1580e4aca1a71baa9443f262e1dc83b1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1580e4aca1a71baa9443f262e1dc83b1_JaffaCakes118
Size

2.5MB
MD5

1580e4aca1a71baa9443f262e1dc83b1
SHA1

139cf06e6a976b443e8907e26ec4f461d4e8943d
SHA256

498ba03fd190d5b530dc428fd4c4613ba7348a0014eec14d3d9f2a05a2a1b1e3
SHA512

73294d87ef9bd372a1f5b56972b597d7677f61a6aa58bf6595835d3770865ab6871846525df175d1bef7ab64221f44c85cf16f98785ebae397d3cd8e5e8027e1
SSDEEP

49152:DclZn1JnMGlx5pGNGI/C3h8NfACinWEFb81Jh4g1+BHFw1S4bsXMqFi4dp:D0ZnLMGjsGcpNYXN+JnaFMBsXFi4dp

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
1580e4aca1a71baa9443f262e1dc83b1_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/GdiPlus.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsExec.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/SESetup.exe	nsis_installer_1
static1/unpack001/SESetup.exe	nsis_installer_2

Files

1580e4aca1a71baa9443f262e1dc83b1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$R0
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

Actual PE Digest

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/CloudAssist.exe
.exe windows:4 windows x86 arch:x86

619aaaa2673015a80c521e650cf0395e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

Actual PE Digest

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadKeyboardLayoutA
ActivateKeyboardLayout
SendMessageTimeoutA

gdi32

AddFontResourceA
RemoveFontResourceA

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA

shell32

SHChangeNotify

kernel32

FlushFileBuffers
CloseHandle
GetStartupInfoA
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
SetFilePointer
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/CloudServer.exe
.exe windows:4 windows x86 arch:x86

f3e64761022cc04c52ba9f88d8e3c014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

11/10/2011, 23:59

Subject

CN=ChengDu YunDuan Network Tech Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChengDu YunDuan Network Tech Co.\, Ltd.,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:1a:58:44:d2:e3:43:e4:8b:b2:b3:7c:6a:96:3f:ab:cb:e2:74:3d
Signer

Actual PE Digest

20:1a:58:44:d2:e3:43:e4:8b:b2:b3:7c:6a:96:3f:ab:cb:e2:74:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
CreateServiceA
StartServiceA
ControlService
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
CopySid
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
RegNotifyChangeKeyValue
ConvertStringSidToSidA
RegEnumKeyA
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
FreeSid
SetFileSecurityA
GetAce
AllocateAndInitializeSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityA
AddAccessAllowedAce
InitializeAcl
RegSetKeySecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

DestroyEnvironmentBlock
GetProfilesDirectoryA
CreateEnvironmentBlock

wtsapi32

WTSSendMessageA

mfc42

ord4202
ord860
ord5683
ord668
ord356
ord3663
ord539
ord5440
ord6383
ord5450
ord6394
ord6662
ord5834
ord2915
ord3584
ord543
ord803
ord1997
ord4277
ord6283
ord6282
ord4278
ord2763
ord538
ord3318
ord798
ord5194
ord533
ord6407
ord926
ord2820
ord3811
ord2841
ord922
ord1980
ord2107
ord3178
ord4058
ord2781
ord2770
ord6929
ord5856
ord6143
ord801
ord6883
ord541
ord6927
ord940
ord4083
ord1871
ord1105
ord690
ord1988
ord5808
ord5205
ord6057
ord6426
ord389
ord6877
ord3181
ord536
ord5608
ord6663
ord2764
ord941
ord2448
ord2044
ord5710
ord4129
ord537
ord939
ord2818
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord858
ord535
ord924
ord800
ord823
ord2393
ord825
ord1576
ord6928
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_iob
_open_osfhandle
_fdopen
setvbuf
printf
sscanf
fopen
fread
fclose
strncpy
_mbsicmp
memmove
strtoul
malloc
free
sprintf
_purecall
wcscmp
atof
atoi
__p___argv
__p___argc
_mbscmp
strncmp
__CxxFrameHandler
_setmbcp
_stricmp
_strcmpi
_controlfp

