactory
CreateQuarantine
CreateTrustZone
ForceMerge360Log

Sections

.text
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/DSFScan.dll
.dll windows:4 windows x86 arch:x86

d467967a89dd697bc0662c5ed3daaab0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFileAttributesW
GetFileAttributesExW
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleW
GetCurrentProcess
GetWindowsDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetExitCodeProcess
CreateProcessW
HeapAlloc
GetProcessHeap
HeapFree
CreateDirectoryW
ResumeThread
GetCurrentThread
VirtualQuery
GetCurrentThreadId
VirtualProtect
FlushInstructionCache
CopyFileW
SetThreadContext
SuspendThread
VirtualAlloc
GetModuleHandleA
InterlockedExchange
CreateEventW
WaitForMultipleObjects
WriteFile
GetSystemDirectoryW
GetVersionExW
GetEnvironmentVariableW
FindFirstFileW
LoadLibraryW
OutputDebugStringW
DebugBreak
GetSystemWindowsDirectoryW
DeleteFileW
GetProcAddress
FreeLibrary
CreateThread
WaitForSingleObject
GetExitCodeThread
TerminateThread
lstrlenA
MultiByteToWideChar
Sleep
InterlockedCompareExchange
FindClose
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
SetLastError
ReleaseMutex
CreateMutexW
GetACP
FormatMessageW
GetSystemTime
LocalFree
lstrcmpA
GetFileType
TlsFree
SetEnvironmentVariableW
TlsAlloc
GetCurrentProcessId
InterlockedIncrement
lstrlenW
GetModuleFileNameW
GetThreadContext
InterlockedDecrement
GlobalAlloc
GlobalFree
CreateMutexA
IsBadReadPtr
GetVersionExA
TlsSetValue
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
OpenThread
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
SystemTimeToFileTime

user32

LoadStringW
CharUpperW
wvsprintfW
CharLowerW
CharNextW

advapi32

RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumKeyExW
RegEnumValueA
RegEnumValueW
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegSetValueExW
RegFlushKey
RegCreateKeyA
RegCreateKeyW
RegOpenKeyA
RegQueryValueA
RegQueryValueW
RegSetValueW
RegSetValueA
RegDeleteValueW
RegEnumKeyW
RegOpenKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CLSIDFromString
CoTaskMemFree
CoUninitialize

oleaut32

SysAllocString
SysFreeString

ws2_32

WSACleanup
gethostbyname
WSAStartup
htons

shlwapi

PathFileExistsW
PathIsDirectoryW
StrStrIA
StrStrIW
StrStrW
StrChrW
SHGetValueW
PathCombineW
StrCmpIW
PathAppendW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

isxdigit
free
strncpy
wcsrchr
srand
time
rand
_wcsicmp
wcsstr
iswdigit
_wtoi
_wcslwr
_vsnwprintf
wcscmp
_except_handler3
_CxxThrowException
wcsncmp
_purecall
_errno
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
wcschr
swprintf
realloc
qsort
memchr
swscanf
tolower
wcscat
_vsnprintf
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
isspace
malloc
??2@YAPAXI@Z
iswspace
memmove
wcslen
__CxxFrameHandler
_stricmp
strchr
clock
_ftol
atoi
_ismbcdigit
islower
isdigit
sprintf
ldiv
isalpha
_iob
bsearch

setupapi

SetupGetFieldCount
SetupFindNextMatchLineW
SetupOpenFileQueue
SetupCloseFileQueue
SetupFindNextLine
SetupOpenInfFileW
SetupCloseInfFile
SetupFindFirstLineW
SetupGetStringFieldW
SetupGetIntField

iphlpapi

GetNetworkParams

Exports

Exports

DSFCreate
DSFCreateNetEnvObj
DSFDestory
DSFDestoryNetEnvObj
DSFNetEnvCancel
DSFNetEnvCheck
DSFNetEnvIsExistBlackNDIS
DSFNetEnvRmBlackNDIS
DSFRedirect
DSFStartScan
DSFStopScan
FixImageAndHostDeep

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/DsSysRepair.dll
.dll windows:5 windows x86 arch:x86

6119f58855a457c3053668813bc117c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\build\SysRepair\Release\DsSysRepair.pdb

Imports

kernel32

ResetEvent
LocalAlloc
GetFileType
SetFilePointer
ReadFile
DeleteFileW
GetSystemDirectoryW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
LCMapStringA
GetModuleHandleA
LCMapStringW
GetModuleFileNameA
ExpandEnvironmentStringsW
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
SearchPathW
GetFileSize
lstrlenA
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
WaitForSingleObject
RaiseException
GetModuleHandleW
LocalFree
GetCurrentProcess
GetLongPathNameW
MoveFileW
CloseHandle
GetFileAttributesW
SetFileAttributesW
WriteFile
CreateFileW
MultiByteToWideChar
lstrlenW
GetProcessHeap
HeapAlloc
HeapFree
GetLastError
WideCharToMultiByte
CreateDirectoryW
SetLastError
GetVersionExW
InterlockedCompareExchange
Sleep
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetCommandLineA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
WaitForMultipleObjects
FlushFileBuffers
CreateEventW
MoveFileExW
FindNextFileW
SetEvent
FindFirstFileW
FindClose
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
SystemTimeToFileTime
LocalFileTimeToFileTime
DeviceIoControl
InitializeCriticalSectionAndSpinCount
UnlockFileEx
LockFileEx
GetACP
lstrcmpA
OutputDebugStringW
FormatMessageW
GetSystemTime
CreateFileA
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
LoadLibraryA
HeapSize
HeapReAlloc
HeapDestroy
GetFileSizeEx
ReleaseMutex
GetCurrentProcessId
CreateMutexW
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
TlsAlloc
OpenThread
TlsSetValue
TlsGetValue
FreeLibrary
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetStdHandle
SetFilePointerEx

user32

GetActiveWindow
MessageBoxW
FindWindowW
PostMessageW
UnregisterClassA

advapi32

RegDeleteKeyW
RegEnumKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
RegQueryValueExW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
CopySid
GetUserNameW
GetNamedSecurityInfoW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
DeleteAce
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExA
RegOpenKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
SetNamedSecurityInfoW
GetTokenInformation
GetLengthSid

shell32

SHGetSpecialFolderPathW
SHGetSettings
ShellExecuteW

ole32

CreateStreamOnHGlobal
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocStringByteLen
SysStringLen
SysAllocString
SysAllocStringLen
VariantChangeType
VariantClear
VariantInit
SysFreeString
SysStringByteLen

shlwapi

SHGetValueW
PathIsDirectoryW
PathAppendW
PathFileExistsW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetGetDCName
NetApiBufferFree
Netbios

crypt32

CertOpenStore
CryptMsgOpenToDecode
CertGetCertificateContextProperty
CertCloseStore
CryptMsgClose
CertGetNameStringW
CryptMsgUpdate

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

wininet

InternetConnectA
InternetWriteFile
InternetOpenA
HttpOpenRequestA
HttpSendRequestExA
InternetSetOptionA
InternetCloseHandle
InternetCrackUrlW
HttpAddRequestHeadersA
InternetSetStatusCallbackA

winmm

timeGetTime

Exports

Exports

CreateExaminPlugin
DsCreateObject

Sections

.text
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/Qshield.dat
deepscan/deepscan.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a9fe8e03b831450168f857c64b7ef119

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExpandEnvironmentStringsA
MoveFileExW
GetFullPathNameW
TerminateProcess
OpenProcess
HeapFree
HeapAlloc
GetProcessHeap
GetACP
GetExitCodeThread
ResumeThread
CreateThread
FormatMessageW
GetExitCodeProcess
CreateProcessW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
IsDBCSLeadByte
LoadLibraryExW
GetFileSizeEx
LockResource
SizeofResource
LoadResource
FindResourceW
GetCurrentProcessId
WritePrivateProfileSectionW
GetDriveTypeW
TerminateThread
GetTickCount
GetLogicalDrives
SetErrorMode
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
GetSystemInfo
Thread32Next
OpenThread
Thread32First
GetCurrentThread
CreatePipe
GetCurrentThreadId
VirtualProtect
FlushInstructionCache
GetThreadContext
SetThreadContext
SuspendThread
VirtualAlloc
ResetEvent
CreateProcessA
WaitForSingleObject
lstrcpyW
WideCharToMultiByte
CreateDirectoryW
WriteFile
FindNextFileW
RemoveDirectoryW
LoadLibraryW
GetLongPathNameW
SearchPathW
LocalFree
GetCurrentProcess
GetFileAttributesExW
FindFirstFileW
FindClose
ExpandEnvironmentStringsW
MultiByteToWideChar
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
QueryDosDeviceW
GetWindowsDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetFileAttributesW
SetFileAttributesW
CopyFileW
DeleteFileW
GetPrivateProfileIntW
GetVersionExW
GetSystemDefaultUILanguage
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
DebugBreak
LocalAlloc
OutputDebugStringW
GetPrivateProfileSectionW
GetSystemWindowsDirectoryW
InterlockedIncrement
Sleep
InterlockedCompareExchange
InterlockedDecrement
GetProcAddress
GetModuleFileNameW
CreateFileA
GetSystemTimeAsFileTime
DeviceIoControl
LocalFileTimeToFileTime
SetFilePointerEx
TlsGetValue
TlsSetValue
TlsAlloc
SetEnvironmentVariableW
TlsFree
GetSystemTime
ReleaseMutex
CreateMutexW
lstrcmpA
GetFileType
WaitForMultipleObjects
SetEvent
UnlockFileEx
LockFileEx
FlushFileBuffers
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateEventW
lstrlenW
FreeLibrary
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
VirtualQuery
SetLastError

user32

LoadStringW
CharNextW
CharLowerW
wvsprintfW
CharUpperW

winspool.drv

GetPrintProcessorDirectoryW
GetPrinterDriverDirectoryW

advapi32

RegQueryValueA
AllocateAndInitializeSid
SetEntriesInAclW
RegOpenKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ControlService
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
EnumServicesStatusExW
GetTokenInformation
LookupAccountSidW
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegQueryValueExA
RegSetValueExA
RegFlushKey
RegCreateKeyA
RegOpenKeyA
FreeSid
RegQueryValueW
RegSetValueW
RegSetValueA
RegDeleteValueW
RegCreateKeyExW
EnumServicesStatusW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyW
RegDeleteKeyW
RegCreateKeyW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus

shell32

SHGetDesktopFolder
ord190
SHGetFileInfoW
ord25
SHGetSpecialFolderPathW
ord155
SHGetFolderPathW
SHFileOperationW
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
CommandLineToArgvW
ord18

ole32

CoInitializeSecurity
IIDFromString
CoSetProxyBlanket
CLSIDFromProgID
CreateStreamOnHGlobal
OleRun
StringFromGUID2
CLSIDFromString
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SysAllocString
SysFreeString
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
VariantClear
VariantInit
VariantCopy
VariantChangeType

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

shlwapi

PathCombineA
PathRemoveFileSpecA
StrCpyNW
PathFindExtensionW
StrRChrW
StrCmpIW
StrStrIW
PathAppendW
StrRetToBufW
PathMatchSpecW
SHGetValueW
PathRemoveFileSpecW
StrToIntW
PathFindFileNameW
PathCombineW
StrDupW
PathRenameExtensionW
StrCmpW
PathIsDirectoryW
PathFileExistsW
StrChrW
StrCmpNIW
StrStrW
StrCmpNW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetShareGetInfo
NetApiBufferFree
Netbios

msvcrt

_memicmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
_vsnprintf
wcscat
swscanf
qsort
??2@YAPAXI@Z
__CxxFrameHandler
wcsstr
_wcsicmp
wcslen
wcscmp
memmove
iswspace
iswdigit
_wtoi
_vsnwprintf
wcsncpy
wcsrchr
wcsncmp
_stricmp
_strnicmp
memchr
wcschr
malloc
free
_wcslwr
_ftol
_except_handler3
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_wcsdup
_wsplitpath
isalpha
_wcsnicmp
strncpy
_purecall
_wcsupr
wcspbrk
_strlwr
strchr
towlower
tolower
sscanf
strncmp
time
_errno
wcstok
wcscpy
strerror
_snwprintf
swprintf
realloc

ws2_32

inet_ntoa
WSAStartup
gethostname
WSACleanup

wininet

InternetOpenA
InternetConnectA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetSetOptionA
InternetCrackUrlW
InternetCloseHandle
InternetSetStatusCallbackA
HttpOpenRequestA

iphlpapi

GetIpAddrTable

setupapi

SetupOpenInfFileW
SetupGetFieldCount
SetupFindNextMatchLineW
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupFindNextLine
SetupGetIntField
SetupCloseFileQueue
SetupOpenFileQueue

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

crypt32

CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgClose
CertCloseStore

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WinVerifyTrust

winmm

timeGetTime

Exports

Exports

DllRegisterServer
DllUnregisterServer
EngLib_Init
EngSectionRestore

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/dsbs.dat
deepscan/dscon.dat
deepscan/dsr.dat
deepscan/dswc.dat
deepscan/dsws.dat
deepscan/dswtb.dat
deepscan/sc.con
deepscan/softcheck.dll
.dll windows:4 windows x86 arch:x86

df697c414835e7e42b271d09174e41f9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedDecrement
lstrlenW
FindClose
FindFirstFileW
GetModuleFileNameW
GetSystemWindowsDirectoryW
DebugBreak
OutputDebugStringW
lstrlenA
InterlockedIncrement
ExpandEnvironmentStringsW
lstrcpyW
FindNextFileW
CloseHandle
DeleteFileW
SearchPathW
MoveFileExW
CopyFileW
GetLastError
GetLongPathNameW
GetTempPathW
GetDriveTypeW
GetTickCount
ReadFile
SetFilePointer
CreateFileW
WriteFile
LoadLibraryExW
GetFileSizeEx
lstrcmpA
LocalAlloc
LocalFree
MultiByteToWideChar
GetFileAttributesExW
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
GetSystemDirectoryW
GetEnvironmentVariableW
GetVersionExW
SystemTimeToFileTime
InterlockedCompareExchange
Sleep
GetFileAttributesW
WideCharToMultiByte
SetFileAttributesW
GetFileSize
DeviceIoControl
LocalFileTimeToFileTime
SetFilePointerEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetACP
GetSystemTime
FormatMessageW
GetSystemTimeAsFileTime
CreateFileA
GetCurrentThreadId
GetFileType

user32

LoadStringW
CharNextW
CharLowerW
wvsprintfW
CharUpperW

advapi32

RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

ord155
SHGetSpecialFolderPathW
ord190
ord18
SHGetDesktopFolder
SHGetFileInfoW
SHGetPathFromIDListW
SHGetMalloc
SHGetSpecialFolderLocation
ord25

ole32

CLSIDFromString
CLSIDFromProgID
IIDFromString
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
OleRun
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
GetErrorInfo
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
SysStringLen

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

StrStrIW
StrCmpIW
StrRChrW
SHGetValueW
PathFileExistsW
StrDupW
PathAppendW
PathCombineW
PathIsDirectoryW
StrCmpNIW
StrRStrIW
PathRemoveFileSpecA
PathCombineA
PathRemoveFileSpecW
StrCpyNW
StrRetToBufW
PathFindFileNameW
PathFindExtensionW
StrChrW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

iphlpapi

GetAdaptersInfo

msvcrt

fprintf
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_iob
_onexit
__dllonexit
_vsnprintf
wcscat
tolower
memchr
qsort
swprintf
_snwprintf
strerror
??2@YAPAXI@Z
__CxxFrameHandler
wcslen
malloc
swscanf
free
memmove
iswspace
_wcsnicmp
iswdigit
_wtoi
_vsnwprintf
_purecall
wcschr
wcscmp
wcsstr
wcsrchr
strchr
_wcsicmp
rand
_except_handler3
wcsncmp
strncpy
wcsncpy
_wcsupr
wcspbrk
_wcslwr
_strlwr
realloc
_CxxThrowException
_errno
wcstok
wcscpy

wininet

InternetGetConnectedState

Exports

Exports

CheckFiles
CheckFreeFileMemory
CheckFreeMemory
CheckSoftCancel
CheckSoftExtRole
CheckSoftPathFile
CheckSoftSetOption
CheckSoftware
FreeInstallSoftInfo
FreeSoftExtRole
GetInstallSoftInfo
SetDownLoadCallBack
SetDownloadClassCallBack
SetEnumDisk
SetHttpCallMode
SoftCheckClose
SoftCheckCreate
SoftReplaceOneFile
SoftReplaceOneFile2

Sections

.text
Size: 404KB - Virtual size: 403KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/ssr.dat
deepscan/sysfilerepS.dll
.dll windows:4 windows x86 arch:x86

35551a3f34893fab65e207a376e72619

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileW
SetFileAttributesW
CopyFileW
GetLastError
InterlockedDecrement
GetTimeZoneInformation
GetModuleFileNameW
GetVersionExW
GetLongPathNameW
GetTempPathW
InterlockedIncrement
LocalFileTimeToFileTime
LocalFree
CloseHandle
GetEnvironmentVariableW
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
Sleep
GetFileAttributesW
FindFirstFileW
FindClose
GetCurrentProcess
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
WriteFile
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
SystemTimeToFileTime
FileTimeToSystemTime
GetACP
SystemTimeToTzSpecificLocalTime
GetSystemDefaultUILanguage
GetSystemWindowsDirectoryW
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObject
CreateMutexW
SetFilePointer
ReadFile
GetSystemTimeAsFileTime
CreateFileA
GetCurrentThreadId
OutputDebugStringW
FormatMessageW
GetSystemTime
lstrcmpA
GetFileType
CreateFileW
lstrlenA
GetFileSize
MoveFileExW
DeviceIoControl

advapi32

RegQueryValueExA
RegEnumKeyExW
GetUserNameW
BuildExplicitAccessWithNameW
SetEntriesInAclW
GetExplicitEntriesFromAclW
DeleteAce
LookupAccountNameW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleRun

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

shlwapi

StrStrIW
PathAppendW
StrCmpW
StrCmpIW
StrRChrW
PathFileExistsW
StrCmpNW
SHGetValueW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_adjust_fdiv
realloc
_wcslwr
_wcsnicmp
wcsncmp
wcschr
strchr
_wcsupr
??2@YAPAXI@Z
_wtoi
_iob
fflush
rand
malloc
free
_vsnwprintf
isdigit
swscanf
wcsrchr
wcslen
memmove
__CxxFrameHandler
_except_handler3
_CxxThrowException
_purecall
wcscmp
_errno
wcstok
wcscpy
strerror
wcsncpy
_snwprintf
swprintf
strncpy
qsort
memchr
tolower
wcscat
_vsnprintf
_wunlink
fprintf

winmm

timeGetTime

Exports

Exports

cancel_sysfilerep_req
close_sysfilerep_object
create_sysfilerep_object
judgeif_sys_file
judgeif_sys_file_a
judgeif_sys_file_w
replace_all_sys_file
replace_all_sys_file_a
replace_all_sys_file_w
replace_get_http_count
replace_set_http_mode
replace_set_product_a
replace_set_product_w
replace_sys_file
replace_sys_file_a
replace_sys_file_w
set_download_callback
set_option
set_sysfilerep_timeout