kernel32

GetFileAttributesExA
GetStartupInfoA
WideCharToMultiByte
GetFileAttributesA
OpenProcess
OutputDebugStringA
DeleteFileA
WaitForSingleObject
GetFileTime
SetFilePointer
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLastError
CreateFileA
GetFileSize
CloseHandle
SetEvent
Sleep
ReadFile
WaitNamedPipeA
GetOverlappedResult
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
LoadLibraryExA
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetCurrentProcessId
ResumeThread
CreateThread
DeviceIoControl
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
OpenEventA
GetTickCount
GetCurrentThreadId
SuspendThread
TerminateThread
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
ExpandEnvironmentStringsA
CreateEventA
MultiByteToWideChar

user32

DispatchMessageA
TranslateMessage
PostMessageA
PostThreadMessageA
DefWindowProcA
DestroyWindow
ExitWindowsEx
RegisterClassA
ActivateKeyboardLayout
LoadKeyboardLayoutA
UnloadKeyboardLayout
SendMessageTimeoutA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
PeekMessageA
CreateWindowExA

gdi32

RemoveFontResourceA
AddFontResourceA

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/CloudTool-uusee.exe
.exe windows:4 windows x86 arch:x86

0a13f0d7aa132689a65116439a0789f0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:b8:db:f0:19:bf:2b:40:ce:bc:1f:1b:61:6c:ec:60:f3:2a:d1:78
Signer

Actual PE Digest

8f:b8:db:f0:19:bf:2b:40:ce:bc:1f:1b:61:6c:ec:60:f3:2a:d1:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

EnumProcesses

mfc42

ord3738
ord561
ord815
ord641
ord2514
ord609
ord795
ord692
ord922
ord924
ord858
ord6283
ord6282
ord860
ord540
ord2621
ord1134
ord4129
ord535
ord2915
ord941
ord536
ord5440
ord6383
ord5450
ord6394
ord5834
ord2044
ord2448
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord5265
ord4424
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord1576
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord1146
ord1168
ord567
ord324
ord2302
ord4234
ord4160
ord926
ord6215
ord4299
ord6197
ord6199
ord4710
ord2652
ord1669
ord4376
ord5683
ord5710
ord2818
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord3663
ord4274
ord825
ord823
ord800
ord537
ord4673
ord4853
ord5065

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_setmbcp
_onexit
__CxxFrameHandler
_mbsicmp
strtoul
__p___argv
__p___argc
_except_handler3
_XcptFilter
_exit
?terminate@@YAXXZ
__dllonexit

kernel32

TerminateProcess
CloseHandle
GetLogicalDrives
GetDriveTypeA
lstrlenA
ExitProcess
OpenProcess
WriteFile
WaitNamedPipeA
GetDiskFreeSpaceA
GetFileAttributesA
GetProcAddress
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId
Module32First
Process32First
CreateToolhelp32Snapshot
Process32Next
GetLastError
CreateFileA
CreateMutexA
MultiByteToWideChar
GlobalFree
ReadFile
GlobalAlloc

user32

GetClientRect
LoadIconA
EnumWindows
GetWindowThreadProcessId
GetWindowRect
SendMessageA
GetClassNameA
EnableWindow

advapi32

AllocateAndInitializeSid
InitializeAcl
AddAccessAllowedAce
GetAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
RegCreateKeyExA
RegSetValueExA
RegCloseKey
GetLengthSid

shell32

SHGetFolderPathA

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
7zxr.dll
.dll windows:4 windows x86 arch:x86

99348a3a2c8e41aeb2829d97bc176e99

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:11:b8:09:85:db:f4:40:ad:94:21:a6:37:1e:53:57:f1:c6:00:a2
Signer