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dep360.ini
libsdi.dat
libvi.dat
libwhite.dat
model/malware.00.mdf
model/malware.01.mdf
model/malware.02.mdf
model/malware.03.mdf
model/malware.04.mdf
model/malware.05.mdf
model/malware.06.mdf
model/malware.07.mdf
model/malware.08.mdf
model/malware.09.mdf
model/malware.10.mdf
model/malware.11.mdf
model/malware.12.mdf
model/malware.13.mdf
model/malware.14.mdf
model/malware.15.mdf
model/malware.16.mdf
model/malware.17.mdf
model/malware.18.mdf
model/malware.19.mdf
model/malware.20.mdf
model/malware.21.mdf
model/malware.22.mdf
model/malware.23.mdf
model/malware.24.mdf
model/malware.25.mdf
model/malware.26.mdf
model/malware.27.mdf
model/malware.28.mdf
model/malware.29.mdf
model/malware.30.mdf
model/malware.31.mdf
model/malware.32.mdf
model/malware.33.mdf
model/malware.34.mdf
model/malware.35.mdf
model/malware.36.mdf
model/malware.37.mdf
model/malware.38.mdf
model/malware.39.mdf
model/malware.40.mdf
model/update.txt
qrlist.cab
.cab
plist.rdf
qutmipc.sys
.sys windows:5 windows x86 arch:x86

45b7190878d283d25d0f338b7ad70b71

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\building\regcallback\hookportregchangedriver\objfre_w2K_x86\i386\qutmipc.pdb

Imports

ntoskrnl.exe

ExDeleteResourceLite
ExInitializeResourceLite
KeInitializeSpinLock
IoCreateSymbolicLink
IoDeleteSymbolicLink
IoCreateDevice
RtlInitUnicodeString
KeTickCount
PsGetVersion
IofCompleteRequest
MmMapLockedPagesSpecifyCache
InterlockedExchange
ObfDereferenceObject
IofCallDriver
IoBuildDeviceIoControlRequest
KeInitializeEvent
IoGetDeviceObjectPointer
PsTerminateSystemThread
KeDelayExecutionThread
ZwClose
PsCreateSystemThread
KeWaitForSingleObject
PsGetCurrentThreadId
ExAllocatePoolWithTag
ZwQueryValueKey
_except_handler3
_wcsnicmp
KeLeaveCriticalRegion
ExReleaseResourceLite
wcsncpy
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExFreePool
ZwOpenKey
ExAcquireResourceSharedLite
IoDeleteDevice
IoGetCurrentProcess
MmUserProbeAddress
ProbeForRead
ExGetPreviousMode
ExFreePoolWithTag
ObQueryNameString
KeUnstackDetachProcess
KeStackAttachProcess
ObReferenceObjectByHandle
RtlFreeUnicodeString
InterlockedIncrement
ObOpenObjectByPointer
RtlVolumeDeviceToDosName
IoFileObjectType
ZwOpenFile
ZwQueryInformationProcess
PsProcessType
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
wcslen
KeSetEvent
IoReleaseCancelSpinLock
InterlockedDecrement
PsLookupProcessByProcessId
MmHighestUserAddress
KeBugCheckEx
PsGetCurrentProcessId
RtlCopyUnicodeString
MmGetSystemRoutineAddress

hal

KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
savapi/AVPack.dll
.dll windows:5 windows x86 arch:x86

8e0d832d7cebf7763130404c4e78196c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\develop\unpacktest\archive\engine\modules\avpack\src\Release\AVPack.pdb

Imports

kernel32

FreeLibrary
LoadLibraryW
GetProcAddress
GetTempPathA
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleFileNameW
DeleteCriticalSection
ReadFile
GetLastError
HeapFree
HeapAlloc
CreateDirectoryW
GetFileAttributesW
DeleteFileW
MoveFileW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
Sleep
ExitProcess
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
GetModuleFileNameA
RtlUnwind
GetConsoleCP
GetConsoleMode
CloseHandle
LCMapStringW
FlushFileBuffers
LoadLibraryA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
CreateFileW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
SetEndOfFile
GetProcessHeap
GetModuleHandleA

Exports

Exports

AVPackInit
AVPackUninit
ArchiveAddElementToUseList
ArchiveCloseW
ArchiveDoneUseList
ArchiveExtractFileW
ArchiveFindFirst
ArchiveFindNext
ArchiveGetErrorMessageW
ArchiveGetExpSize
ArchiveGetFileCount
ArchiveGetSize
ArchiveGetSupportedList
ArchiveGetTypeW
ArchiveGetVersionInfo
ArchiveOpenW
ArchiveRegisterType
ArchiveUnregisterType

Sections

.text
Size: 386KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdrunchk.ini
sdsp/360procmon.dll
.dll windows:4 windows x86 arch:x86

85a5957d03e55d89de3999a70eaf54eb

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
OpenProcess
GetSystemInfo
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
GetSystemWindowsDirectoryW
InterlockedDecrement
GetCommandLineW
InterlockedIncrement
CreateEventW
CreateSemaphoreW
WaitForSingleObject
SetEvent
ReleaseSemaphore
ResetEvent
GetCurrentThreadId
lstrlenA
DebugBreak
OutputDebugStringW
FlushInstructionCache
WideCharToMultiByte
Sleep
DeleteFileW
IsBadReadPtr
MoveFileExW
MultiByteToWideChar
GlobalFree
CopyFileW
GlobalAlloc
GetPrivateProfileIntW
InterlockedCompareExchange
MoveFileW
WritePrivateProfileStringW
FlushFileBuffers
GlobalFindAtomW
lstrcmpA
LocalFree
FormatMessageW
GetFileSizeEx
SetFilePointerEx
GetACP
VirtualFree
VirtualAlloc
CreateMutexW
ReleaseMutex
HeapFree
TlsFree
SetEnvironmentVariableW
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
GetFileType
GetPrivateProfileStringW
GetLongPathNameW
GetModuleHandleW
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetSystemTime
QueryDosDeviceW
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
lstrlenW
GetFileAttributesExW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
WriteFile
CreateFileW
GetFileSize
ReadFile
SetFilePointer
CloseHandle
SystemTimeToFileTime
SetLastError
GetCurrentProcessId
TlsGetValue
OpenThread
TlsSetValue

user32

wvsprintfW
DialogBoxParamW
GetSystemMetrics
SetWindowLongW
GetActiveWindow
FindWindowW
IsDlgButtonChecked
CheckDlgButton
GetWindowLongW
GetWindow
SystemParametersInfoW
GetClientRect
MapWindowPoints
LoadImageW
LoadStringW
EndDialog
GetDlgItem
SendMessageW
GetParent
SetWindowPos
GetWindowRect
CharNextW

gdi32

SetBkMode
GetStockObject
GetObjectW
CreateFontIndirectW
DeleteObject
SetTextColor

advapi32

RegOpenKeyExW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey

shell32

SHGetSpecialFolderPathW
SHFileOperationW

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantCopy
SysStringLen

shlwapi

SHSetValueW
StrStrIW
PathIsDirectoryW
PathCombineW
StrCmpNW
PathRemoveBackslashW
StrChrW
StrCmpNIW
PathFindFileNameW
StrCpyNW
StrCmpIW
PathStripToRootW
SHGetValueW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
SHDeleteValueW
SHDeleteKeyW

msvcrt

??1type_info@@UAE@XZ
wcsncmp
wcscmp
_CxxThrowException
wcscpy
_errno
wcstok
strerror
wcsncpy
wcsrchr
_snwprintf
swprintf
strncpy
qsort
memchr
_wcslwr
swscanf
tolower
wcscat
memset
??2@YAPAXI@Z
__CxxFrameHandler
memcpy
_wcsicmp
free
malloc
wcslen
_stricmp
strrchr
wcschr
wcstoul
_vsnwprintf
_purecall
_beginthreadex
realloc
memmove
iswdigit
_wtoi
wcsstr
ftell
fclose
fread
fseek
_wfopen
memcmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_initterm
_adjust_fdiv
_wcsnicmp

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

urlmon

URLDownloadToCacheFileW

Exports

Exports

AddRuleTFW
BuildAndLoadRuleFile
CheckSpStatus
CreateTrayClient
GetLogFileName
GetRuleInfo
GetSPStateEx
InstallCall
OffSelfProtect
OffSelfProtectEx
UninstallCall

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdsp/EfiProc.dll
.dll windows:4 windows x86 arch:x86

8a13fb436dc19f441577e082e8d99c0f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
CreateFileA
DeviceIoControl
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
GetCurrentProcess
OutputDebugStringA
GetLastError
CloseHandle
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

advapi32

CloseServiceHandle
OpenSCManagerA
OpenServiceA
DeleteService
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyW
RegCloseKey
RegOpenKeyW
RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
StartServiceW
CreateServiceW
OpenSCManagerW
RegDeleteKeyW

shlwapi

PathFileExistsA
PathCombineA
SHGetValueA
SHDeleteKeyA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

EfiLoadBitmap
EfiUnloadBitmap

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sdsp/SelfProtectAPI2.dll
.dll windows:4 windows x86 arch:x86

050704d7de5198d5748462bc0947cd65

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
ReadFile
GetFileSize
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetOverlappedResult
GetLastError
CreateEventW
CreateThread
InitializeCriticalSection
WaitForSingleObject
SetEvent
GetFileInformationByHandle
GetVersion
CloseHandle
GetSystemInfo
OpenThread
GetModuleFileNameW
GetModuleHandleW
SetStdHandle
GetStringTypeW
DeviceIoControl
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetSystemDirectoryW
RemoveDirectoryW
CopyFileW
DeleteFileW
MoveFileW
LoadLibraryW
GetProcAddress
OpenProcess
GetCurrentProcess
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
LoadLibraryA
GetOEMCP
GetACP
GetCPInfo
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
DeleteCriticalSection
ExitProcess
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement

advapi32

RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService

shlwapi

PathFileExistsW
PathCombineW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

EnumProcessModules
GetModuleInformation
GetModuleFileNameExW

Exports

Exports

APICreateObjectSelfProc
APIDisableSendInput
APIEnableSendInput

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sdUI.cab
.7z
360AvFlt.dll
.dll windows:6 windows x86 arch:x86

774e01f1b56b60e2cc1015b72c661386

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\building\for360sd\user\objfre_wxp_x86\i386\360AvFltLoad.pdb

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
malloc
free
_wcsnicmp
memcpy
wcsrchr
memset

kernel32

GetOverlappedResult
CreateThread
SetLastError
FreeLibrary
LoadLibraryW
GetLastError
CopyFileW
GetModuleFileNameW
GetModuleHandleW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryDosDeviceW
InitializeSListHead
DeleteFileW
InterlockedPopEntrySList
InterlockedPushEntrySList
HeapAlloc
HeapFree
CreateEventW
TerminateThread
CloseHandle
WaitForSingleObject
SleepEx
SetEvent
VirtualFree
GetProcAddress
VirtualAlloc
GetProcessHeap
GetVersionExW
GetSystemDirectoryW

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
CreateServiceW
CloseServiceHandle
StartServiceW
OpenServiceW
DeleteService
OpenSCManagerW

fltlib

FilterVolumeFindNext
FilterVolumeFindClose
FilterGetMessage
FilterConnectCommunicationPort
FilterReplyMessage
FilterSendMessage
FilterGetDosName
FilterVolumeFindFirst

shlwapi

PathFileExistsW
SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

AddClientRule
AddClientRuleEx
AddExceptionProcessId
AddExceptionRule
AddProtectedFile
AddProtectedFileEx
AddRule
CleanupAllClientRules
CleanupAllRules
ClearAllExceptionProcessId
ClearAllExceptionRules
CloseClientHandle
CloseClientSession
CreateClientHandle
CreateClientSession
GetClientSessionHandle
Install
NotifyDriverClientResult
NotifyDriverResult
QueryDriverVersion
QueryProtectedInformation
RemoveAllProtectedFile
RemoveAllProtectedFileEx
RemoveClientRule
RemoveExceptionProcessId
RemoveExceptionRule
RemoveProtectedFile
RemoveProtectedFileEx
ReplyClientResult
SetClientSessionTimeout
SetClientSessionTimeoutCallback
SetIgnoreNtfsStreamOperations
SetupInstall
StartHookEx
TranslateDosDeviceToNtDevice
Uninstall

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360AvFlt.sys
.sys windows:6 windows x86 arch:x86

393d86ed0fd9da6a9e050acc262edab1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:02:f7:d5:31:8e:1f:ad:6b:a3:21:4e:cd:d4:1e:b7:63:37:9e:5a
Signer

Actual PE Digest

6e:02:f7:d5:31:8e:1f:ad:6b:a3:21:4e:cd:d4:1e:b7:63:37:9e:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\building\for360sd\filter\objfre_win7_x86\i386\360AvFlt.pdb

Imports

ntoskrnl.exe

PsGetProcessId
IoThreadToProcess
PsGetThreadId
PsGetCurrentProcessId
KeLeaveCriticalRegion
KeEnterCriticalRegion
KeWaitForSingleObject
MmIsAddressValid
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
ExAcquireResourceSharedLite
ExInitializeResourceLite
ExDeleteResourceLite
memset
ExQueueWorkItem
MmGetSystemRoutineAddress
PsGetVersion
KeDelayExecutionThread
KeSetPriorityThread
KeGetCurrentThread
PsCreateSystemThread
wcsncpy
ProbeForRead
KeUnstackDetachProcess
KeStackAttachProcess
PsGetCurrentThreadId
ObQueryNameString
RtlVolumeDeviceToDosName
PsLookupProcessByProcessId
ZwQueryInformationProcess
ObfReferenceObject
ZwOpenProcess
ObOpenObjectByName
ZwTerminateProcess
KeServiceDescriptorTable
IofCallDriver
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
ZwQuerySystemInformation
PsSetCreateProcessNotifyRoutine
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
KeTickCount
KeBugCheckEx
RtlUnwind
IoGetCurrentProcess
PsGetProcessInheritedFromUniqueProcessId
KeInitializeEvent
RtlUpcaseUnicodeString
RtlCompareUnicodeString
FsRtlIsNameInExpression
FsRtlLegalAnsiCharacterArray
ZwOpenKey
ZwQueryValueKey
ExFreeToPagedLookasideList
ExAllocateFromPagedLookasideList
ExInitializePagedLookasideList
ExAllocatePool
RtlCopyUnicodeString
RtlInitUnicodeString
memcpy
ExAllocatePoolWithTag
ExEventObjectType
IoCreateFile
ZwCreateFile
IoFileObjectType
ObReferenceObjectByHandle
ZwClose
ObfDereferenceObject
KeSetEvent
ExFreePoolWithTag
ExDeletePagedLookasideList
IoQueryFileInformation
DbgPrint

hal

ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex

fltmgr.sys

FltDeleteContext
FltSetStreamHandleContext
FltGetFileNameInformation
FltAllocateContext
FltParseFileNameInformation
FltReleaseFileNameInformation
FltGetStreamHandleContext
FltReleaseContext
FltSendMessage
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltCloseClientPort
FltCloseCommunicationPort
FltUnregisterFilter
FltGetDestinationFileNameInformation

Sections

.text
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 512B - Virtual size: 11B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360P2SP.dll
.dll windows:5 windows x86 arch:x86

0d3a24cd5d4721c891f3a131f13c4d7c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\build\360P2SP_2\360P2SP\Release\360P2SP.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

recv
accept
WSAAsyncSelect
WSACancelAsyncRequest
WSAAsyncGetHostByName
listen
shutdown
getpeername
recvfrom
bind
WSASetLastError
ioctlsocket
sendto
WSAGetLastError
htonl
ntohl
ntohs
inet_ntoa
inet_addr
gethostbyname
socket
htons
connect
closesocket
setsockopt
send

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

SetStdHandle
GetTimeZoneInformation
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetThreadTimes
GetCurrentThread
WriteFile
GetLastError
SetFilePointer
ReadFile
CloseHandle
FreeLibrary
GetProcAddress
LoadLibraryW
GetCurrentProcess
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
WaitForSingleObject
SetEndOfFile
GetFileSizeEx
CreateFileW
CreateEventW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
GetTickCount
DeleteFileW
MoveFileW
GetFileSize
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
lstrlenA
lstrlenW
GetModuleHandleW
GetUserDefaultLangID
GetLocaleInfoW
GetCurrentThreadId
InterlockedDecrement
ResetEvent
GetVersionExW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetModuleFileNameW
GetTempPathW
QueryPerformanceFrequency
GetModuleHandleA
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedExchangeAdd
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetCurrentDirectoryA
GetFullPathNameW
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapDestroy
HeapCreate
HeapReAlloc
VirtualAlloc
VirtualFree
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCommandLineA
WriteConsoleA
GetConsoleOutputCP
TerminateProcess
WriteConsoleW
CreateFileA
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetDriveTypeA
InterlockedIncrement
GetSystemTimeAsFileTime
CreateThread
RaiseException
HeapAlloc
HeapFree
RtlUnwind
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetEvent
ExitThread
FindFirstFileW
GetDriveTypeW
IsDebuggerPresent

user32

UnhookWindowsHookEx
IsDialogMessageW
SetForegroundWindow
ShowWindow
UnregisterClassW
PostMessageW
CallNextHookEx
CheckDlgButton
SetWindowLongW
GetWindowLongW
RegisterClassExW
CreateWindowExW
DefWindowProcW
SendMessageW
SetTimer
wsprintfW
CreateDialogParamW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
GetDlgItemTextW
IsDlgButtonChecked
SetWindowsHookExW
SetWindowTextW
SetDlgItemTextW
PostQuitMessage

advapi32

OpenProcessToken
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
AdjustTokenPrivileges

ole32

CoUninitialize
CoCreateInstance
OleRun
CoInitialize

oleaut32

SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantClear
VariantChangeType
VariantInit
SysFreeString
SysAllocString
GetErrorInfo

shlwapi

wvnsprintfW
StrStrIW

iphlpapi

GetNetworkParams
GetAdaptersInfo

secur32

AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

Exports

Exports

CancelCheckProxy
CheckProxy
CheckProxyEx
CreateP2SPTask
GetFinishMessage
GetServerInfo
GetUploadInfo
Init
Login
QueryTask
QueryTaskPeer
RemoveTask
SetConfigInfo
SetP2spOption
StartTask
StopSeed
StopTask
Uninit
UpdateRegInfo

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360QBack.exe
.exe windows:5 windows x86 arch:x86

1aeefac19e5964df1fa0a1a1078f020b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemInfo
VirtualQuery
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
CreateFileA
SetEnvironmentVariableA
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualProtect
HeapSize
HeapReAlloc
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
ExitProcess
SizeofResource
LockResource
Sleep
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetStartupInfoW
GetFileTime
GetFileSizeEx
GetFileAttributesW
GetDriveTypeA
GetCurrentDirectoryA
FindNextFileW
DeviceIoControl
SetFilePointerEx
GetEnvironmentVariableW
SetEnvironmentVariableW
OpenThread
ReleaseMutex
OutputDebugStringW
GetSystemTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetTempPathW
GetTempFileNameW
IsProcessorFeaturePresent
GetProcessHeap
InterlockedCompareExchange
LoadResource
FindResourceW
FindResourceExW
GetLastError
CreateMutexW
CloseHandle
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryW
GetProcAddress
CreateEventW
PulseEvent
WaitForSingleObject
FreeConsole
WriteConsoleW
SetConsoleTextAttribute
GetStdHandle
AllocConsole
WideCharToMultiByte
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
SetLastError
lstrlenA
GetVersionExW
lstrcpynW
RaiseException
MulDiv
GetTickCount
ResetEvent
SetEvent
GlobalAlloc
ResumeThread
CreateThread
GlobalFree
GlobalUnlock
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetErrorMode
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFlags
WritePrivateProfileStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GetModuleHandleA
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetCurrentProcessId
GlobalAddAtomW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GlobalLock
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
FormatMessageW
LocalFree
FreeResource

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableW
IsRectEmpty
DestroyMenu
WindowFromPoint
CharUpperW
GetWindowDC
GrayStringW
DrawTextExW
TabbedTextOutW
SetWindowContextHelpId
MapDialogRect
MoveWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
UnregisterClassW
WinHelpW
IsChild
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetWindowTextLengthW
GetWindowTextW
ShowWindow
SetForegroundWindow
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetMenu
UpdateWindow
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
RegisterClipboardFormatW
PostThreadMessageW
SendDlgItemMessageA
FindWindowW
EnableWindow
CharNextW
DrawIcon
SendMessageW
IsIconic
GetWindowRect
GetClientRect
InvalidateRect
LoadIconW
GetSystemMetrics
SetWindowLongW
SetFocus
IsWindow
GetClassInfoExW
LoadCursorW
RegisterClassExW
CreateWindowExW
PostMessageW
CopyRect
PtInRect
OffsetRect
FillRect
DrawIconEx
LoadImageW
FrameRect
MonitorFromWindow
GetMonitorInfoW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxW
SetCursor
SetWindowsHookExW
CallNextHookEx
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PeekMessageW
GetMessageW
DispatchMessageW
PostQuitMessage
GetMessagePos
EndPaint
SetWindowRgn
EnumChildWindows
GetUpdateRgn
BeginPaint
GetSysColorBrush
SystemParametersInfoW
GetCapture
ReleaseCapture
DestroyWindow
GetDlgCtrlID
GetParent
SetCapture
KillTimer
SetTimer
RedrawWindow
ClientToScreen
SetWindowPos
IntersectRect
InflateRect
DrawTextW
SetRect
LoadBitmapW
GetSysColor
GetFocus
DefWindowProcW
ReleaseDC
GetDC
IsWindowEnabled
ScreenToClient
GetWindowLongW
CallWindowProcW
UnregisterClassA
IsZoomed

gdi32

DeleteObject
SetMapMode
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SelectObject
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
ExtSelectClipRgn
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
SetBkColor
TextOutW
CreateSolidBrush
ExtTextOutW
GetStockObject
DeleteDC
GetTextExtentPoint32W
GetObjectW
SaveDC
RestoreDC
SetBkMode
GetClipBox
Polygon
PatBlt
GetDeviceCaps
CreateFontIndirectW
DPtoLP
SetWindowOrgEx
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
LPtoDP
GetCurrentObject
CreateDIBSection
GetBitmapBits
GetBkMode
GetDIBits
CreateBitmap
SetStretchBltMode
ExtCreateRegion

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueExA
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW

shell32

ShellExecuteW

comctl32

ImageList_AddMasked
ImageList_Draw
ImageList_LoadImageW
ImageList_Destroy
ImageList_Create
_TrackMouseEvent

shlwapi

PathFindFileNameW
PathStripToRootW
SHGetValueW
PathFileExistsW
PathIsUNCW
StrCmpNIW
PathFindExtensionW
PathIsDirectoryW
PathAddBackslashW
PathAppendW

oledlg

OleUIBusyW

ole32

CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleIsCurrentClipboard
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromProgID
OleInitialize

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen
VarUdateFromDate
OleLoadPicture
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VarUI4FromStr
VariantCopy
SafeArrayDestroy
OleCreateFontIndirect
SysStringByteLen

version

GetFileVersionInfoSizeW
VerQueryValueW

msimg32

TransparentBlt

Sections

.text
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360QVM.dll
.dll windows:5 windows x86 arch:x86

0ffcd1ce0fd9fc20e42f986a1f4fd1f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
DeleteFileA
DeleteFileW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindClose
CopyFileA
CopyFileW
MoveFileA
MoveFileW
CreateDirectoryA
GetLastError
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
FlushFileBuffers
SetEndOfFile
GetFileType
GetFileTime
GetFileAttributesW
GetTempPathA
GetWindowsDirectoryA
GetTempPathW
GetWindowsDirectoryW
GetFileInformationByHandle
MultiByteToWideChar
WideCharToMultiByte
VirtualFree
VirtualProtect
VirtualAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
GetModuleFileNameA
GetModuleFileNameW
UnmapViewOfFile
CloseHandle
FreeLibrary
GetPrivateProfileStringW
GetFileAttributesA
SetFileAttributesW
SetFileAttributesA
WriteFile
ReadFile
CreateFileA
Sleep
InterlockedCompareExchange
SetFileTime
LoadLibraryW
IsBadReadPtr
MapViewOfFile
CreateFileMappingW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
HeapFree
HeapAlloc
GetFileSize
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeW
HeapCreate
HeapDestroy
HeapReAlloc
GetModuleHandleW
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcmpA
LocalFree
GetSystemTime
FormatMessageW
OutputDebugStringW
lstrlenA
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetFilePointerEx
GetFileSizeEx
GetProcessHeap
OpenThread
SetEnvironmentVariableW
GetEnvironmentVariableW
LocalFileTimeToFileTime
SystemTimeToFileTime
DeviceIoControl
CreateFileW
GetProcAddress
TerminateProcess
LoadLibraryA
GetModuleHandleA

ole32

CLSIDFromString

version

GetFileVersionInfoSizeW
VerQueryValueW

crypt32

CertGetCertificateContextProperty
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore
CryptMsgClose
CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA

Exports

Exports

BoleFeaturesInitialize
BoleInitialize
ClearEnviroment
CreateEnviroment
GetClassObject

Sections

.text
Size: 795KB - Virtual size: 795KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360SignCheck.dll
.dll windows:4 windows x86 arch:x86

a83805f65409e7010950e0d8ec89cc2c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord825
ord823
ord538
ord925
ord800

msvcrt

?terminate@@YAXXZ
_vsnprintf
_except_handler3
wcscat
tolower
_wcslwr
memchr
qsort
strncpy
swscanf
wcsncmp
memmove
swprintf
wcschr
_snwprintf
wcsncpy
wcscmp
strerror
wcscpy
wcstok
wcslen
_errno
_vsnwprintf
_CxxThrowException
_purecall
__CxxFrameHandler
wcsrchr
_wcsicmp
free
_initterm
malloc
_adjust_fdiv
_onexit
__dllonexit
??1type_info@@UAE@XZ

kernel32

GetModuleFileNameW
LoadLibraryW
GetProcAddress
CreateFileA
GetSystemTimeAsFileTime
GetFileType
lstrcmpA
FreeLibrary
SystemTimeToFileTime
LocalFileTimeToFileTime
DeviceIoControl
GetFileSize
SetFilePointer
GetACP
SetFilePointerEx
ReadFile
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
CreateFileW
lstrlenA
SetLastError
GetLastError
LocalFree
GetSystemTime
FormatMessageW
MultiByteToWideChar
OutputDebugStringW
GetCurrentThreadId
CloseHandle

shlwapi

PathFileExistsW

crypt32

CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore
CryptMsgClose

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

version

VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CreateInterface

Sections

.text
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360net.dll
.dll windows:4 windows x86 arch:x86

082629bc04551ec43d93670d1f71e2f2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

SetWindowTextW
PostThreadMessageW
PostMessageW
DispatchMessageW
TranslateMessage
GetMessageW
SetWindowLongW
GetWindowLongW
ShowWindow
CreateDialogParamW
CallNextHookEx
IsDialogMessageW
UnhookWindowsHookEx
PostQuitMessage
SetForegroundWindow
SetFocus
DestroyWindow
GetDlgItemTextW
IsDlgButtonChecked
SetWindowsHookExW
GetDesktopWindow
SetDlgItemTextW
GetDlgItem
SendMessageW
CheckDlgButton

wininet

InternetSetOptionW
InternetCloseHandle
InternetCrackUrlW
InternetSetStatusCallbackA
InternetOpenW
InternetQueryOptionW
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetConnectW
InternetReadFileExA
HttpQueryInfoW

msvcrt

_wtoi64
wcsncmp
wcscmp
_wcslwr
rand
srand
_CxxThrowException
_vsnwprintf
_close
_read
_wopen
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
swscanf
wcscat
_snwprintf
wcschr
swprintf
wcsncpy
wcsstr
_wcsdup
wcstok
_errno
memmove
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
__CxxFrameHandler
malloc
free
sprintf
wcscpy

msvcp60

?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Xlen@std@@YAXXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z

ws2_32

WSAGetLastError
getpeername

advapi32

RegCloseKey
RegOpenKeyW
RegSetValueExW
RegQueryValueExW

kernel32

GetCurrentProcessId
GetLocalTime
GetSystemTime
SetEndOfFile
ReadFile
WriteFile
SetFilePointerEx
WaitForMultipleObjects
lstrlenW
ResetEvent
ReleaseSemaphore
CreateEventW
CreateFileW
GetCurrentThreadId
SetEvent
Sleep
DeleteFileW
WideCharToMultiByte
ReleaseMutex
CreateThread
CreateSemaphoreW
CreateMutexW
WaitForSingleObject
CloseHandle
MultiByteToWideChar
lstrlenA
GetTickCount
GetFileAttributesW
SetFilePointer
GetUserDefaultLangID
GetLastError

Exports

Exports

HttpCancel
HttpCreateDownloadObj
HttpDeleteDownloadObj
HttpDownload
HttpDownloadExA
HttpDownloadExW
HttpGetAllPeer
HttpGetConnectState
HttpGetContentLength
HttpGetCurrentSpeed
HttpGetLastError
HttpGetLastErrorA
HttpGetLastErrorW
HttpGetMD5
HttpGetReceivedLength
HttpGetResumedLength
HttpGetState
HttpGetStateA
HttpGetStateW
HttpInitDownPara
HttpResetAll
HttpWait

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360rp.dll
.dll windows:4 windows x86 arch:x86

1b8d1689b6b8e37872aa51a897a2b9bf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ef:aa:5a:55:55:f1:55:8a:7f:0f:a8:9d:ae:48:7e:34:73:e2:72:9a
Signer

Actual PE Digest

ef:aa:5a:55:55:f1:55:8a:7f:0f:a8:9d:ae:48:7e:34:73:e2:72:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qtquart

ord2
ord4
ord8
ord3
ord5
ord9
ord1
ord7

router

?StopListen2@Communicator@@YAXPAX@Z
?StartListen2@Communicator@@YAPAXPBD@Z

mfc42u

ord4272
ord826
ord600
ord1571
ord6466
ord1250
ord1248
ord1563
ord1194
ord1240
ord342
ord1179
ord1570
ord1173
ord1115
ord3579
ord800
ord861
ord823
ord543
ord540
ord825
ord803
ord5568
ord2910
ord942
ord538
ord858
ord535
ord4197
ord925
ord2810
ord940
ord6303
ord521
ord2606
ord798
ord1989
ord6279
ord6278
ord5461
ord3313
ord5188
ord533
ord922
ord5706
ord2756
ord5679
ord269
ord6874
ord4124
ord6139
ord801
ord6640
ord541
ord6868
ord668
ord2762
ord356
ord927
ord6865
ord6654
ord1165
ord860
ord536
ord2773
ord3176
ord1184
ord539
ord5852
ord6920
ord4273
ord5438
ord5769
ord354
ord5180
ord6381
ord1971
ord665
ord1568
ord6921
ord2755
ord6919
ord6918
ord6867
ord4166
ord4199
ord4162
ord2914
ord941
ord537

msvcrt

malloc
free
localtime
_itow
swscanf
_adjust_fdiv
_wtoi
printf
strncpy
wcstoul
_ftol
toupper
isspace
atoi
isalnum
time
strstr
mktime
_wstati64
_vsnprintf
fclose
asctime
??0exception@@QAE@XZ
_beginthreadex
_initterm
??1type_info@@UAE@XZ
wcsncmp
fflush
fwrite
fread
fopen
_errno
strtol
qsort
fprintf
isxdigit
strcmp
getenv
isdigit
memchr
abort
vfprintf
_endthreadex
_beginthread
__dllonexit
?terminate@@YAXXZ
sscanf
_stati64
strncmp
realloc
strtok
wcstod
_wcslwr
_wsplitpath
??0exception@@QAE@ABQBD@Z
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcschr
wcsncpy
_wcsnicmp
_except_handler3
_wcsicmp
_wtoi64
_setmode
ftell
fseek
fgets
_iob
wcsstr
_vsnwprintf
wcsncat
wcslen
tolower
wcsrchr
wcscmp
__CxxFrameHandler
_onexit
_purecall

kernel32

GetFileType
WaitForSingleObjectEx
ReadFileEx
SetNamedPipeHandleState
LoadLibraryA
GetStdHandle
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
FormatMessageA
GetDiskFreeSpaceW
GetDiskFreeSpaceA
GetFullPathNameA
DeleteFileA
GetFileAttributesA
GetTempPathA
CreateFileA
GetVersionExA
LockFileEx
LockFile
UnlockFile
FlushFileBuffers
VirtualAlloc
FlushInstructionCache
VirtualProtect
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
CreateProcessA
VirtualQueryEx
GetFullPathNameW
lstrlenW
SetPriorityClass
GetLogicalDrives
InterlockedExchangeAdd
lstrcmpiW
GetThreadContext
SetThreadContext
RaiseException
GetDiskFreeSpaceExW
SetThreadExecutionState
CreateSemaphoreW
GetSystemWindowsDirectoryW
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DisconnectNamedPipe
GetModuleFileNameA
QueryPerformanceCounter
QueryPerformanceFrequency
GetHandleInformation
OpenFileMappingW
SetEndOfFile
lstrlenA
SetEnvironmentVariableW
GetTimeZoneInformation
FileTimeToSystemTime
ProcessIdToSessionId
GetACP
AreFileApisANSI
WideCharToMultiByte
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcmpW
GetVersion
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetVersionExW
GetExitCodeProcess
GetModuleHandleA
ReadProcessMemory
Thread32First
Thread32Next
Module32FirstW
Module32NextW
Toolhelp32ReadProcessMemory
GetThreadTimes
GetSystemInfo
GetModuleHandleW
GetCommandLineW
CreateMutexW
GetCurrentThreadId
LocalAlloc
LocalFree
SetErrorMode
LoadLibraryExW
OpenMutexW
GetFileTime
SystemTimeToFileTime
CompareFileTime
GetShortPathNameW
GetSystemTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
DeleteFileW
CloseHandle
WriteFile
CreateFileW
GetTempFileNameW
GetTickCount
RemoveDirectoryW
ResetEvent
SetEvent
CreateEventW
CreateDirectoryW
GetWindowsDirectoryW
GetFileAttributesW
GetPrivateProfileIntW
GetFileSizeEx
CreateThread
WaitForMultipleObjects
CopyFileW
TerminateThread
SuspendThread
WaitForSingleObject
WritePrivateProfileStringW
InterlockedExchange
GetLongPathNameW
MoveFileExW
GetSystemDirectoryW
Sleep
InterlockedCompareExchange
GetFileAttributesExW
MultiByteToWideChar
CreateSemaphoreA
ReleaseSemaphore
ReadFile
GetCurrentThread
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
DeviceIoControl
GetDriveTypeW
GetPrivateProfileSectionW
OpenProcess
CreateProcessW
GetPrivateProfileStringW
GetCurrentProcessId
GetLastError
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GlobalMemoryStatus
SetThreadPriority
CreateEventA
GetExitCodeThread
SetFileAttributesW
GetTempPathW
SetLastError
TerminateProcess
FindClose
FindNextFileW
FindFirstFileW
GetFileSize
GetCurrentProcess
SetLocalTime
GetLocalTime
OpenThread
ResumeThread
WritePrivateProfileSectionW
ReadDirectoryChangesW
OutputDebugStringW
OutputDebugStringA
GetOverlappedResult
OpenEventW
ReleaseMutex
CreateMutexA
SetFilePointer
MoveFileW
SetProcessWorkingSetSize
SetSystemTime

user32

WindowFromPoint
FindWindowW
GetSystemMetrics
PostThreadMessageW
PostMessageW
CharLowerBuffW
WaitForInputIdle
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
SystemParametersInfoW
SetTimer
KillTimer
LoadStringW
IsIconic
ShowWindow
SetForegroundWindow
MessageBoxW

advapi32

RegDeleteKeyA
RegEnumKeyExW
FreeSid
RegisterEventSourceA
ReportEventA
DeregisterEventSource
InitializeSecurityDescriptor
RegCloseKey
RegSetValueExW
RegOpenKeyExW
QueryServiceStatus
AllocateAndInitializeSid
SetEntriesInAclW
QueryServiceStatusEx
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
LookupAccountSidW
RegQueryInfoKeyW
OpenThreadToken
SetServiceStatus
RegisterServiceCtrlHandlerW
ControlService
DeleteService
ChangeServiceConfig2W
QueryServiceConfigW
RegCreateKeyA
RegSetValueExA
CloseServiceHandle
RegOpenKeyExA
RegEnumKeyExA
CreateServiceW
ChangeServiceConfigW
StartServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryValueExW
OpenSCManagerW
OpenServiceW
SetSecurityDescriptorDacl