Actual PE Digest

9e:11:b8:09:85:db:f4:40:ad:94:21:a6:37:1e:53:57:f1:c6:00:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

CharLowerW
CharLowerA
CharUpperW
CharUpperA

oleaut32

SysFreeString
SysAllocStringByteLen
VariantCopy
VariantClear
SysAllocString

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memcmp
_purecall
memcpy
memmove
__CxxFrameHandler
free
_CxxThrowException
malloc

kernel32

DeleteFileA
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
DeleteCriticalSection
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
CreateFileA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
GetTempPathA
GetTempFileNameA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudAssist.exe
.exe windows:4 windows x86 arch:x86

619aaaa2673015a80c521e650cf0395e

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

Actual PE Digest

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

LoadKeyboardLayoutA
ActivateKeyboardLayout
SendMessageTimeoutA

gdi32

AddFontResourceA
RemoveFontResourceA

advapi32

RegOpenKeyA
RegEnumValueA
RegCloseKey
RegSetValueExA

shell32

SHChangeNotify

kernel32

FlushFileBuffers
CloseHandle
GetStartupInfoA
SetStdHandle
LoadLibraryA
GetProcAddress
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetLastError
SetFilePointer
HeapAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CloudEBookReader.exe
.exe windows:4 windows x86 arch:x86

a3c68eb12b6375e243c54ba8f26b103c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:be:69:9b:38:e4:49:ba:92:9d:99:bb:c3:7e:35:bc:0b:ec:16:5d
Signer

Actual PE Digest

a6:be:69:9b:38:e4:49:ba:92:9d:99:bb:c3:7e:35:bc:0b:ec:16:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord858
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord3571
ord5265
ord4998
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord809
ord1146
ord556
ord540
ord641
ord3626
ord3663
ord2414
ord2302
ord4299
ord4317
ord6215
ord6197
ord6380
ord1641
ord1153
ord1572
ord850
ord924
ord6283
ord6282
ord6377
ord2086
ord1088
ord2122
ord755
ord470
ord3619
ord4330
ord6172
ord5875
ord5789
ord4133
ord4297
ord5788
ord472
ord2754
ord2714
ord2915
ord926
ord941
ord4376
ord4224
ord4160
ord6270
ord1175
ord1644
ord2379
ord6378
ord5280
ord1168
ord5440
ord6383
ord5450
ord6394
ord2614
ord3584
ord543
ord803
ord6449
ord2727
ord6467
ord2730
ord2729
ord939
ord2818
ord4129
ord5710
ord6055
ord1776
ord5290
ord3402
ord2514
ord567
ord324
ord2135
ord818
ord4234
ord4710
ord4277
ord2764
ord2688
ord2763
ord539
ord922
ord861
ord798
ord1997
ord4278
ord538
ord3318
ord5194
ord533
ord6407
ord2820
ord3811
ord4202
ord4853
ord3706
ord640
ord1640
ord323
ord5785
ord2860
ord3874
ord2859
ord4287
ord4284
ord2107
ord2841
ord1929
ord795
ord4123
ord2753
ord6880
ord6605
ord4275
ord4220
ord3654
ord2584
ord2438
ord283
ord3721
ord2864
ord5683
ord6663
ord6883
ord6143
ord6877
ord801
ord541
ord6928
ord1949
ord4034
ord2448
ord6442
ord3693
ord5787
ord5834
ord2044
ord2971
ord5759
ord6192
ord5756
ord6186
ord6189
ord6021
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord1232
ord824
ord823
ord1134
ord2621
ord537
ord860
ord535
ord800
ord4601
ord2132
ord5247
ord5231
ord6225
ord2144
ord2145
ord4046
ord815
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4774
ord4673
ord1576

msvcrt

_setmbcp
_wcsicmp
__p__fmode
__set_app_type
__p___argv
__p___argc
__CxxFrameHandler
_mbsicmp
_beginthreadex
malloc
free
_mbscmp
strtoul
memmove
strtol
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_controlfp