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitializeSecurity
CoCreateInstance
OleInitialize
OleUninitialize
IIDFromString
OleRun
CoInitializeEx
CoInitialize

oleaut32

VariantInit
SysAllocStringLen
VarBstrCat
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
VariantClear
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
VariantChangeType
SetErrorInfo
GetErrorInfo
CreateErrorInfo

msvcp60

??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1ios_base@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ

shlwapi

SHGetValueA
PathIsPrefixW
StrCmpW
StrStrIW
PathIsDirectoryW
StrToIntW
PathCommonPrefixW
SHGetValueW
PathRemoveBackslashW
StrCmpIW
PathFindExtensionW
StrCmpNIW
PathAppendW
SHDeleteValueW
SHSetValueW
PathRemoveFileSpecW
PathAddBackslashW
PathFileExistsW
PathCombineW
wnsprintfW
StrCmpNW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

timeGetTime

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock
LoadUserProfileW

ws2_32

gethostname
WSACleanup
gethostbyname
inet_ntoa
WSAStartup

gdi32

GetDeviceCaps
CreateCompatibleDC
CreateDCA
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC

Exports

Exports

AppEntry

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360rp.exe
.exe windows:4 windows x86 arch:x86

641e101b97f1f0f757966c8361c88117

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:d7:6d:d6:d7:ff:dd:71:88:3b:82:08:bf:80:25:98:2c:a4:74:bc
Signer

Actual PE Digest

4f:d7:6d:d6:d7:ff:dd:71:88:3b:82:08:bf:80:25:98:2c:a4:74:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameW
CreateDirectoryW
GetWindowsDirectoryW
FreeLibrary
TerminateProcess
OpenProcess
GetCurrentProcessId
CloseHandle
TerminateThread
CreateThread
GetProcAddress
WaitForSingleObject
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
CopyFileW
lstrlenA
WideCharToMultiByte
GetLastError
GetPrivateProfileStringW
CreateFileW
WritePrivateProfileStringW
MoveFileExW
CreateEventW
SetEvent
MultiByteToWideChar
GetVersion
GetVersionExW
GetCurrentProcess
GetModuleHandleA
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcmpW
QueryDosDeviceW
GetLogicalDriveStringsW
InterlockedIncrement
GetLongPathNameW
AreFileApisANSI
GetACP
ProcessIdToSessionId
GetTickCount
FindClose
FindFirstFileW
FindNextFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
GetExitCodeProcess
ReadProcessMemory
GetModuleHandleW
ReadFile
RemoveDirectoryW
SetFileAttributesW
DeleteFileW
Sleep
InterlockedCompareExchange
GetFileAttributesExW
CreateMutexW
SystemTimeToFileTime
CreateProcessW
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
SetEnvironmentVariableW
DebugBreak
OutputDebugStringW
SetFilePointer
GetFileSize
LeaveCriticalSection
lstrlenW
LoadLibraryW
InterlockedDecrement
GetCurrentThreadId
EnterCriticalSection
LoadLibraryA
GetStartupInfoW

user32

DestroyWindow
LoadStringW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharLowerBuffW
wvsprintfW
CharNextW
SystemParametersInfoW
GetSystemMetrics
WindowFromPoint
WaitForInputIdle
CharLowerW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

msvcp60

??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Xran@std@@YAXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z

shlwapi

PathAddBackslashW
StrCmpNW
PathFileExistsW
SHGetValueW
SHSetValueW
SHDeleteValueW
StrCmpNIW
PathRemoveFileSpecW

msvcrt

__dllonexit
_onexit
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
atof
sscanf
fputc
fseek
ftell
fread
fclose
fprintf
_snprintf
fopen
free
??2@YAPAXI@Z
__CxxFrameHandler
_wcsnicmp
wcsrchr
wcsncat
realloc
memmove
wcscmp
_wcsicmp
atoi
wcsncpy
wcslen
_wtoi
wcsstr
wcsncmp
isalnum
time
wcschr
strstr
iswdigit
_vsnwprintf
isalpha
isspace
strncmp
strchr
tolower
_purecall

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360rps.exe
.exe windows:4 windows x86 arch:x86

d76b0e5a88f7a4fe7a2d2218024bf3d0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:75:ec:26:9c:45:b8:ab:c1:5d:50:d7:84:37:27:ab:38:3a:17:ee
Signer

Actual PE Digest

1a:75:ec:26:9c:45:b8:ab:c1:5d:50:d7:84:37:27:ab:38:3a:17:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord4199
ord1184
ord940
ord2910
ord941
ord539
ord6868
ord927
ord4124
ord942
ord537
ord2756
ord5852
ord5568
ord5706
ord5679
ord6918
ord6920
ord922
ord858
ord861
ord535
ord4197
ord2606
ord2810
ord540
ord823
ord825
ord538
ord925
ord800

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
wcscmp
__CxxFrameHandler
wcsrchr
memset
wcsstr
memcpy
wcsncmp
free
malloc
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
_except_handler3
strcmp
_vsnwprintf
strstr
_wcsicmp
wcschr
wcsncat
abs
time
strlen
isalnum
_wtoi
wcslen
wcsncpy
atoi

kernel32

GetModuleHandleW
WritePrivateProfileStringW
GetPrivateProfileStringW
ReadFile
CreateFileW
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
InterlockedCompareExchange
GetFileAttributesExW
SystemTimeToFileTime
CreateProcessW
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
GetWindowsDirectoryW
MoveFileExW
CopyFileW
SetEnvironmentVariableW
SetFilePointer
GetFileSize
CreateEventA
GetHandleInformation
OutputDebugStringA
DeleteCriticalSection
DisconnectNamedPipe
WaitNamedPipeW
WriteFile
EnterCriticalSection
ConnectNamedPipe
FindClose
GetStartupInfoW
ReleaseMutex
CreateMutexA
LeaveCriticalSection
InterlockedDecrement
LocalFree
LocalAlloc
GetLastError
CloseHandle
WaitForMultipleObjects
Sleep
WaitForSingleObject
GetModuleFileNameW
TerminateThread
SuspendThread
SetEvent
CreateThread
CreateEventW
GetCurrentThreadId
CreateMutexW
GetProcAddress
LoadLibraryW
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcessId
InitializeCriticalSection
GetCurrentProcess
GetCurrentThread
GetVersion
GetVersionExW
GetModuleHandleA
lstrcmpW
OpenProcess
QueryDosDeviceW
GetLogicalDriveStringsW
FreeLibrary
LoadLibraryA
GetLongPathNameW
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
GetACP
ProcessIdToSessionId
GetTickCount
ReadProcessMemory
FindFirstFileW
FindNextFileW
Thread32Next
OpenThread
Thread32First
ResumeThread
GetExitCodeProcess
CreateNamedPipeW

user32

CharNextW
PostThreadMessageW
LoadStringW
CharLowerBuffW
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW

advapi32

CreateProcessAsUserW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
StartServiceW
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
ChangeServiceConfig2W
ChangeServiceConfigW
CreateServiceW
StartServiceCtrlDispatcherW
QueryServiceStatus
CopySid
GetLengthSid
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
OpenProcessToken
OpenThreadToken
GetTokenInformation
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryInfoKeyW
SetEntriesInAclW
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
EqualSid
IsValidSid
CloseServiceHandle
RevertToSelf

shell32

ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoRegisterClassObject
CoInitialize
CoInitializeSecurity
CoUninitialize
CoRevokeClassObject

oleaut32

SysFreeString

shlwapi

PathAddBackslashW
SHDeleteValueW
StrCmpIW
SHGetValueW
SHSetValueW
PathFileExistsW
StrCmpNW
PathRemoveFileSpecW
StrCmpNIW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sd.dll
.dll windows:4 windows x86 arch:x86

98c68cb31186e6f9b7050502d7a695a5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:c9:6e:c8:b9:ee:5b:f6:b1:89:fe:2e:2b:4b:01:91:f3:f3:04:b8
Signer

Actual PE Digest

2a:c9:6e:c8:b9:ee:5b:f6:b1:89:fe:2e:2b:4b:01:91:f3:f3:04:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qtquart

ord7
ord1
ord3
ord8
ord4
ord9
ord5
ord2

mfc42u

ord1143
ord3806
ord755
ord470
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord1771
ord4199
ord6871
ord6920
ord326
ord6726
ord686
ord384
ord2857
ord6003
ord2088
ord3281
ord2385
ord690
ord1980
ord6860
ord5351
ord5804
ord5198
ord3224
ord6055
ord389
ord5798
ord2606
ord4155
ord3093
ord2809
ord4050
ord6655
ord2755
ord5949
ord3296
ord2281
ord3447
ord2507
ord355
ord6107
ord6911
ord5945
ord3568
ord3297
ord4270
ord4266
ord2115
ord6668
ord6880
ord3909
ord2644
ord668
ord4120
ord3176
ord4053
ord2773
ord2762
ord356
ord1662
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4335
ord4343
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord3743
ord1718
ord5256
ord4426
ord6874
ord6139
ord801
ord541
ord2914
ord517
ord4717
ord784
ord6127
ord6212
ord665
ord1971
ord1560
ord5438
ord268
ord3313
ord5180
ord354
ord1912
ord4257
ord325
ord5228
ord5714
ord2139
ord5264
ord6373
ord3006
ord833
ord640
ord323
ord1633
ord816
ord562
ord2558
ord6303
ord4162
ord521
ord4273
ord6867
ord6918
ord5852
ord539
ord6381
ord1184
ord5769
ord6654
ord6865
ord825
ord823
ord2810
ord540
ord800
ord925
ord4269
ord4480
ord2546
ord2504
ord1761
ord3332
ord548
ord2634
ord3993
ord6898
ord4470
ord2637
ord6330
ord803
ord543
ord3579
ord6597
ord6376
ord6374
ord1172
ord5977
ord6193
ord6451
ord4294
ord6211
ord4229
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord3088
ord5781
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord2966
ord5778
ord804
ord3724
ord3389
ord4400
ord2371
ord4166
ord5568
ord4119
ord6896
ord6667
ord6879
ord3084
ord4395
ord2573
ord4214
ord2746
ord3288
ord2854
ord4279
ord692
ord795
ord3701
ord790
ord3541
ord1177
ord1561
ord1634
ord3614
ord289
ord2559
ord2372
ord283
ord4118
ord613
ord2111
ord2085
ord2100
ord765
ord3693
ord3393
ord693
ord6504
ord656
ord616
ord2092
ord6688
ord6238
ord2072
ord3991
ord2108
ord2070
ord2091
ord2105
ord6605
ord2081
ord810
ord3634
ord2016
ord2405
ord6362
ord1764
ord6733
ord5727
ord3635
ord3365
ord4396
ord2574
ord3605
ord3728
ord3711
ord2567
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3716
ord941
ord1230
ord2144
ord922
ord942
ord324
ord641
ord3592
ord4419
ord3356
ord5276
ord1767
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord5871
ord2406
ord809
ord609
ord3621
ord3658
ord3569
ord4390
ord4124
ord860
ord3871
ord2855
ord5273
ord3087
ord6195
ord6370
ord2859
ord3792
ord567
ord818
ord3737
ord4621
ord3397
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord940
ord537
ord6868
ord6640
ord536
ord927
ord2910
ord6466
ord538
ord2756
ord861
ord6921
ord6278
ord6279
ord6919
ord5679
ord4272
ord4197
ord5706
ord535
ord1131
ord1165
ord1229
ord2078
ord858
ord815
ord561
ord3733
ord2579
ord4282
ord682
ord3625
ord4394
ord2572
ord6354
ord2114
ord556
ord1088
ord2444
ord3566
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord2291
ord2332
ord2350
ord2293
ord2359
ord2358
ord2362
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord1972
ord1115
ord1173
ord1568
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord3917
ord1089
ord5193
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord3948
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord3173

msvcrt

_wcsicmp
_wtoi
wcslen
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
wcscmp
_wtoi64
wcsrchr
wcsncat
wcsncpy
atoi
_snwprintf
_vsnprintf
time
strncat
atol
_stricmp
mktime
_purecall
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
__RTDynamicCast
strncmp
_vsnwprintf
towlower
_CIpow
strtod
_iob
longjmp
_wfsopen
wcstod
abort
_wfopen
tolower
strchr
isalpha
__CxxLongjmpUnwind
_setjmp3
fwrite
floor
ceil
memchr
fputc
fseek
ftell
fclose
fread
fprintf
atof
_snprintf
__dllonexit
wcsstr
_wcsdup
_wcsnicmp
__CxxFrameHandler
malloc
free
strstr
??1type_info@@UAE@XZ
_endthreadex
_beginthread
??0exception@@QAE@XZ
_except_handler3
swscanf
_wcslwr
isalnum
isspace
fopen
_itow
rand
srand
wcsncmp
_beginthreadex
localtime
sscanf
_wmakepath
_wsplitpath
wcschr
toupper
_ftol
_wstati64
printf
strncpy
calloc
gmtime

kernel32

SetEndOfFile
GetExitCodeThread
SetEnvironmentVariableW
GetTimeZoneInformation
ReadProcessMemory
Thread32First
Thread32Next
ProcessIdToSessionId
GetACP
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleA
GetVersion
OutputDebugStringA
WriteFile
DosDateTimeToFileTime
GetCurrentDirectoryW
DuplicateHandle
GetFileType
AreFileApisANSI
WideCharToMultiByte
EnumResourceNamesW
MapViewOfFile
GetLongPathNameW
FlushFileBuffers
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
CompareFileTime
RemoveDirectoryW
FindResourceW
LoadResource
SizeofResource
LockResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetErrorMode
LoadLibraryExW
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
SetFilePointer
FindNextFileW
CreateEventA
SuspendThread
CreateProcessW
GetExitCodeProcess
CreateMutexW
GlobalFree
GetSystemDirectoryW
GetNumberFormatW
GlobalMemoryStatus
GetDiskFreeSpaceExW
GetLogicalDriveStringsW
lstrlenW
InterlockedCompareExchange
InterlockedExchange
GetCurrentProcess
GetPrivateProfileStringA
FindFirstFileW
SetLocalTime
GetHandleInformation
MoveFileW
SetThreadPriority
GetFileAttributesW
QueryDosDeviceW
OpenMutexW
ResetEvent
GetDriveTypeW
GetPrivateProfileIntA
GlobalFindAtomW
GlobalAddAtomW
GetPrivateProfileSectionW
OpenThread
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTempPathW
lstrcpynW
InterlockedIncrement
GlobalAddAtomA
WritePrivateProfileSectionW
GetVersionExW
LoadLibraryA
WaitForMultipleObjects
TerminateThread
GetTempFileNameW
CopyFileW
SetFileAttributesW
WaitForSingleObject
lstrlenA
MultiByteToWideChar
SetEvent
FindFirstFileA
FindClose
CreateEventW
CreateThread
GetSystemWindowsDirectoryW
GlobalMemoryStatusEx
ExpandEnvironmentStringsW
GetPrivateProfileIntW
GetLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
DeleteFileW
GetDiskFreeSpaceW
GetTickCount
GetWindowsDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
FreeLibrary
GetCommandLineW
CreateMutexA
OutputDebugStringW
InterlockedDecrement
GetCurrentProcessId
LoadLibraryW
GetProcAddress
ReleaseMutex
MoveFileExW
GetModuleFileNameW
OpenProcess
TerminateProcess
GetPrivateProfileStringW
GetFileSize
ReadFile
CreateFileA
GetLastError
GetDriveTypeA
QueryDosDeviceA
Sleep
CreateFileW
DeviceIoControl
CloseHandle
SetProcessWorkingSetSize
GetModuleHandleW
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
CreateNamedPipeW
SetLastError
GetCurrentThread
lstrcmpiW
GetSystemTime
GetFullPathNameW
CreateSemaphoreA
ReleaseSemaphore
QueryPerformanceCounter
SetNamedPipeHandleState
ReadFileEx
WaitForSingleObjectEx
LocalFree
LocalAlloc
GetLogicalDrives
ResumeThread
GlobalDeleteAtom

user32

GetWindowThreadProcessId
MessageBoxW
PostMessageW
GetClassInfoW
WaitForInputIdle
FindWindowW
IsWindow
EnableWindow
SendMessageW
SetCursor
LoadCursorW
ScreenToClient
GetCursorPos
ChildWindowFromPointEx
ShowWindow
GetDlgItem
GetParent
InvalidateRect
ReleaseDC
DrawTextW
GetDC
RegisterWindowMessageW
GetWindow
GetClassNameW
WindowFromPoint
FindWindowExW
GetTopWindow
GetForegroundWindow
RedrawWindow
SetLayeredWindowAttributes
BringWindowToTop
OffsetRect
DestroyWindow
SetTimer
CallWindowProcW
SetPropA
SetWindowLongW
GetPropA
GetWindowLongW
GetSystemMetrics
FrameRect
GetClientRect
CreateWindowExA
GetWindowRect
ReleaseCapture
SetCapture
SetFocus
SystemParametersInfoW
GetDesktopWindow
SetWindowTextW
PtInRect
KillTimer
LoadImageW
LoadIconW
RegisterHotKey
DrawIcon
ModifyMenuW
GetMenuStringW
EnumWindows
EnumChildWindows
IsZoomed
IsRectEmpty
GetUpdateRgn
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
GetKeyState
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IntersectRect
TabbedTextOutW
GrayStringW
IsIconic
PostQuitMessage
UnregisterHotKey
SetForegroundWindow
EnableMenuItem
GetMenuItemID
GetMenuItemCount
CheckMenuItem
DeleteMenu
GetSubMenu
LoadMenuW
SetWindowPos
SwitchToThisWindow
GetSysColor
DestroyIcon
ExitWindowsEx
IsWindowEnabled
SetRect
FillRect
SendMessageTimeoutW
CopyRect
SetActiveWindow
GetActiveWindow
DrawIconEx
UpdateWindow
InflateRect
CharLowerBuffW
IsWindowVisible

gdi32

GetObjectW
SelectObject
CreateFontIndirectW
RectInRegion
CombineRgn
CreateRectRgn
CreateSolidBrush
GetDeviceCaps
DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetDIBits
CreateBitmap
GetBitmapBits
ExtCreateRegion
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextColor
GetBkMode
SetRectRgn
GetDIBits
SetPixel
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetCurrentObject
GetStockObject

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
DeleteService
GetTokenInformation
ControlService
OpenThreadToken
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
GetUserNameW
RegQueryInfoKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
ChangeServiceConfigW
CreateServiceW
RegEnumKeyExA
RegEnumKeyA

shell32

SHGetFileInfoW
ExtractIconExW
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHChangeNotify
DragQueryFileW
SHOpenFolderAndSelectItems
SHGetDesktopFolder
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationW
ord680
ShellExecuteW
ShellExecuteA
SHGetFolderPathA
SHGetSpecialFolderPathW
SHGetFolderPathW
ord68
Shell_NotifyIconW

comctl32

_TrackMouseEvent
ImageList_SetBkColor
ImageList_ReplaceIcon

ole32

CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoCreateInstance
CoUninitialize
CoInitialize

olepro32

ord251

oleaut32

SysAllocStringByteLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysAllocString
SysFreeString
SysStringByteLen
SetErrorInfo
CreateErrorInfo
GetErrorInfo

shlwapi

SHSetValueA
PathIsDirectoryW
PathFileExistsA
PathAddBackslashW
PathRemoveFileSpecW
PathAppendW
wnsprintfW
StrCmpIW
PathCombineW
StrCmpNIW
PathFindExtensionW
StrStrW
StrCmpNA
SHDeleteKeyA
StrStrIA
StrRChrW
StrCmpNW
StrCpyNW
StrChrW
SHSetValueW
SHDeleteValueW
StrStrIW
StrCmpW
PathFileExistsW
SHGetValueA
SHGetValueW

ws2_32

inet_addr
inet_ntoa
gethostbyname

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
CM_Get_Parent
CM_Request_Device_EjectW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList

msimg32

AlphaBlend
TransparentBlt

msvcp60

??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ

Exports

Exports

ExitApp
InitApp

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 272KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sd.exe
.exe windows:4 windows x86 arch:x86

a33856e23a0f949eeae7f8b41cf2a5e3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:10:71:0c:54:c1:95:58:db:49:19:cd:83:7d:45:87:12:bb:06:34
Signer

Actual PE Digest

1e:10:71:0c:54:c1:95:58:db:49:19:cd:83:7d:45:87:12:bb:06:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord860
ord941
ord539
ord6868
ord927
ord4124
ord537
ord823
ord5852
ord5706
ord6918
ord6920
ord922
ord2606
ord4197
ord535
ord2910
ord2810
ord858
ord5679
ord4272
ord861
ord2914
ord5568
ord2613
ord4155
ord942
ord940
ord538
ord2756
ord6640
ord6278
ord925
ord800
ord825
ord561
ord540
ord815
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4667
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1569
ord1165

msvcrt

strncmp
isspace
isalpha
_vsnwprintf
strstr
wcschr
wcsncat
time
isalnum
strchr
wcsstr
__CxxFrameHandler
tolower
_purecall
fopen
_snprintf
memmove
fprintf
_wtoi
wcslen
wcsncpy
atoi
wcscmp
_wcsicmp
wcsrchr
fclose
fread
ftell
fseek
fputc
sscanf
atof
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
wcsncmp

kernel32

QueryDosDeviceW
OpenProcess
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CloseHandle
GetModuleHandleA
GetCurrentProcess
GetVersionExW
GetVersion
GetTempPathW
CopyFileW
GetPrivateProfileStringW
lstrcpynW
FreeLibrary
LoadLibraryW
GetProcAddress
ProcessIdToSessionId
GetCurrentProcessId
GetTickCount
FindClose
FindFirstFileW
FindNextFileW
Thread32Next
SuspendThread
OpenThread
Thread32First
ResumeThread
GetLogicalDriveStringsW
WaitForSingleObject
ReadProcessMemory
GetModuleHandleW
WritePrivateProfileStringW
ReadFile
CreateFileW
GetLastError
CreateDirectoryW
RemoveDirectoryW
DeleteFileW
SetFileAttributesW
Sleep
InterlockedCompareExchange
GetFileAttributesExW
CreateMutexW
SystemTimeToFileTime
CreateProcessW
FileTimeToSystemTime
GetTimeZoneInformation
GetFileAttributesW
GetWindowsDirectoryW
MoveFileExW
SetEnvironmentVariableW
SetFilePointer
GetFileSize
CreateEventW
SetEvent
GetStartupInfoW
LoadLibraryA
GetLongPathNameW
WideCharToMultiByte
AreFileApisANSI
MultiByteToWideChar
GetExitCodeProcess
GetModuleFileNameW
GetACP

user32

CharLowerBuffW
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
MessageBoxW

advapi32

SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
InitializeSecurityDescriptor

shell32

SHGetSpecialFolderPathW
ShellExecuteExW

msvcp60

?_Xran@std@@YAXXZ
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

shlwapi

StrCmpNW
SHDeleteValueW
SHSetValueW
PathAddBackslashW
PathFileExistsW
SHGetValueW
StrCmpNIW
PathRemoveFileSpecW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sdrun.exe
.exe windows:4 windows x86 arch:x86

71a1d17bf4a5e2c01dd332b82c76ac21

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:42:82:40:f3:41:a5:bc:9f:0e:00:fb:f8:be:a6:bb:20:46:12:9d
Signer

Actual PE Digest

aa:42:82:40:f3:41:a5:bc:9f:0e:00:fb:f8:be:a6:bb:20:46:12:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SendMessageTimeoutW
GetWindowThreadProcessId
FindWindowExW
LoadStringW
DestroyWindow
wvsprintfW
CharNextW
MessageBoxW

kernel32

GetFileSize
SetFilePointer
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleFileNameW
Sleep
CloseHandle
CreateProcessW
WritePrivateProfileStringW
CopyFileW
GetPrivateProfileStringW
WaitForSingleObject
MoveFileW
DeleteFileW
GetFileAttributesExW
InterlockedDecrement
lstrlenW
GetTempPathW
GetDriveTypeW
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
InitializeCriticalSection
InterlockedIncrement
GetVersion
GetVersionExW
GetModuleHandleA
DebugBreak
OutputDebugStringW
lstrlenA
GetExitCodeProcess
ReadFile
CreateFileW
GetStartupInfoA

shlwapi

SHGetValueW
PathFileExistsW

shell32

ShellExecuteExW

msvcrt

_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
__setusermatherr
_wtoi
iswdigit
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
wcslen
_wcsnicmp
wcsncpy
wcsrchr
wcsncat
atoi
_vsnwprintf
__CxxFrameHandler
??2@YAPAXI@Z
_wcsicmp
free
_controlfp

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 284KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360sdupd.exe
.exe windows:4 windows x86 arch:x86

4cafafadd12d9b5f4cc067a2c4b17750

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:31:11:13:d0:83:76:5d:f4:dc:f7:a3:84:11:63:b6:74:81:7d:5c
Signer

Actual PE Digest

dd:31:11:13:d0:83:76:5d:f4:dc:f7:a3:84:11:63:b6:74:81:7d:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord941
ord539
ord927
ord5852
ord5706
ord6918
ord6920
ord4197
ord2606
ord537
ord6640
ord922
ord4124
ord942
ord5679
ord803
ord543
ord3579
ord4166
ord5568
ord6278
ord6279
ord6868
ord2910
ord2756
ord2810
ord940
ord535
ord858
ord2717
ord296
ord540
ord861
ord5208
ord617
ord3658
ord5214
ord823
ord6370
ord538
ord925
ord800
ord1131
ord2613
ord567
ord1230
ord2144
ord818
ord3737
ord4621
ord3397
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord1165
ord860
ord2099
ord2836
ord6390
ord5446
ord6379
ord5436
ord4155
ord3591
ord5860
ord4459
ord3254
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord1569
ord6188
ord5755
ord2966
ord562
ord6597
ord5778
ord816
ord6354
ord804
ord3724
ord3389
ord4400
ord2579
ord3084
ord682
ord3625
ord4394
ord2572
ord2746
ord2859
ord4269
ord4667
ord470
ord755
ord2114
ord556
ord3701
ord4282
ord6726
ord2070
ord2567
ord795
ord3716
ord1088
ord2854
ord5871
ord6193
ord2914
ord2858
ord668
ord1972
ord3173
ord4053
ord2773
ord2762
ord356
ord3614
ord1634
ord3621
ord2406
ord665
ord1971
ord6381
ord5180
ord354
ord3566
ord640
ord5781
ord1633
ord323
ord5945
ord4294
ord3087
ord2855
ord3693
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord4390
ord3605
ord3569
ord765
ord616
ord2100
ord2085
ord2081
ord2072
ord2111
ord2108
ord4279
ord656
ord613
ord4118
ord283
ord2372
ord2559
ord289
ord609
ord809
ord1761

msvcrt

strstr
_wcslwr
printf
??0exception@@QAE@XZ
_except_handler3
_exit
_XcptFilter
isalnum
wcsncmp
atoi
_vsnprintf
_vsnwprintf
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_purecall
__CxxFrameHandler
wcsrchr
_wtoi
wcsstr
_wtoi64
wcscmp
wcsncat
_wcsicmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
wcsncpy
wcschr
srand
time
rand
wcslen
_wsplitpath
ceil
floor
_ftol
memchr
fread
fclose
ftell
fseek
fwrite
_setjmp3
__CxxLongjmpUnwind
_wmakepath
fopen
_wfopen
abort
_snprintf
_wfsopen
wcstod
atof
sscanf
tolower
malloc
free
longjmp
fprintf
_iob
strtod
_CIpow
fputc
isalpha
isspace
strncmp
strchr
_wcsnicmp
towlower
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
__set_app_type
__p__fmode
exit

kernel32

GetCurrentProcessId
ProcessIdToSessionId
GetACP
MultiByteToWideChar
AreFileApisANSI
WideCharToMultiByte
GetLongPathNameW
LoadLibraryA
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcmpW
GetModuleHandleA
GetVersionExW
GetVersion
FileTimeToSystemTime
SystemTimeToFileTime
MoveFileW
Thread32Next
OutputDebugStringA
ResetEvent
CreateThread
GetPrivateProfileSectionNamesW
MoveFileExW
RemoveDirectoryW
CopyFileW
FreeLibrary
CreateProcessW
GetExitCodeProcess
SetEvent
GetSystemDefaultUILanguage
GetSystemDirectoryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
CreateEventW
FindFirstFileW
FindNextFileW
FindClose
OpenProcess
SetLastError
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetCurrentThread
ReadFile
WriteFile
MapViewOfFile
WritePrivateProfileSectionW
GetPrivateProfileIntW
lstrcpynW
GetTempFileNameW
SuspendThread
OpenThread
Thread32First
ResumeThread
ReadProcessMemory
SetFileAttributesW
InterlockedCompareExchange
GetFileAttributesExW
GetTimeZoneInformation
GetFileAttributesW
SetEnvironmentVariableW
lstrlenA
SetFilePointer
GetFileSize
GetShortPathNameW
SetEndOfFile
OutputDebugStringW
VirtualQueryEx
CreateProcessA
WriteProcessMemory
VirtualProtectEx
VirtualAllocEx
VirtualQuery
GetCurrentThreadId
VirtualProtect
FlushInstructionCache
GetThreadContext
SetThreadContext
VirtualAlloc
GetModuleHandleW
GetStartupInfoW
WaitForMultipleObjects
LocalFree
lstrlenW
MulDiv
GetTempPathW
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
ExpandEnvironmentStringsW
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnmapViewOfFile
CloseHandle
Sleep
ReleaseMutex
FlushFileBuffers
WaitForSingleObject
GetTickCount
GetCommandLineW
GetProcAddress
LoadLibraryW
GetModuleFileNameW
InterlockedDecrement
GetLastError
CreateMutexW
CreateFileMappingW
OpenFileMappingW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateDirectoryW
GetWindowsDirectoryW
DeleteFileW
CreateFileW

user32

LoadCursorW
KillTimer
CopyRect
DrawTextW
GetParent
ScreenToClient
GetCursorPos
GetUpdateRgn
TabbedTextOutW
GrayStringW
GetSysColor
ShowWindow
SetForegroundWindow
GetKeyState
RegisterWindowMessageW
IsRectEmpty
GetDC
ReleaseDC
SetCursor
GetWindow
GetWindowThreadProcessId
EnumWindows
GetMenuItemCount
GetSubMenu
GetMenuStringW
ModifyMenuW
SetTimer
DestroyWindow
EnableWindow
PostMessageW
FindWindowW
CharLowerBuffW
WaitForInputIdle
WindowFromPoint
GetSystemMetrics
SystemParametersInfoW
FillRect
IsIconic
GetClientRect
FrameRect
InvalidateRect
GetWindowRect
SendMessageW
LoadImageW
LoadIconW
DrawIconEx
DrawIcon
GetClipboardData
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsClipboardFormatAvailable
PtInRect
OffsetRect
IsWindow
GetDesktopWindow
SetWindowPos
IntersectRect
GetWindowLongW
GetMenuItemID

advapi32

RegCloseKey
InitializeSecurityDescriptor
RegOpenKeyW
RegEnumKeyW
RegSetValueExW
QueryServiceStatusEx
StartServiceW
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
ControlService
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitializeSecurity
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayGetElement
SafeArrayGetLBound
VarBstrCat
SysAllocStringLen
VariantInit
SafeArrayGetUBound
SysStringLen
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
VariantCopy
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString

shlwapi

PathCombineW
PathFindExtensionW
StrCmpNIW
PathRemoveFileSpecW
PathFileExistsW
StrCmpIW
StrStrIW
SHGetValueW
PathAddBackslashW
StrCmpNW
PathIsDirectoryW
SHSetValueW
SHDeleteValueW
PathAppendW
SHDeleteKeyW

imm32

ImmDisableIME

rasapi32

RasEnumEntriesW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
WSAStartup
gethostname
WSACleanup
inet_ntoa

msimg32

AlphaBlend
TransparentBlt

gdi32

CreateDIBSection
CreateCompatibleDC
DeleteObject
GetDIBits
GetObjectW
CreateFontIndirectW
SelectObject
CreateCompatibleBitmap
StretchDIBits
SetStretchBltMode
BitBlt
SetPixel
CombineRgn
CreateRectRgn
ExtCreateRegion
GetBitmapBits
CreateBitmap
SetDIBits
SetRectRgn
GetCurrentObject
GetBkMode
GetTextColor
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetDeviceCaps
GetStockObject
DeleteDC

comctl32

_TrackMouseEvent

msvcp60

??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??1locale@std@@QAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ

olepro32

ord251

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
360verify.dll
.dll windows:4 windows x86 arch:x86

ce928fde4597fcf5a0df8d3d7203f05e

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
lstrcmpiA
GetLastError
LocalFree
LocalAlloc
CreateFileW
FreeLibrary
FindResourceExA
LoadLibraryExA
lstrlenW
WideCharToMultiByte
CreateFileA
CloseHandle
DeviceIoControl
GetSystemTimeAsFileTime
lstrlenA
GetFileSize
FlushFileBuffers
SetStdHandle
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
IsBadCodePtr
SetUnhandledExceptionFilter
GetCPInfo
ReadFile
MultiByteToWideChar
InterlockedDecrement
InterlockedIncrement
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LCMapStringA
LCMapStringW
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
GetStringTypeA
GetStringTypeW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

SHSetValueA
SHGetValueA

netapi32

Netbios

wintrust

CryptCATAdminReleaseContext
CryptCATAdminCalcHashFromFileHandle
WinVerifyTrust
WTHelperGetProvCertFromChain
CryptCATAdminReleaseCatalogContext
CryptCATAdminEnumCatalogFromHash
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminAcquireContext

crypt32

CertGetNameStringA

Exports

Exports

CheckFileTrustA
CheckFileTrustExA
CheckFileTrustExW
CheckFileTrustW
GetCIDA
GetCIDW
Validate360ResourceSignA

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AVLib.dat
Banklist/caifutong.png
.png
Banklist/gongshangyinhang.png
.png
Banklist/gouwufanli.png
.png
Banklist/jiansheyinhang.png
.png
Banklist/kuaiqian.png
.png
Banklist/shoujichongzhi.png
.png
Banklist/tuangou.png
.png
Banklist/zhaoshangyinhang.png
.png
Banklist/zhifubao.png
.png
CrashReport.dll
.dll windows:4 windows x86 arch:x86

82e26c2c1f16c0494816956bd4cf31a1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

dbghelp

MiniDumpWriteDump

shlwapi

PathFileExistsW
SHGetValueW
SHSetValueW

mfc42u

ord858
ord4272
ord5679
ord535
ord925
ord927
ord942
ord922
ord537
ord825
ord823
ord540
ord861
ord800
ord538

msvcrt

_wcslwr
memchr
qsort
strncpy
swscanf
free
malloc
_purecall
wcsncmp
memmove
swprintf
wcschr
_snwprintf
tolower
strerror
wcscpy
wcstok
_errno
_CxxThrowException
wcscmp
wcsstr
wcslen
wcsncat
_wcsicmp
_wcsnicmp
_vsnwprintf
wcscat
wcsrchr
__CxxFrameHandler
_except_handler3
_vsnprintf
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
wcsncpy

kernel32

SystemTimeToFileTime
LocalFileTimeToFileTime
DeviceIoControl
GetFileSize
SetFilePointer
GetACP
SetFilePointerEx
ReadFile
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
CreateMutexW
WaitForSingleObject
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
lstrlenA
lstrcmpA
GetProcAddress
GetFileType
GetSystemTimeAsFileTime
CreateFileA
CreateDirectoryW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetModuleFileNameW
CloseHandle
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
CreateProcessW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetUnhandledExceptionFilter
SetLastError
GetLastError
OutputDebugStringW
LocalFree
GetSystemTime
FormatMessageW
LoadLibraryW
MultiByteToWideChar
FreeLibrary

user32

IsWindowVisible
GetDesktopWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegEnumKeyExW

crypt32

CertGetCertificateContextProperty
CertGetNameStringW
CryptMsgClose
CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore

wintrust

WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

version

VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

?RaiseException@@YAXXZ
AutoSend
Initialize
OnExiting

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DataDriv.dat
LiveUpd360.dll
.dll windows:5 windows x86 arch:x86

9958feebd8186556f36ddefe5ac77b8f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build\360Pdown_2\DownDll\Release\LiveUpd360.pdb

Imports

kernel32

GetModuleFileNameW
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetFileAttributesW
CreateDirectoryW
DeleteFileW
FindClose
FindFirstFileW
SetEvent
ReleaseMutex
CloseHandle
SetFilePointer
WriteFile
CreateFileW
GetLocalTime
WaitForSingleObject
CreateMutexW
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
LoadLibraryW
Sleep
lstrlenW
GetModuleHandleW
GetLastError
GetTickCount
FreeLibrary
SuspendThread
ReleaseSemaphore
WaitForMultipleObjects
CreateSemaphoreW
SetWaitableTimer
CreateWaitableTimerW
GetPrivateProfileIntW
InterlockedIncrement
InterlockedDecrement
CreateThread
CopyFileW
MoveFileW
GetLongPathNameW
GetVersionExW
WideCharToMultiByte
MoveFileExW
TlsSetValue
TlsGetValue
TlsAlloc
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetFileSizeEx
SetCurrentDirectoryW
GetCurrentDirectoryW
ReadFile
GetFileSize
FlushFileBuffers
GetFileAttributesExW
MulDiv
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapFree
ExitThread
HeapAlloc
GetSystemTimeAsFileTime
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetModuleHandleA

shlwapi

wvnsprintfW
PathAppendW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

gethostbyname
WSAGetLastError
gethostname
inet_addr
WSAStartup
closesocket
WSAEventSelect
bind
htons
htonl
setsockopt
WSAIoctl
socket
sendto
recvfrom
WSAWaitForMultipleEvents
ntohs
inet_ntoa

wininet

HttpQueryInfoW
InternetCloseHandle
InternetConnectW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW

user32

RegisterClassW
CreateWindowExW
DestroyWindow
SendMessageTimeoutW
FindWindowExW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DefWindowProcW
IsWindow
GetActiveWindow
MessageBoxW

advapi32

RegOpenKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromString

Exports

Exports

PPClose
PPCloseHandle
PPDownload
PPGetConfig
PPInit
PPQueryTask
PPQueryTaskEx
PPRemoveTask
PPRestart
PPSetConfig
PPStartTask
PPStartTaskEx
PPStopSeed
PPStopTask
StartLan
StopLan
_EnableP2P
_GetTasks
_IsStopped
_P2SPCancelCheckProxy
_P2SPCheckProxy
_P2SPSetOption
_P2SPUpdateRegInfo
_PPQueryIPPort
_PPQueryTask2
_PPSetLocalLog
_Run
_SetKeep
_SetKeepEx
_SetLocalLog
_StartRun
_StopRun
__PPSetModulePath2