kernel32

WideCharToMultiByte
CloseHandle
GetStartupInfoA
GetLastError
CreateMutexA
CreateDirectoryA
CreateProcessA
SetProcessWorkingSetSize
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ResumeThread
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
CreateEventA
WaitForSingleObject
ResetEvent
SetEvent
GetModuleFileNameA
ReadFile
GetModuleHandleA
GetFileAttributesA
MultiByteToWideChar

user32

EnableWindow
MoveWindow
ShowWindow
SetWindowRgn
OffsetRect
GetMessagePos
SetCapture
ReleaseCapture
AppendMenuA
FrameRect
CopyRect
UpdateWindow
SetActiveWindow
DispatchMessageA
GetCapture
GetMessageA
EnumWindows
LoadImageA
IsChild
WindowFromPoint
ClientToScreen
GetParent
GetKeyState
TabbedTextOutA
DrawTextA
GrayStringA
KillTimer
ScreenToClient
GetClassNameA
PtInRect
CreatePopupMenu
GetCursorPos
InvalidateRect
ReleaseDC
PostMessageA
EnumChildWindows
SetFocus
IsWindowVisible
IsWindow
GetClientRect
GetWindowRect
LoadCursorA
RegisterClassA
LoadBitmapA
SystemParametersInfoA
SetRect
GetDC
GetSystemMetrics
IntersectRect
IsRectEmpty
SetTimer
DestroyWindow
LoadIconA
GetClassInfoA
SetForegroundWindow
GetFocus
SendMessageA
SetRectEmpty
GetDesktopWindow

gdi32

ExtTextOutA
TextOutA
RectVisible
PtVisible
BitBlt
CreateCompatibleBitmap
CreatePen
Rectangle
CreateFontA
GetBitmapBits
GetTextExtentPoint32A
CreateCompatibleDC
SelectObject
CreateRectRgnIndirect
GetObjectA
CombineRgn
CreateRectRgn
OffsetRgn
CreateFontIndirectA
GetDeviceCaps
Escape

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

ole32

CreateStreamOnHGlobal

oleaut32

VariantClear

gdiplus

GdipFree
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDeleteGraphics
GdipDrawImageRectI
GdipCreateFromHDC
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc

msimg32

TransparentBlt

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CloudFun.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:48:b4:89:24:3d:98:20:86:e4:21:7b:46:1d:1a:95:9b:73:f2:e2
Signer

Actual PE Digest

dd:48:b4:89:24:3d:98:20:86:e4:21:7b:46:1d:1a:95:9b:73:f2:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudFun2.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

Actual PE Digest

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42

ord561
ord825
ord3953
ord2725
ord1131
ord6467
ord823
ord800
ord858
ord537
ord924
ord860
ord3738
ord5683
ord926
ord2915
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord269
ord1197
ord1243
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord815
ord4274
ord1168
ord1575
ord1176
ord4129
ord1577
ord1182
ord342
ord1116

msvcrt

??1type_info@@UAE@XZ
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
atoi
_mbscmp
memcmp
realloc
malloc
free
__CxxFrameHandler
_purecall
memcpy
memset

kernel32

lstrcmpiA
LoadLibraryExA
GetLastError
FindResourceA
LoadResource
SizeofResource
FreeLibrary
WideCharToMultiByte
GetModuleFileNameA
lstrcpynA
GetShortPathNameA
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
LocalFree
LocalAlloc
GetModuleHandleA

user32

wsprintfA
CharNextA

advapi32

RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CloudServer.exe
.exe windows:4 windows x86 arch:x86

f3e64761022cc04c52ba9f88d8e3c014

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

11/10/2011, 23:59

Subject

CN=ChengDu YunDuan Network Tech Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChengDu YunDuan Network Tech Co.\, Ltd.,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