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MenuEx.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3d7443bbd0dd6e687a34c9466ee16ce5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
LoadLibraryW
lstrcpyW
FreeLibrary
InterlockedIncrement
InterlockedDecrement
GetTickCount
CloseHandle
CreateProcessW
WritePrivateProfileStringW
GetTempFileNameW
GetTempPathW
lstrcpynA
WideCharToMultiByte
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
GetModuleFileNameW
GetModuleHandleW
GetShortPathNameW
InitializeCriticalSection
lstrlenW
HeapCreate
GetVersionExW
GetSystemInfo
HeapAlloc
lstrcatW
DisableThreadLibraryCalls

user32

InsertMenuItemW
LoadStringW
CharNextW
GetSystemMetrics
InsertMenuW
wsprintfW
DrawTextW
GetSysColor
ReleaseDC
GetDC
LoadImageW
SystemParametersInfoW
SetMenuItemBitmaps

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegCloseKey

shell32

DragQueryFileW

ole32

ReleaseStgMedium
CoUninitialize
CoInitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2

oleaut32

LoadTypeLi
RegisterTypeLi
SysStringLen
SysAllocString
VarUI4FromStr
SysFreeString
LoadRegTypeLi

shlwapi

SHDeleteKeyW

msvcrt

__CxxFrameHandler
wcslen
memcmp
realloc
malloc
free
??2@YAPAXI@Z
_purecall
memcpy
memset
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PDown.dll
.dll windows:5 windows x86 arch:x86

884eb018169b85e1a3830e3dd281d0fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build\360Pdown_2\PDown\Release\PDown.pdb

Imports

kernel32

GetModuleFileNameW
FindClose
FindFirstFileW
ReleaseMutex
CloseHandle
SetFilePointer
WriteFile
CreateFileW
GetLocalTime
WaitForSingleObject
CreateMutexW
CreateEventW
GetFileSizeEx
Sleep
GetLastError
SetEvent
SetCurrentDirectoryW
GetCurrentDirectoryW
CopyFileW
MoveFileW
MoveFileExW
ReadFile
GetPrivateProfileIntW
DeleteFileW
GetProcAddress
LoadLibraryW
SuspendThread
lstrlenW
TerminateProcess
OpenProcess
InterlockedDecrement
InterlockedIncrement
GetTickCount
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CreateDirectoryW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringA
GetCPInfo
SetLastError
GetLocaleInfoA
MultiByteToWideChar
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
TlsFree
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetFileSize
RaiseException
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetModuleHandleW
ExitProcess
HeapAlloc
GetModuleHandleA
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
LCMapStringW

user32

GetActiveWindow
MessageBoxW
IsWindow
FindWindowW
GetWindowThreadProcessId
SendMessageTimeoutW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CreateWindowExW
DefWindowProcW
RegisterClassW
DestroyWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CoUninitialize
CoInitialize
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

shlwapi

PathAppendW
wvnsprintfW
PathFileExistsW

ws2_32

gethostbyname
WSAStartup
ntohs
WSACleanup
socket
WSAGetLastError
recvfrom
WSAWaitForMultipleEvents
closesocket
WSAEventSelect
sendto
bind
htons
htonl
setsockopt
WSAIoctl

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

PPClose
PPCloseHandle
PPDownload
PPGetConfig
PPInit
PPInit2
PPQueryTask
PPQueryTaskEx
PPRemoveTask
PPRestart
PPSetConfig
PPStartTask
PPStartTaskEx
PPStopTask
StartLan
StopLan

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QTQuart.dll
.dll windows:4 windows x86 arch:x86

11a62039fda623fdf02bcf774c334ca4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord540
ord6655
ord5706
ord3314
ord858
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord3948
ord2977
ord3142
ord3254
ord4459
ord3131
ord2810
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord1173
ord1568
ord1165
ord1570
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord6466
ord1571
ord600
ord826
ord269
ord922
ord354
ord5180
ord268
ord6381
ord2795
ord1971
ord1560
ord665
ord356
ord925
ord2762
ord2773
ord4053
ord3176
ord668
ord825
ord535
ord6920
ord942
ord800
ord823
ord3257
ord538
ord1115

msvcrt

_adjust_fdiv
__CxxFrameHandler
wcslen
wcsrchr
malloc
_initterm
free
_onexit
__dllonexit
??1type_info@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscmp
wcsncpy

kernel32

LocalFree
SetEndOfFile
GetLastError
SetFileTime
SetFileAttributesW
GetModuleFileNameW
GetLocalTime
CreateDirectoryW
GetTempFileNameW
GetFileAttributesExW
InterlockedCompareExchange
Sleep
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
ReadFile
CloseHandle
MoveFileW
DeleteFileW
LocalAlloc
WriteFile

shlwapi

PathIsDirectoryW
PathFileExistsW

Exports

Exports

QT_CloseFindItemHandle
QT_CreateFind
QT_FindNextItem
QT_FindNextItemForCount
QT_QuartFile
QT_RemoveItem
QT_RestoreFile
QT_Section_Close
QT_Section_Open

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QuickBack.dll
.dll windows:5 windows x86 arch:x86

9a6140356301b26c26dcc333668c884a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5c:a1:77:a1:c1:ef:e9:02:b5:1f:86:e0:fa:de:69:98:1c:aa:99:c4
Signer

Actual PE Digest

5c:a1:77:a1:c1:ef:e9:02:b5:1f:86:e0:fa:de:69:98:1c:aa:99:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\building\360project\360sd\branches\beta\build\x86\QuickBack.pdb

Imports

kernel32

ReadFile
CreateFileW
FlushFileBuffers
GetTempPathW
GetLastError
MoveFileW
LockResource
CloseHandle
DeleteFileW
InterlockedExchange
GetModuleHandleW
GetCurrentThread
GetProcAddress
GetSystemInfo
GetThreadTimes
lstrlenA
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
WaitForSingleObject
SetEvent
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
TerminateThread
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
lstrlenW
RaiseException
SetLastError
SizeofResource
CreateEventW
WaitForMultipleObjects
DeleteCriticalSection
SuspendThread
ResumeThread
GetFileSize
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
GetVersionExW
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW
DosDateTimeToFileTime
SystemTimeToFileTime
GetCurrentProcess
SetFileTime
GetCurrentDirectoryW
GetFileType
FileTimeToDosDateTime
MapViewOfFile
UnmapViewOfFile
FileTimeToSystemTime
CreateFileMappingW
GetFileInformationByHandle
GetSystemTime
CopyFileW
Sleep
WriteFile
InterlockedCompareExchange
GetTempFileNameW
LoadResource
FreeLibrary
FindResourceW
FindResourceExW
SetFilePointer
EnterCriticalSection
CompareStringW
CompareStringA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetSystemTimeAsFileTime
ExitThread
CreateThread
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
ExitProcess
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetModuleHandleA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
CreateFileA
SetEnvironmentVariableA

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW

shlwapi

PathIsDirectoryW
PathFileExistsW
PathIsDirectoryEmptyW

Exports

Exports

CreateObject

Sections

.text
Size: 266KB - Virtual size: 266KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Router.dll
.dll windows:4 windows x86 arch:x86

7626a30136015dfa28e310b0acc12aa1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
SetThreadPriority
TerminateThread
SetEvent
GetLastError
ConnectNamedPipe
CreateEventA
GetOverlappedResult
WaitForSingleObjectEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFileEx
OutputDebugStringA
WriteFile
DisconnectNamedPipe
CreateNamedPipeA
CloseHandle

advapi32

SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
AllocateAndInitializeSid

msvcrt

??2@YAPAXI@Z
__CxxFrameHandler
memmove
malloc
free
_beginthread
_endthreadex
__dllonexit
_onexit
_initterm
_adjust_fdiv

Exports

Exports

?StartListen2@Communicator@@YAPAXPBD@Z
?StartListen@Communicator@@YAHPBD@Z
?StopListen2@Communicator@@YAXPAX@Z
?StopListen@Communicator@@YAHXZ

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SDSkin/360QBack.uic
SDSkin/Default.uic
SDVersion.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e9:20:1a:15:7e:23:c9:5a:47:ac:70:58:bf:36:1c:b5:b2:21:8d:cd
Signer

Actual PE Digest

e9:20:1a:15:7e:23:c9:5a:47:ac:70:58:bf:36:1c:b5:b2:21:8d:cd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Safelive.dll
.dll regsvr32 windows:4 windows x86 arch:x86

084454bb75d43670d62a78ddde2689b4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RemoveDirectoryW
LoadLibraryExW
SetErrorMode
GetFullPathNameW
DebugBreak
OutputDebugStringW
GetModuleFileNameW
UnlockFile
ReadFile
LockFile
GetSystemDefaultUILanguage
GetTickCount
WritePrivateProfileStringW
GetPrivateProfileStringW
CreateEventW
SetEvent
ResetEvent
Sleep
DisableThreadLibraryCalls
GetShortPathNameW
GetModuleHandleW
SizeofResource
LoadResource
CopyFileW
GetLastError
lstrcmpiW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetLongPathNameW
InterlockedCompareExchange
ResumeThread
SetThreadPriority
CreateMutexW
ReleaseMutex
MoveFileExW
LocalFree
SetFileAttributesW
DeleteFileW
GetTempPathW
GetTempFileNameW
GetVersionExW
GetFileType
SetLastError
lstrcmpA
SetFilePointer
GetSystemTime
FormatMessageW
GetCurrentThreadId
GetACP
CreateThread
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedIncrement
CreateFileW
GetFileTime
GetFileSize
CloseHandle
MultiByteToWideChar
InterlockedDecrement
lstrlenA
lstrlenW
LoadLibraryW
GetProcAddress
FindResourceW
GetSystemTimeAsFileTime
DeviceIoControl
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
TlsFree
HeapFree
FreeLibrary

user32

RegisterClassExW
CharUpperW
FindWindowW
PostMessageW
SetTimer
SetWindowLongW
SetForegroundWindow
GetWindowLongW
ShowWindow
WaitForInputIdle
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
CharNextW
wvsprintfW
LoadStringW
SendMessageTimeoutW
IsWindow
CharLowerW
KillTimer
DestroyWindow
CreateWindowExW
DefWindowProcW

advapi32

RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoTaskMemRealloc
OleInitialize
OleUninitialize

oleaut32

SysAllocString
SysFreeString
VarUI4FromStr
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen

urlmon

URLDownloadToFileW

msvcrt

iswdigit
_wcsnicmp
_CxxThrowException
memcpy
??0exception@@QAE@ABV0@@Z
strlen
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
memmove
memcmp
memset
wcscmp
_wtoi
wcslen
free
malloc
_except_handler3
realloc
iswspace
wcschr
_vsnwprintf
strchr
fclose
_wfopen
getc
fseek
putc
rand
srand
_ftol
time
_purecall
abs
_beginthreadex
ftell
fread
fwrite
ungetc
fgetc
?terminate@@YAXXZ
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
??2@YAPAXI@Z
isspace
isalpha
_wcsicmp
wcsstr
__CxxFrameHandler
wcsncmp
wcsncpy
wcscpy
_errno
wcstok
strerror
wcsrchr
_snwprintf
swprintf
strncpy
qsort
memchr
_wcslwr
swscanf
tolower
wcscat
_wtol
_vsnprintf

setupapi

SetupIterateCabinetW

shlwapi

SHSetValueW
PathFindFileNameW
StrCmpNW
StrChrW
StrCmpNIW
UrlCombineW
StrToIntW
StrStrW
SHDeleteKeyW
StrCpyNW
StrDupW
StrStrIW
UrlGetPartW
SHGetValueW
PathAppendW
PathIsDirectoryW
PathFileExistsW
StrCmpIW
PathCombineW
PathIsPrefixW
PathRemoveFileSpecW
PathStripToRootW
StrPBrkW
UrlEscapeW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

crypt32

CertGetNameStringW
CertGetCertificateContextProperty
CertOpenStore
CryptMsgOpenToDecode
CryptMsgUpdate
CertCloseStore
CryptMsgClose

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

ConnectUpdateServer
CreateUpdateServer
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 160KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.IShareO
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tools/360FirstAD.png
.png
Tools/360SandBox.png
.png
Tools/360SoftMgr.png
.png
Tools/AutoRun.png
.png
Tools/FileSmash.png
.png
Tools/LSPFix.png
.png
Tools/NetConnectMgr.png
.png
Tools/QuickBack.png
.png
Tools/RubbishClean.png
.png
Tools/SysProcessMgr.png
.png
Tools/netfos.png
.png
WscControl.exe
.exe windows:5 windows x86 arch:x86

607263ad383345e32fac01f024ce9fec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:62:d7:90:36:3b:a0:bc:c7:cf:cf:84:0b:b2:7c:fa:e5:5e:e9:2d
Signer

Actual PE Digest

78:62:d7:90:36:3b:a0:bc:c7:cf:cf:84:0b:b2:7c:fa:e5:5e:e9:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentThreadId
GlobalDeleteAtom
LocalFileTimeToFileTime
GetFileSizeEx
GetVersionExA
LoadLibraryA
GlobalFindAtomW
GetModuleHandleA
HeapFree
RtlUnwind
GetCommandLineA
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
Sleep
ExitProcess
HeapCreate
VirtualFree
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
CreateFileA
GetProcessHeap
GetSystemTime
OutputDebugStringW
CreateMutexW
ReleaseMutex
OpenThread
SetEnvironmentVariableW
GetEnvironmentVariableW
SetFilePointerEx
DeviceIoControl
CreateFileW
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
LoadLibraryW
GlobalAddAtomW
GlobalFlags
lstrcmpW
SystemTimeToFileTime
lstrlenA
lstrcmpA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
FreeLibrary
InterlockedIncrement
GetModuleHandleW
GetProcAddress
WideCharToMultiByte
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
FindResourceW
LoadResource
LockResource
SizeofResource
lstrlenW
WaitForSingleObject
GetTickCount
GetEnvironmentVariableA
CloseHandle
GetVersionExW
GetModuleFileNameW
InterlockedDecrement
GetStartupInfoA
MultiByteToWideChar

shell32

ShellExecuteExW

ole32

CoInitializeSecurity
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantChangeType
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
VariantClear
SysFreeString
SysAllocString
VariantInit

shlwapi

PathFileExistsW
StrStrIA
PathAppendW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

oleacc

LresultFromObject
CreateStdAccessibleObject

user32

DrawTextExW
DrawTextW
TabbedTextOutW
RegisterWindowMessageW
LoadIconW
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
DefWindowProcW
CallWindowProcW
CopyRect
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostQuitMessage
SetForegroundWindow
PostMessageW
SetWindowPos
SetWindowLongW
IsWindow
GetDlgItem
SetWindowsHookExW
CallNextHookEx
DispatchMessageW
GetKeyState
PeekMessageW
DestroyMenu
ValidateRect
GetFocus
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
GetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
GrayStringW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetSysColorBrush
MessageBoxW
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
IsIconic

gdi32

RestoreDC
SetMapMode
SaveDC
GetStockObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
DeleteDC
ScaleViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExA

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
avcheck.dll
.dll windows:4 windows x86 arch:x86

97642af84990ecbf40d359b5917c8c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
GetPrivateProfileStringA
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileAttributesExW
MultiByteToWideChar
lstrlenA
SystemTimeToFileTime
SetLastError
GetFullPathNameW
lstrcpyW
FindNextFileW
DebugBreak
GetFileAttributesExA
ReadFile
GetFileSize
CreateFileW
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
GetPrivateProfileIntW
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
TlsFree
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetPrivateProfileStringW
InterlockedDecrement
InterlockedIncrement
SearchPathW
GetFileAttributesW
LocalFree
LocalAlloc
lstrlenW
FindFirstFileW
FindClose
GetVersionExW
CloseHandle
OutputDebugStringW

user32

LoadStringW
CharNextW
wvsprintfW

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
RegQueryValueExA
RegEnumKeyW
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CoInitializeSecurity
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysAllocStringLen
VariantChangeType
VariantCopy
SysStringLen
SysFreeString

shlwapi

StrCpyNW
PathStripToRootW
StrCmpIW
StrCmpNIW
SHEnumKeyExA
PathAppendA
PathFindFileNameW
PathAppendW
StrToIntW
StrDupW
PathFileExistsW
PathIsDirectoryW
SHGetValueW
SHGetValueA
StrChrW
SHQueryInfoKeyA

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

msvcrt

malloc
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
fgets
fclose
fopen
??0exception@@QAE@ABQBD@Z
_snwprintf
iswdigit
wcsncpy
wcsrchr
wcschr
iswspace
_wtoi64
_vsnprintf
sscanf
swscanf
strlen
atoi
mktime
localtime
time
memmove
isspace
isdigit
isalpha
wcsstr
memcpy
free
realloc
wcscmp
_vsnwprintf
memset
_wcsicmp
_wtol
_wtoi
wcslen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??2@YAPAXI@Z
??0exception@@QAE@XZ
__CxxFrameHandler

Exports

Exports

InitAntiVirusScanEng

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
banklist.dat
deepscan/cloudcom2.dll
.dll windows:4 windows x86 arch:x86

72fa5e10f3d7e5c2fd7157937e9900d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:77:3a:ee:b2:5b:d0:b7:d5:1b:7b:0a:0e:d0:af:d0:17:ed:70:6c
Signer