20:1a:58:44:d2:e3:43:e4:8b:b2:b3:7c:6a:96:3f:ab:cb:e2:74:3d
Signer

Actual PE Digest

20:1a:58:44:d2:e3:43:e4:8b:b2:b3:7c:6a:96:3f:ab:cb:e2:74:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegCloseKey
RegQueryInfoKeyA
RegOpenKeyExA
CloseServiceHandle
DeleteService
OpenServiceA
CreateServiceA
StartServiceA
ControlService
OpenSCManagerA
RegSetValueExA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyA
CopySid
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteValueA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegDeleteKeyA
RegNotifyChangeKeyValue
ConvertStringSidToSidA
RegEnumKeyA
RegDeleteKeyW
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
RegQueryInfoKeyW
RegCreateKeyW
RegOpenKeyW
RegUnLoadKeyA
RegLoadKeyA
RegEnumValueA
OpenProcessToken
CreateProcessAsUserA
DuplicateTokenEx
FreeSid
SetFileSecurityA
GetAce
AllocateAndInitializeSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityA
AddAccessAllowedAce
InitializeAcl
RegSetKeySecurity

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

userenv

DestroyEnvironmentBlock
GetProfilesDirectoryA
CreateEnvironmentBlock

wtsapi32

WTSSendMessageA

mfc42

ord4202
ord860
ord5683
ord668
ord356
ord3663
ord539
ord5440
ord6383
ord5450
ord6394
ord6662
ord5834
ord2915
ord3584
ord543
ord803
ord1997
ord4277
ord6283
ord6282
ord4278
ord2763
ord538
ord3318
ord798
ord5194
ord533
ord6407
ord926
ord2820
ord3811
ord2841
ord922
ord1980
ord2107
ord3178
ord4058
ord2781
ord2770
ord6929
ord5856
ord6143
ord801
ord6883
ord541
ord6927
ord940
ord4083
ord1871
ord1105
ord690
ord1988
ord5808
ord5205
ord6057
ord6426
ord389
ord6877
ord3181
ord536
ord5608
ord6663
ord2764
ord941
ord2448
ord2044
ord5710
ord4129
ord537
ord939
ord2818
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord540
ord858
ord535
ord924
ord800
ord823
ord2393
ord825
ord1576
ord6928
ord1168

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_iob
_open_osfhandle
_fdopen
setvbuf
printf
sscanf
fopen
fread
fclose
strncpy
_mbsicmp
memmove
strtoul
malloc
free
sprintf
_purecall
wcscmp
atof
atoi
__p___argv
__p___argc
_mbscmp
strncmp
__CxxFrameHandler
_setmbcp
_stricmp
_strcmpi
_controlfp

kernel32

GetFileAttributesExA
GetStartupInfoA
WideCharToMultiByte
GetFileAttributesA
OpenProcess
OutputDebugStringA
DeleteFileA
WaitForSingleObject
GetFileTime
SetFilePointer
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
GetLastError
CreateFileA
GetFileSize
CloseHandle
SetEvent
Sleep
ReadFile
WaitNamedPipeA
GetOverlappedResult
FlushFileBuffers
ConnectNamedPipe
CreateNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
LoadLibraryExA
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryA
GetCurrentProcessId
ResumeThread
CreateThread
DeviceIoControl
GetShortPathNameA
EnterCriticalSection
LeaveCriticalSection
GetDriveTypeA
OpenEventA
GetTickCount
GetCurrentThreadId
SuspendThread
TerminateThread
GetVersionExA
GetModuleFileNameA
GetModuleHandleA
SetConsoleCtrlHandler
LocalFree
FormatMessageA
GlobalFree
GlobalAlloc
GetStdHandle
AllocConsole
ExpandEnvironmentStringsA
CreateEventA
MultiByteToWideChar

user32

DispatchMessageA
TranslateMessage
PostMessageA
PostThreadMessageA
DefWindowProcA
DestroyWindow
ExitWindowsEx
RegisterClassA
ActivateKeyboardLayout
LoadKeyboardLayoutA
UnloadKeyboardLayout
SendMessageTimeoutA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
PeekMessageA
CreateWindowExA

gdi32

RemoveFontResourceA
AddFontResourceA

shell32

SHGetFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
GdiPlus.dll
.dll windows:6 windows x86 arch:x86

5c3e3e3c6795c2a59bbb9fb0c591387f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

msvcrt

_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
wctomb
_itoa
_snprintf
isleadbyte
memmove
_amsg_exit
_initterm
free
malloc
_XcptFilter
_CIatan2
_CIsqrt
_CIsin
_CIcos
??3@YAXPAX@Z
_iob
_vsnprintf
_vsnwprintf
_errno
memset
memcpy
_purecall
_CIexp
_CIatan
_finite
_CIlog

kernel32

IsValidLocale
ConvertDefaultLocale
GetLocaleInfoW
GetModuleFileNameW
FindResourceA
LoadResource
LockResource
GetProfileIntA
GetProfileStringA
lstrcmpiW
LocalReAlloc
MulDiv
SetLastError
LocalAlloc
LocalFree
lstrcmpiA
IsDBCSLeadByteEx
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
Sleep
GetFileTime
SearchPathW
GetOEMCP
SetEndOfFile
WriteFile
SetFilePointer
ReadFile
UnlockFile
GetFileInformationByHandle
LockFile
FlushFileBuffers
CreateSemaphoreA
CreateFileW
LoadLibraryW
GetSystemDirectoryA
CreateFileMappingW
ReleaseSemaphore
GetFileAttributesW
GetProfileSectionA
GetLastError
VirtualFree
GlobalAlloc
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GlobalLock
GlobalSize
GlobalUnlock
GlobalFree
HeapCreate
GetModuleHandleA
HeapDestroy
GetSystemDirectoryW
GetWindowsDirectoryA
GetVersionExA
GetACP
GetSystemDefaultLCID
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
CreateEventA
CompareStringA
CloseHandle
SetEvent
WaitForSingleObject
CreateThread
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameA
LoadLibraryA
HeapReAlloc
GetVersion
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualAlloc
HeapFree
DisableThreadLibraryCalls
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
InterlockedExchange
HeapAlloc
InterlockedCompareExchange
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
RaiseException
SearchPathA
LoadLibraryExW

user32

LoadBitmapW
LoadBitmapA
ClientToScreen
SystemParametersInfoA
GetClassLongA
GetDCEx
GetIconInfo
CreateIconIndirect
WindowFromDC
GetWindowRect
GetDesktopWindow
GetClientRect
PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
RegisterClassA
RegisterWindowMessageA
CreateWindowExA
DefWindowProcA
GetSystemMetrics
DestroyWindow
UnregisterClassA
GetSysColor
GetDC
ReleaseDC
GetWindowLongA