Actual PE Digest

bf:77:3a:ee:b2:5b:d0:b7:d5:1b:7b:0a:0e:d0:af:d0:17:ed:70:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

inet_addr
gethostbyname
gethostname
closesocket
ntohs
WSACleanup
inet_ntoa
sendto
socket
WSARecvFrom
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAStartup
getpeername
ntohl
WSAEventSelect
WSAGetLastError
htons

mfc42u

ord3403
ord1155
ord860
ord6278
ord6279
ord6655
ord665
ord5769
ord5438
ord3313
ord353
ord6489
ord3579
ord703
ord403
ord2756
ord4197
ord2910
ord537
ord858
ord539
ord535
ord2606
ord2810
ord940
ord4124
ord925
ord922
ord6868
ord538
ord825
ord540
ord861
ord800
ord823
ord543
ord803
ord5568
ord1248
ord342
ord1179
ord3875
ord3420
ord3049
ord3222
ord4272
ord3753
ord3805
ord920
ord5929
ord2755
ord5706
ord942
ord6770
ord6654
ord941
ord1971
ord5180
ord354
ord4166
ord4273

msvcrt

atoi
strstr
wcscmp
_vsnwprintf
_CxxThrowException
_except_handler3
isspace
strncpy
__CxxFrameHandler
_purecall
memmove
wcslen
_i64toa
difftime
time
_ftol
_wtoi
free
malloc
sprintf
_wcslwr
swscanf
srand
rand
sscanf
_vsnprintf
isalpha
fclose
fwrite
_wfopen
wcsstr
_wcsicmp
_wtol
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_beginthreadex
?terminate@@YAXXZ
_tzset
_stricmp
_strdup
swprintf
wcschr
_snwprintf
strerror
wcstok
wcsrchr
wcsncpy
wcsncmp
wcscpy
wcscat
fprintf
mktime
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
strchr
isupper
strncmp
strtoul
fgets
fseek
_iob
realloc
vfprintf
abort
memchr
isdigit
tolower
strcmp
qsort
getenv
isxdigit
_errno
fopen
fread
fflush
_setmode
ftell

kernel32

DuplicateHandle
MapViewOfFile
GetFileInformationByHandle
GetSystemTime
FileTimeToDosDateTime
FindNextFileW
MoveFileExW
LockFileEx
UnlockFileEx
lstrcmpA
CreateMutexW
ReleaseMutex
LocalAlloc
OutputDebugStringW
GetACP
TlsFree
SetEnvironmentVariableW
TlsAlloc
TlsSetValue
OpenThread
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LocalFileTimeToFileTime
DeviceIoControl
GetSystemTimeAsFileTime
CreateFileA
FlushFileBuffers
ResumeThread
GetVersionExA
LoadLibraryA
QueryPerformanceCounter
GlobalMemoryStatus
GetStdHandle
GetFileType
GetVersion
GetCurrentThreadId
GetFileTime
CreateFileMappingW
MapViewOfFileEx
IsBadReadPtr
UnmapViewOfFile
GetEnvironmentVariableW
FileTimeToLocalFileTime
FileTimeToSystemTime
SuspendThread
TerminateThread
GetTempPathW
GetExitCodeThread
GetLocalTime
SystemTimeToFileTime
GetCurrentProcessId
DeleteFileW
GetFileAttributesW
SetFileAttributesW
GetFileAttributesExW
CreateThread
GetCurrentProcess
GetModuleHandleW
lstrcmpiA
WaitForMultipleObjects
SetEvent
lstrlenA
ResetEvent
WaitForSingleObject
CreateEventW
ExpandEnvironmentStringsW
GetVersionExW
WriteFile
CreateFileW
GetFileSize
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
GetTickCount
InterlockedIncrement
InterlockedExchange
GetLongPathNameW
GetSystemWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
LocalFree
InterlockedCompareExchange
Sleep
LoadLibraryW
SetLastError
SetErrorMode
GetProcessHeap
HeapAlloc
HeapFree
FindFirstFileW
FindClose
OpenEventW
GetLastError
CloseHandle
MultiByteToWideChar
GetModuleFileNameW
GetProcAddress
FreeLibrary
WideCharToMultiByte
lstrlenW

user32

MessageBoxA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow

advapi32

OpenServiceW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegEnumKeyExW
FreeSid
AllocateAndInitializeSid
SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus

shell32

SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString
GetErrorInfo

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

StrChrW
StrRChrW
StrStrIW
StrCmpNIW
PathCombineW
StrCmpIW
PathFileExistsW
StrCmpW
SHSetValueW
SHDeleteValueW
PathFindFileNameW
StrCmpNW
PathRemoveFileSpecW
PathIsDirectoryW
SHGetValueW
PathAppendW

wininet

InternetConnectA
HttpQueryInfoA
HttpEndRequestA
InternetOpenA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestW
InternetCloseHandle
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallbackA
InternetCrackUrlW
InternetSetOptionA
InternetQueryOptionW
InternetGetConnectedState
InternetReadFileExA

winmm

timeGetTime

crypt32

CryptMsgClose
CertCloseStore
CryptMsgOpenToDecode
CertOpenStore
CertGetCertificateContextProperty
CertGetNameStringW
CryptMsgUpdate

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetProvSignerFromChain

netapi32

Netbios

Exports

Exports

AVCacheClose
AVCacheCreate
AVCacheQuery
AVDeleteWhite
AVInsertWhite
AVNetQuery
AVNetQueryCancel
CacheClearOldData
CacheIsNeedClearOldData
CheckCloudServerState
Create360CommXClient
GetDwordValue
GetFileTrustState
GetFileTrustStateEx
GetFileTrustStateWithHandle
GetStringValue
IsCahceTruested
MisKillCheckDangerFileSignWhitList
MisKillClose
MisKillCreate
MisKillGetIsSystemFileName
MisKillJudgeWhite
MisKillJudgeWhiteEx
MisKillJudgeWhiteOnlyFile
QueryFileCancel
QueryFileClose
QueryFileCreate
QueryFilesEx
QueryFilesEx2
QueryFilesGetError
QueryFilesIsFileInXD
QuerySetOption
SetComOption
SetVerifyFilePath
SigDestroy
SigInit
SigMatch
SigMatchCert
SmartAddRestoreFile
SmartCacheClearFileCache
SmartCacheClearOldData
SmartCacheClose
SmartCacheCreate
SmartCacheDelFiles
SmartCacheFileMonCallBack
SmartCacheFileMonCallBackEx
SmartCachePETime
SmartCacheQuery
SmartIsFileInXD
SmartIsMD5InXD
SmartNetQuery
SmartNetQueryCancel
SmartNetQueryEx
SmartNetQueryEx2
SmartQueryPreExitDll
SmartSetOption
SmartUploadCancel
SmartUploadClose
SmartUploadCreate
SmartUploadGetError
SmartUploadSetNetTimeout
SmartUploadSetOption
SmartUploadWithExtInfo
XDAddRecords
XDAddRecordsEx
XDClose
XDDeleteRecords
XDGetCounts
XDGetFirst
XDGetLastFlag
XDGetNext
XDOpen

Sections

.text
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tszTrus
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/cloudsec2.dll
.dll windows:4 windows x86 arch:x86

4b5b5b4058428d219d69f251c648bfcc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
LoadLibraryW
GetFileAttributesExW
GetLongPathNameW
GetModuleHandleW
CreateEventW
ResumeThread
SetEvent
ResetEvent
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
WaitForMultipleObjects
GetSystemDefaultUILanguage
GetEnvironmentVariableW
CreateSemaphoreW
CreateMutexW
SetWaitableTimer
CreateWaitableTimerW
SetFilePointerEx
HeapFree
HeapAlloc
GetProcessHeap
CreateProcessW
GetSystemDirectoryW
FileTimeToSystemTime
TerminateThread
CopyFileW
CreateDirectoryW
GetShortPathNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetDriveTypeW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetTempPathW
GetFullPathNameW
LocalAlloc
GetLogicalDrives
GetWindowsDirectoryW
GetSystemTimeAsFileTime
FlushFileBuffers
GetVersionExW
GetExitCodeThread
GetCurrentProcess
OpenThread
GetSystemTime
GetCurrentProcessId
GetCurrentThreadId
IsBadReadPtr
IsBadWritePtr
GetFileSizeEx
FindNextFileW
lstrcpyW
FindFirstFileW
CreateFileA
TlsGetValue
InterlockedExchange
LocalFree
FindClose
DeleteFileW
GetLocalTime
SystemTimeToFileTime
GetTickCount
ExpandEnvironmentStringsW
SearchPathW
GetSystemWindowsDirectoryW
DeviceIoControl
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
OutputDebugStringW
DebugBreak
GetPrivateProfileStringW
InterlockedIncrement
GetPrivateProfileIntW
CreateThread
InterlockedCompareExchange
Sleep
TlsSetValue
TlsAlloc
SetEnvironmentVariableW
TlsFree
LocalFileTimeToFileTime
FormatMessageW
GetACP
lstrcmpA
GetFileType
UnlockFileEx
LockFileEx
MoveFileExW
FileTimeToLocalFileTime
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetProcAddress
GetModuleFileNameW
lstrlenW
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
CreateFileW
GetLastError
GetFileSize
ReadFile
SetFilePointer
CloseHandle
WriteFile
SetLastError

user32

CharNextW
SendMessageTimeoutW
FindWindowW
CharUpperW
CharLowerW
LoadBitmapW
LoadStringW
wvsprintfW

gdi32

DeleteObject

advapi32

SetEntriesInAclW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyW
RegQueryValueExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExA
AllocateAndInitializeSid
FreeSid

shell32

CommandLineToArgvW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoUninitialize
CLSIDFromProgID
CLSIDFromString
OleRun
CoInitialize
CoCreateInstance

oleaut32

GetErrorInfo
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantClear
VariantChangeType

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy

shlwapi

PathFindExtensionW
PathIsDirectoryW
PathFindFileNameW
StrCmpNW
StrCmpIW
PathRemoveFileSpecW
StrDupW
StrStrW
StrRStrIW
SHSetValueW
StrStrIW
StrCmpNIW
SHGetValueW
PathFileExistsW
PathAppendW
StrChrW
PathCombineW
StrRChrW
StrCmpW

psapi

GetModuleFileNameExW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcrt

_vsnprintf
_adjust_fdiv
_initterm
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
??2@YAPAXI@Z
__CxxFrameHandler
_wcsicmp
free
wcslen
calloc
iswdigit
_wtoi
_wsplitpath
wcscmp
iswspace
rand
srand
swscanf
malloc
memmove
wcschr
wcsrchr
wcsstr
strncpy
isspace
wcsncmp
_i64toa
_vsnwprintf
_wcsnicmp
_ftol
_CxxThrowException
_errno
_wtoi64
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_purecall
_except_handler3
_local_unwind2
wcstoul
fclose
fgetws
fopen
printf
fwrite
fread
fseek
_wfopen
_wcslwr
_itoa
isalnum
time
wcsncpy
qsort
memchr
tolower
swprintf
wcscpy
wcscat
_snwprintf
wcstok
strerror
realloc

ws2_32

inet_addr
WSAStartup
WSACleanup
gethostname
inet_ntoa
gethostbyname

iphlpapi

DeleteIpForwardEntry
GetIpAddrTable
GetIpForwardTable
DeleteIPAddress
GetAdaptersInfo

rpcrt4

RpcAsyncInitializeHandle
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcAsyncCompleteCall
RpcStringFreeW
NdrAsyncClientCall
RpcBindingFree

wininet

InternetCloseHandle
InternetConnectA
InternetOpenA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetStatusCallbackA
InternetSetOptionA
InternetCrackUrlW

crypt32

CertGetCertificateContextProperty
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

netapi32

Netbios

winmm

timeGetTime

Exports

Exports

DSAsyncEvaluateExec
DSAsyncNotifyWriteBack
EngCreateObject
EngFrontFix
EngLib_Init

Sections

.text
Size: 728KB - Virtual size: 727KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
deepscan/heavygate.dll
.dll windows:4 windows x86 arch:x86

37882347956cddf77833c9242f66a91b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
MultiByteToWideChar
AreFileApisANSI
CloseHandle
GetLastError
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
LockFileEx
GetVersionExA
UnmapViewOfFile
UnlockFileEx
MapViewOfFile
CreateFileMappingA
CreateFileA
CreateFileW
GetTempPathA
GetTempPathW
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
LoadLibraryA
LoadLibraryW
LocalFree
FormatMessageA
FormatMessageW
GetProcAddress
FreeLibrary
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTime
GetSystemTimeAsFileTime
GetSystemInfo
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersion
GetModuleHandleA
GetTimeZoneInformation
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
FatalAppExitA
RtlUnwind
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8

Sections

.text
Size: 360KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dep360.exe
.exe windows:4 windows x86 arch:x86

36c527b29ce4ada2163fae24a42ac789

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3f:16:cb:9a:72:c7:db:75:f8:f4:b2:12:3a:ee:d7:8b:e6:0f:55:95
Signer

Actual PE Digest

3f:16:cb:9a:72:c7:db:75:f8:f4:b2:12:3a:ee:d7:8b:e6:0f:55:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mfc42u

ord1184
ord6381
ord1971
ord354
ord5180
ord5438
ord665
ord539
ord5852
ord5706
ord6918
ord6920
ord6451
ord4294
ord326
ord2078
ord4050
ord6193
ord5568
ord6911
ord6504
ord6733
ord3281
ord3993
ord6003
ord6868
ord2859
ord1771
ord6195
ord6211
ord2634
ord2350
ord809
ord860
ord2099
ord2836
ord6390
ord609
ord6379
ord5436
ord1230
ord2144
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5785
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord2559
ord2372
ord4118
ord656
ord4279
ord2108
ord2111
ord2072
ord2081
ord2085
ord2100
ord616
ord765
ord3569
ord4390
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord3605
ord3693
ord693
ord2092
ord3635
ord3365
ord4396
ord2574
ord803
ord543
ord3579
ord4199
ord4219
ord2606
ord6330
ord3087
ord5977
ord283
ord2637
ord470
ord755
ord2371
ord289
ord6871
ord613
ord2854
ord1633
ord1634
ord5781
ord2294
ord2362
ord2281
ord2406
ord3621
ord567
ord323
ord1165
ord1143
ord795
ord640
ord3566
ord3716
ord3397
ord5286
ord1768
ord6051
ord3792
ord4124
ord2756
ord6640
ord4197
ord4273
ord5679
ord2717
ord927
ord533
ord5188
ord3313
ord5461
ord6278
ord6279
ord1989
ord798
ord4155
ord535
ord1131
ord2613
ord561
ord815
ord3733
ord4418
ord4616
ord5710
ord5285
ord5303
ord4692
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord1569
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord942
ord537
ord922
ord3356
ord4667
ord4229
ord641
ord324
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord5752
ord6188
ord5755
ord2966
ord1761
ord4166
ord3614
ord562
ord5778
ord816
ord6354
ord804
ord3724
ord3389
ord4400
ord2579
ord3084
ord682
ord3625
ord4394
ord2572
ord818
ord3737
ord2746
ord2114
ord556
ord1088
ord2070
ord2567
ord5871
ord4282
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord940
ord941
ord925
ord823
ord858
ord2910
ord2810
ord6726
ord5945
ord3871
ord2855
ord2444
ord6597
ord3701
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord2291
ord2332
ord2293
ord2359
ord2358
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord356
ord2762
ord2773
ord4053
ord3173
ord1972
ord668
ord2858
ord2914
ord296
ord617
ord3658
ord5214
ord861
ord538
ord825
ord540
ord800
ord5446

msvcrt

_wtoi64
wcsrchr
wcsncat
wcsncpy
wcslen
_wcsicmp
_vsnwprintf
free
malloc
_wtoi
mktime
rand
printf
sprintf
wcsncmp
wcsstr
__CxxFrameHandler
_purecall
wcscmp
strncpy
_except_handler3
_CxxThrowException
_beginthreadex
atoi
isalnum
time
wcschr
strstr
_wcslwr
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
memmove
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@XZ
srand
_errno
wcstok
wcscpy
strerror
_snwprintf
swprintf
realloc
swscanf
strchr
strncmp
isspace
fputc
_CIpow
strtod
_iob
fprintf
isalpha
towlower
_wcsnicmp
_wfsopen
_snprintf
_controlfp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
sscanf
localtime
_vsnprintf
wcscat
tolower
memchr
qsort
_wsplitpath
_ftol
_wmakepath
ceil
floor
fread
fclose
ftell
fseek
fwrite
_setjmp3
__CxxLongjmpUnwind
wcstod
atof
fopen
_wfopen
abort
longjmp

kernel32

GetCurrentThread
CreateNamedPipeW
ConnectNamedPipe
WaitNamedPipeW
DisconnectNamedPipe
GetHandleInformation
CreateEventA
SetEndOfFile
WriteFile
SetFilePointer
GetFileSize
SetEnvironmentVariableW
GetFileAttributesW
GetTimeZoneInformation
SystemTimeToFileTime
CreateMutexW
ReadFile
ReadProcessMemory
ResumeThread
Thread32First
OpenThread
SuspendThread
Thread32Next
ProcessIdToSessionId
MultiByteToWideChar
AreFileApisANSI
GetLongPathNameW
LoadLibraryA
GetLogicalDriveStringsW
QueryDosDeviceW
lstrcmpW
GetModuleHandleA
GetVersionExW
GetVersion
lstrcmpiW
SetErrorMode
LoadLibraryExW
InterlockedCompareExchange
GetCurrentProcess
OpenMutexW
CopyFileW
GetSystemTime
GlobalMemoryStatusEx
InterlockedDecrement
LeaveCriticalSection
SetEvent
WaitForMultipleObjects
InterlockedIncrement
EnterCriticalSection
ReleaseSemaphore
DeleteCriticalSection
InitializeCriticalSection
CreateSemaphoreA
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
GetSystemWindowsDirectoryW
GetACP
WideCharToMultiByte
OutputDebugStringW
GetPrivateProfileIntW
CreateFileW
DeviceIoControl
GetExitCodeProcess
GetTempPathW
SetFileAttributesW
CreateThread
TerminateThread
CreateMutexA
GetLastError
MoveFileW
ReleaseMutex
GetCurrentProcessId
TerminateProcess
Sleep
GetModuleHandleW
GetProcAddress
OpenProcess
GetCommandLineW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
CreateProcessA
MoveFileExW
CreateProcessW
WaitForSingleObject
CloseHandle
RemoveDirectoryW
DeleteFileW
GetSystemDirectoryW
GetLocalTime
WritePrivateProfileSectionW
GetWindowsDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
GetModuleFileNameW
GetPrivateProfileStringW
GetTickCount
LocalFree
SetLastError
lstrcpynW
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
ExpandEnvironmentStringsW
MulDiv
InterlockedExchange
RaiseException
GetPrivateProfileSectionW
GetFileType
FormatMessageW
GetCurrentThreadId
CreateFileA
GetSystemTimeAsFileTime
lstrcmpA
lstrlenA
HeapFree
TlsFree
TlsAlloc
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
TlsSetValue
TlsGetValue
GetFileSizeEx
SetFilePointerEx
LockFileEx
UnlockFileEx
InitializeCriticalSectionAndSpinCount
LocalAlloc
LocalFileTimeToFileTime
GetStartupInfoW
OutputDebugStringA

user32

GetUpdateRgn
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
ScreenToClient
GetCursorPos
SetWindowLongW
GetWindowLongW
SetCursor
LoadCursorW
ReleaseDC
DrawTextW
GetKeyState
IsRectEmpty
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IntersectRect
RegisterWindowMessageW
TabbedTextOutW
GrayStringW
DrawIconEx
LoadImageW
GetSysColor
IsZoomed
OffsetRect
PtInRect
EnumChildWindows
GetWindow
EnumWindows
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuStringW
ModifyMenuW
CopyRect
SystemParametersInfoW
WindowFromPoint
CharLowerBuffW
FindWindowExW
GetWindowThreadProcessId
IsWindow
SetForegroundWindow
ShowWindow
WaitForInputIdle
KillTimer
GetParent
SetTimer
FrameRect
FillRect
InvalidateRect
IsIconic
GetSystemMetrics
DrawIcon
GetWindowRect
GetDC
GetClientRect
LoadIconW
PostMessageW
SendMessageTimeoutW
EnableWindow
GetDesktopWindow
FindWindowW
SendMessageW
SetWindowPos
MessageBoxW

gdi32

GetStockObject
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetTextColor
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetDeviceCaps
SetDIBits
CreateBitmap
GetBitmapBits
ExtCreateRegion
CreateFontIndirectW
GetDIBits
CombineRgn
SetPixel
DeleteObject
SetStretchBltMode
StretchDIBits
CreateDIBSection
GetObjectW
SetRectRgn
GetCurrentObject
SelectObject
DeleteDC
CreateRectRgn
GetBkMode

advapi32

SetEntriesInAclW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
DeleteService
ChangeServiceConfigW
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegQueryValueExA
RegEnumKeyExW
RegCreateKeyExW
GetTokenInformation
ControlService
OpenThreadToken
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
AllocateAndInitializeSid
FreeSid
GetSecurityInfo
RegCloseKey
SetSecurityInfo
RegCreateKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
CreateServiceW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ord680
ShellExecuteExW
CommandLineToArgvW

ole32

CoCreateInstance
OleInitialize
OleUninitialize
CreateStreamOnHGlobal

oleaut32

SysAllocStringByteLen
VariantCopy
SysStringByteLen
VariantInit
SysStringLen
VariantClear
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysFreeString
SysAllocString

shlwapi

StrStrIW
SHSetValueW
SHDeleteKeyW
SHDeleteValueW
SHSetValueA
SHGetValueW
SHGetValueA
PathFileExistsW
StrCmpIW
PathIsDirectoryW
PathAppendW
PathAddBackslashW
PathRemoveBackslashW
StrChrW
StrCpyNW
PathCombineW
StrCmpNIW
PathRemoveFileSpecW
wnsprintfW
StrCmpNW

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

crypt32

CryptMsgUpdate
CertCloseStore
CertOpenStore
CertGetCertificateChain
CertFreeCertificateChain
CertGetCertificateContextProperty
CryptMsgClose
CryptMsgOpenToDecode
CertGetNameStringW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

olepro32

ord251

msvcp60

??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??1locale@std@@QAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1ios_base@std@@UAE@XZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@

Sections

.text
Size: 836KB - Virtual size: 834KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
immplugin/DllHijack.dat
immplugin/Dllhijack.dll
.dll windows:4 windows x86 arch:x86

ff2be6223997367cb13fb383baead2d1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord541
ord801
ord6139
ord6874
ord2810
ord4272
ord2910
ord4124
ord823
ord825
ord538
ord925
ord540
ord2756
ord861
ord535
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_purecall
wcsrchr
__CxxFrameHandler
wcscmp

kernel32

WritePrivateProfileStringW
GetModuleFileNameW
Sleep
InterlockedCompareExchange
DisableThreadLibraryCalls
GetPrivateProfileIntW
GetPrivateProfileSectionW
SetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
FreeLibrary
LoadLibraryW

advapi32

RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW

shlwapi

PathFileExistsW

Exports

Exports

CreateObject

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/LockAcad.dll
.dll windows:4 windows x86 arch:x86

c3df5c59ec2cbc8df27ba48a2898fe37

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:70:cd:dc:2f:4d:d6:fc:f1:cb:1a:ab:8b:0f:9b:86:d1:df:0f:63
Signer

Actual PE Digest

3d:70:cd:dc:2f:4d:d6:fc:f1:cb:1a:ab:8b:0f:9b:86:d1:df:0f:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord940
ord2606
ord5604
ord941
ord6920
ord1115
ord1173
ord1568
ord1165
ord1570
ord6921
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord6466
ord1571
ord600
ord826
ord942
ord825
ord4197
ord6874
ord6139
ord5857
ord541
ord801
ord538
ord925
ord535
ord823
ord540
ord2810
ord800
ord1179
ord269

msvcrt

free
_wcsicmp
_wcsnicmp
_purecall
_onexit
__dllonexit
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
_wcslwr
wcsstr
_wtoi
wcschr
wcscmp
wcsrchr
wcslen
__CxxFrameHandler

kernel32

LocalAlloc
LocalFree
ExpandEnvironmentStringsW
GetModuleFileNameW
WritePrivateProfileStringW
GetPrivateProfileIntW
InterlockedIncrement
InterlockedDecrement

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFileExistsW
PathIsDirectoryW
StrCmpNW

Exports

Exports

CreateObject

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
immplugin/PopTrojan.dat
immplugin/PopTrojan.dll
.dll windows:4 windows x86 arch:x86

ce702a00ec19d9cf8dc9ee68ce8f86ae

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord801
ord541
ord6640
ord940
ord6139
ord6874
ord4272
ord2810
ord4124
ord942
ord823
ord825
ord538
ord925
ord540
ord2756
ord6920
ord861
ord535
ord800

msvcrt

_adjust_fdiv
malloc
_initterm
free
?terminate@@YAXXZ
_except_handler3
_purecall
wcsrchr
__CxxFrameHandler
_wtoi

kernel32

WritePrivateProfileStringW
GetModuleFileNameW
DisableThreadLibraryCalls
GetPrivateProfileSectionW
GetPrivateProfileIntW
InterlockedDecrement
InterlockedIncrement

shell32

SHGetFolderPathW

shlwapi

StrChrW
StrCmpNIW
PathFileExistsW

Exports

Exports

CreateObject

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
listpredef.dat
pluginmgr.dll
.dll windows:4 windows x86 arch:x86

6fd22d6545e5d3e1d2458e5d77a40424

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

router

?StopListen2@Communicator@@YAXPAX@Z
?StartListen2@Communicator@@YAPAXPBD@Z

kernel32

WaitForMultipleObjects
ResetEvent
ResumeThread
InterlockedDecrement
lstrlenW
CloseHandle
TerminateThread
WaitForSingleObject
InterlockedExchange
SuspendThread
LoadLibraryW
InterlockedIncrement
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
FindClose
FindNextFileW
FindFirstFileW
FreeLibrary
SetFilePointer
ReadFile
GetFileSize
CreateFileW
DebugBreak
OutputDebugStringW
lstrlenA
LeaveCriticalSection
EnterCriticalSection
SetThreadPriority
CreateEventA
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
OutputDebugStringA
ReleaseSemaphore
SetEvent
WriteFile
QueryPerformanceCounter
SetNamedPipeHandleState
GetLastError
CreateFileA
WaitForSingleObjectEx
ReadFileEx
Sleep

user32

LoadStringW
wvsprintfW
CharNextW

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

??0exception@@QAE@ABQBD@Z
_adjust_fdiv
_initterm
__dllonexit
??1type_info@@UAE@XZ
wcslen
_purecall
_beginthreadex
??2@YAPAXI@Z
__CxxFrameHandler
wcscmp
_wtoi
_onexit
wcsrchr
wcschr
_wcsicmp
iswdigit
_beginthread
malloc
memmove
_endthreadex
free
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??1exception@@UAE@XZ

shlwapi

PathFileExistsW
PathIsDirectoryW

Exports

Exports

CreateObject

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
repair.exe
.exe windows:4 windows x86 arch:x86

3c15eeec88dd5c51009f5e9ca41fc069

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHGetValueA
PathIsDirectoryEmptyW
PathIsRootW
PathFindFileNameW
SHGetValueW
PathCombineW
StrStrIW
StrToIntExW
SHSetValueA
wvnsprintfW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetExitCodeThread
ResumeThread
FindNextFileW
SetLastError
GetFullPathNameW
FindFirstFileW
FindClose
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcpyW
FlushInstructionCache
GetCurrentProcess
FlushFileBuffers
WriteFile
ReadFile
GetFileSize
CreateFileW
FreeResource
GlobalUnlock
LockResource
SizeofResource
LoadResource
FindResourceW
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
CreateMutexW
GetLastError
DebugBreak
OutputDebugStringW
lstrlenA
GetProcAddress
GetModuleHandleW
GetVersionExW
GlobalFree
GlobalLock
GlobalAlloc
GetFileSizeEx
GetPrivateProfileIntW
GetPrivateProfileStringW
CloseHandle
TerminateProcess
GetExitCodeProcess
GetFileAttributesExW
GetSystemDirectoryW
CopyFileW
MultiByteToWideChar
OpenProcess
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetVersion
MulDiv
GetModuleFileNameW
WaitForSingleObject
CreateThread
CreateEventW
SetEvent
TlsSetValue
TlsGetValue
TlsAlloc
GetLongPathNameW
TlsFree
HeapFree
FormatMessageW
GetSystemTime
GetFileType
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
ResetEvent
InterlockedExchangeAdd
CreateWaitableTimerW
SetWaitableTimer
CreateSemaphoreW
MoveFileW
SetEndOfFile
GetThreadTimes
WaitForMultipleObjects
ReleaseSemaphore
ReleaseMutex
GetCurrentThread
VirtualAlloc
VirtualFree
LoadLibraryExW
SetFilePointer
LocalFree
GetTempPathW
GetCurrentProcessId
GetTempFileNameW
RemoveDirectoryW
SetErrorMode
SetUnhandledExceptionFilter
Sleep
DeleteFileW
MoveFileExW
InterlockedIncrement
lstrlenW
InterlockedDecrement
SetEnvironmentVariableW
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
OpenThread
DeviceIoControl
CreateFileA
lstrcmpA
lstrcmpiA
GetStartupInfoW
GetTickCount

user32

CharNextW
PostMessageW
SendMessageW
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetWindowLongW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
SetForegroundWindow
ShowWindow
GetActiveWindow
DialogBoxParamW
BeginPaint
EndPaint
MessageBoxW
GetSysColor
IsWindowEnabled
GetDC
ReleaseDC
InflateRect
GetWindowTextW
GetScrollInfo
MoveWindow
GetScrollRange
GetScrollPos
SetScrollPos
SetFocus
SetScrollInfo
ShowScrollBar
GetCursorPos
ScreenToClient
DrawTextW
GetSystemMenu
SetWindowLongW
DestroyMenu
GetWindowPlacement
BringWindowToTop
LoadIconW
FindWindowExW
UpdateWindow
PostQuitMessage
IsDialogMessageW
KillTimer
CreateWindowExW
CallWindowProcW
InvalidateRect
RedrawWindow
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
IsWindow
IsWindowVisible
IsIconic
ExitWindowsEx
EnableWindow
OffsetRect
GetDlgItem
PtInRect
CopyRect
LoadStringW
UnregisterClassW
CallNextHookEx
GetParent
SetWindowTextW
UnhookWindowsHookEx
CheckDlgButton
SetWindowsHookExW
CharLowerW
SetDlgItemTextW
SetTimer
CharUpperW
wvsprintfW
GetSystemMetrics
LoadImageW
DestroyWindow
EndDialog
EnableMenuItem
DefWindowProcW
IsDlgButtonChecked
GetDlgItemTextW
CreateDialogParamW
SetCursor

gdi32

CreateCompatibleBitmap
GetDeviceCaps
SetBkColor
ExtTextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
SelectObject
SetTextColor
DeleteObject
BitBlt
CreateFontIndirectW

advapi32

RegOpenKeyExA
LookupPrivilegeValueW
RegQueryValueExA
RegEnumKeyExA
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHCreateDirectoryExW
ShellExecuteW

ole32

OleRun
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CLSIDFromProgID
CoTaskMemFree
CreateStreamOnHGlobal
CoInitialize
CoUninitialize

oleaut32

OleLoadPicture
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
VariantClear
SysFreeString
VariantInit
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
SysAllocString

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

msvcp60

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??9std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?find_first_of@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?nothrow@std@@3Unothrow_t@1@B
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_Copy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

ws2_32

ntohl
inet_addr
inet_ntoa
gethostbyname
WSAGetLastError
recv
send
setsockopt
closesocket
connect
ntohs
bind
htonl
htons
WSAStartup
WSACleanup
WSAAsyncSelect
listen
WSAAsyncGetHostByName
WSACancelAsyncRequest
recvfrom
sendto
getpeername
getsockname
shutdown
gethostname
getsockopt
ioctlsocket
accept
socket
WSASetLastError

setupapi

SetupIterateCabinetW

wininet

InternetOpenW
HttpOpenRequestW
InternetConnectW
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlW
InternetErrorDlg
HttpQueryInfoW
InternetCloseHandle
HttpSendRequestW

msvcrt

wcsncmp
wcschr
fclose
fread
_wfopen
_ftol
wcscat
_purecall
wprintf
_except_handler3
__RTDynamicCast
isdigit
_CxxThrowException
clock
gmtime
_wstat
_CIpow
atoi
_wcsdup
_stricmp
tolower
toupper
setlocale
fflush
fwprintf
_vsnprintf
fprintf
ctime
sprintf
_endthreadex
_vsnwprintf
strncpy
strtol
strchr
calloc
strncmp
memchr
_strnicmp
isspace
_atoi64
_wtoi64
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
_stat
??0exception@@QAE@ABQBD@Z
fopen
_callnewh
_errno
wcstok
strerror
swscanf
_strlwr
strncat
isprint
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_exit
_XcptFilter
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_wcsupr
_itoa
__dllonexit
_wcsnicmp
printf
exit
malloc
wcscmp
_wtoi
iswdigit
time
srand
rand
iswspace
memmove
realloc
_wcsicmp
wcsstr
free
swprintf
wcsrchr
wcscpy
_snwprintf
wcslen
_beginthreadex
wcsncat
wcsncpy
??2@YAPAXI@Z
__CxxFrameHandler

psapi

GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo
GetNetworkParams

netapi32

Netbios

secur32

AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle

winhttp

WinHttpGetIEProxyConfigForCurrentUser

Sections

.text
Size: 680KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
synccomps.xml
tools.dat
tszbr.dll
.dll windows:4 windows x86 arch:x86

01983bc2ec7519d2dc269d8b3b8df70f

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord823
ord540
ord2810
ord800
ord825

msvcrt

_snwprintf
swprintf
swscanf
??1type_info@@UAE@XZ
_CxxThrowException
_except_handler3
__CxxFrameHandler
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv

kernel32

GetLastError
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
GetVersionExW
DeviceIoControl
CloseHandle
CreateFileW
WriteFile
ReadFile
SetFilePointer
InterlockedIncrement
InterlockedDecrement
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW
PathAppendW
PathCombineW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

CreateObject

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
360sdproc.dat
7z.dll
.dll windows:4 windows x86 arch:x86

25bcc7010e8e7f0e059da50586853709

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01/08/1996, 00:00

Not After

31/12/2020, 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22/10/2008, 00:00

Not After

23/11/2010, 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 608KB - Virtual size: 607KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customskin3/thumb.png
.png
customskin3/thumb_mini.png
.png
dep360.ini
savapi/url_count.txt
savapi/wdbqvm.wl
sdinst360.exe
.exe windows:4 windows x86 arch:x86

517c7ff9dbe37149966ea18cf2d03f1f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

16/03/2010, 00:00

Not After

15/03/2013, 23:59

Subject

CN=360.cn,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=360.cn,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindClose
FindFirstFileW
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
MultiByteToWideChar
WriteFile
ReadFile
GetLastError
GetModuleFileNameW
LocalFree
GetProcAddress
GetTickCount
MoveFileW
GetStartupInfoW
GetModuleHandleW
SystemTimeToFileTime
DeleteFileW
DeviceIoControl
GetACP
SetFilePointerEx
GetFileSizeEx
TlsGetValue
OpenThread
TlsSetValue
GetCurrentProcessId
CreateMutexW
WaitForSingleObject
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
TlsAlloc
SetEnvironmentVariableW
ReleaseMutex
TlsFree
HeapFree
lstrlenA
lstrcmpA
GetFileType
MoveFileExW
GetSystemTimeAsFileTime
CreateFileA
GetCurrentThreadId
OutputDebugStringW
FormatMessageW
GetSystemTime
SetLastError
CreateDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
LocalFileTimeToFileTime
LoadLibraryW

user32

wsprintfW

shell32

CommandLineToArgvW

oleaut32

VariantClear

msvcrt

_controlfp
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__CxxFrameHandler
_purecall
_wcsicmp
wcsrchr
_CxxThrowException
memmove
malloc
free
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_vsnprintf
_except_handler3
wcscat
tolower
_wcslwr
memchr
qsort
strncpy
swscanf
wcsncmp
swprintf
wcschr
_snwprintf
wcsncpy
wcscmp
strerror
wcscpy
wcstok
wcslen
_errno
_vsnwprintf
??1type_info@@UAE@XZ

crypt32

CertGetNameStringW
CryptMsgClose
CertCloseStore
CryptMsgUpdate
CryptMsgOpenToDecode
CertOpenStore
CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

version

VerQueryValueW
GetFileVersionInfoSizeW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryValueExA

Sections

.text
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5c:d3:f1:21:fa:3d:7e:9d:eb:78:b4:4d:de:70:bb:01:e5:06:7f:c8Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 18KB - Virtual size: 17KB

b4b71331b921e2f441a2b05306cd7dae

Headers

File Characteristics

Imports

kernel32

user32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 224B

.CRT Size: 512B - Virtual size: 4B

.reloc Size: 512B - Virtual size: 382B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

04281f88c3d826e409dc7c24629e7efc

Headers

File Characteristics

Imports

kernel32

user32

wsock32

wininet

Exports

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

74:f2:95:8d:31:d0:3e:b0:42:f9:08:15:55:30:52:77
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5c:d3:f1:21:fa:3d:7e:9d:eb:78:b4:4d:de:70:bb:01:e5:06:7f:c8
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 18KB - Virtual size: 17KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 224B

.CRT
Size: 512B - Virtual size: 4B

.reloc
Size: 512B - Virtual size: 382B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 620B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 512B - Virtual size: 232B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

CODE
Size: 11KB - Virtual size: 11KB

DATA
Size: 512B - Virtual size: 176B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 74B

.reloc
Size: 1024B - Virtual size: 832B

.rsrc
Size: 512B - Virtual size: 512B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 657B

.data
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 154B