gdi32

CreateCompatibleBitmap
SetWindowOrgEx
GetTextCharsetInfo
TranslateCharsetInfo
GetCurrentPositionEx
ArcTo
SetArcDirection
GetPath
AbortPath
FlattenPath
WidenPath
Ellipse
AngleArc
RoundRect
PolyDraw
Pie
Chord
Arc
OffsetClipRgn
GetRgnBox
CombineRgn
SetPaletteEntries
ResizePalette
ExcludeClipRect
PlayEnhMetaFile
GetWinMetaFileBits
PlgBlt
BitBlt
OffsetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineTransform
SetMapperFlags
CreateDIBitmap
CreatePen
CreatePatternBrush
GetBkMode
GetTextAlign
ExtCreateRegion
Polyline
PolyPolyline
StrokeAndFillPath
FillPath
SetPolyFillMode
PolyBezier
SelectClipPath
LineTo
GetGraphicsMode
ModifyWorldTransform
BeginPath
PolylineTo
PolyBezierTo
MoveToEx
CloseFigure
EndPath
StrokePath
ExtSelectClipRgn
GetPixel
ExtTextOutA
CreateSolidBrush
SetMiterLimit
FillRgn
GetDIBColorTable
GetNearestPaletteIndex
SetViewportOrgEx
SetGraphicsMode
SetWorldTransform
GetEnhMetaFileW
GetEnhMetaFileA
GetEnhMetaFileBits
CopyEnhMetaFileA
CopyMetaFileA
DeleteMetaFile
GetEnhMetaFileHeader
SetMetaFileBitsEx
SetEnhMetaFileBits
CreateEnhMetaFileA
SetMapMode
SetViewportExtEx
SetWindowExtEx
PlayMetaFile
CloseEnhMetaFile
DeleteEnhMetaFile
SetMetaRgn
GetObjectType
GetMetaFileBitsEx
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetBkMode
SetDIBits
CreateBrushIndirect
PatBlt
GdiFlush
GetPaletteEntries
RealizePalette
CreateDIBSection
CreateCompatibleDC
GetDIBits
GetCurrentObject
GetObjectA
GetDCOrgEx
Escape
SetICMMode
GetMapMode
GetViewportOrgEx
GetWindowOrgEx
GetViewportExtEx
GetWindowExtEx
LPtoDP
GetRandomRgn
ExtEscape
CreateRectRgn
CreateICA
CreateDCA
DeleteDC
GetRegionData
CreateFontIndirectA
CreateFontIndirectW
SelectObject
EnumFontFamiliesExW
EnumFontFamiliesExA
GetTextMetricsW
GetTextFaceW
GetTextMetricsA
GetTextFaceA
SelectPalette
DeleteObject
GetDeviceCaps
GetSystemPaletteUse
GetSystemPaletteEntries
CreatePalette
GetMetaFileA
SaveDC
GetMetaFileW
GdiComment
CreateEnhMetaFileW
SetDIBColorTable
SetBitmapBits
ExtTextOutW
PlayMetaFileRecord
IntersectClipRect
StretchBlt
PolyPolygon
SetROP2
SetTextJustification
SetTextAlign
StretchDIBits
SetStretchBltMode
GetNearestColor
DPtoLP
GetObjectW
CreatePenIndirect
GetTextColor
GetBkColor
SelectClipRgn
GetClipRgn
SetBrushOrgEx
Polygon
Rectangle
GetROP2
GetWorldTransform
CreateDIBPatternBrushPt
ExtCreatePen

ole32

CoTaskMemAlloc
CoTaskMemFree
CreateStreamOnHGlobal

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix
GdipScalePathGradientTransform
GdipScalePenTransform
GdipScaleTextureTransform
GdipScaleWorldTransform
GdipSetAdjustableArrowCapFillState
GdipSetAdjustableArrowCapHeight
GdipSetAdjustableArrowCapMiddleInset
GdipSetAdjustableArrowCapWidth
GdipSetClipGraphics
GdipSetClipHrgn
GdipSetClipPath
GdipSetClipRect
GdipSetClipRectI
GdipSetClipRegion
GdipSetCompositingMode
GdipSetCompositingQuality
GdipSetCustomLineCapBaseCap
GdipSetCustomLineCapBaseInset
GdipSetCustomLineCapStrokeCaps
GdipSetCustomLineCapStrokeJoin

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv.sys
.sys windows:5 windows x86 arch:x86

dfcf67d4b9bbe72f22999d1f22bd970d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

11/10/2011, 23:59

Subject

CN=ChengDu YunDuan Network Tech Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChengDu YunDuan Network Tech Co.\, Ltd.,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:41:f5:8d:50:8f:75:b3:7f:e7:4a:a7:00:97:56:3e:cd:61:12:8d
Signer

Actual PE Digest

9d:41:f5:8d:50:8f:75:b3:7f:e7:4a:a7:00:97:56:3e:cd:61:12:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_wnet_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

RtlGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlFreeUnicodeString
RtlInitAnsiString
KeInitializeEvent
MmCreateMdl
_except_handler3
ObfDereferenceObject
PsLookupProcessByProcessId
KeWaitForSingleObject
KeClearEvent
ExDeleteResourceLite
PsGetCurrentProcessId
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
ZwQueryVolumeInformationFile
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
IoGetCurrentProcess
IoGetRelatedDeviceObject
ObReferenceObjectByHandle
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
SeDeleteAccessState
IoFreeIrp
SeCreateAccessState
IoGetFileObjectGenericMapping
RtlAppendUnicodeStringToString
ZwQueryDirectoryFile
RtlAppendUnicodeToString
memmove
strstr
MmMapLockedPagesSpecifyCache
IoCreateFile
ProbeForRead
ExGetPreviousMode
ProbeForWrite
ZwSetInformationFile
PsGetCurrentThreadId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObfReferenceObject
sprintf
ZwQueryValueKey
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwQueryObject
ZwNotifyChangeKey
PsSetCreateThreadNotifyRoutine
ZwTerminateProcess
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
InterlockedPopEntrySList
ExInitializePagedLookasideList
KeTickCount
KeBugCheckEx
strncmp
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePoolWithTag
IoAttachDeviceByPointer
KeBugCheck
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRADrv2K.sys
.sys windows:5 windows x86 arch:x86

fb63b1d58e86fc7525f2d188630a312f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

11/10/2011, 23:59

Subject

CN=ChengDu YunDuan Network Tech Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChengDu YunDuan Network Tech Co.\, Ltd.,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

12:77:d9:0e:30:4f:43:b7:ad:e2:f6:73:e9:83:c4:2a:15:cd:70:34
Signer

Actual PE Digest

12:77:d9:0e:30:4f:43:b7:ad:e2:f6:73:e9:83:c4:2a:15:cd:70:34

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\WINDDK\3790\src\LONGRA~1.0\objfre_w2K_x86\i386\LongRADrv.pdb

Imports

ntoskrnl.exe

IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlInitUnicodeString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
IofCompleteRequest
MmMapLockedPages
IoDeleteSymbolicLink
IoDeleteDevice
DbgPrint
IoCreateSymbolicLink
IoCreateDevice
ExAcquireResourceExclusiveLite
ExAcquireResourceSharedLite
KeEnterCriticalRegion
KeLeaveCriticalRegion
ExReleaseResourceLite
ExInitializeResourceLite
RtlFreeUnicodeString
RtlInitAnsiString
KeInitializeEvent
KeDetachProcess
KeAttachProcess
MmCreateMdl
_except_handler3
ObfDereferenceObject
ObReferenceObjectByHandle
PsLookupProcessByProcessId
KeWaitForSingleObject
KeClearEvent
ExDeleteResourceLite
PsGetCurrentProcessId
KeSetEvent
vsprintf
PsTerminateSystemThread
ZwClose
ZwWriteFile
KeSetPriorityThread
KeGetCurrentThread
ZwCreateFile
PsCreateSystemThread
KeInitializeSpinLock
strncmp
IoReleaseVpbSpinLock
IoAcquireVpbSpinLock
IoAttachDeviceByPointer
IoGetRelatedDeviceObject
IoDetachDevice
IoAllocateIrp
ObCreateObject
IoFileObjectType
IofCallDriver
SeDeleteAccessState
InterlockedIncrement
IoFreeIrp
SeCreateAccessState
IoGetFileObjectGenericMapping
RtlAppendUnicodeStringToString
ZwQueryDirectoryFile
RtlAppendUnicodeToString
memmove
strstr
MmMapLockedPagesSpecifyCache
IoCreateFile
ProbeForRead
ExGetPreviousMode
ProbeForWrite
ZwSetInformationFile
PsGetCurrentThreadId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
RtlEqualUnicodeString
ZwQueryObject
sprintf
ZwQueryValueKey
ZwOpenKey
ZwDeleteKey
ZwDeleteValueKey
ZwSetValueKey
ZwCreateKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwQueryKey
ZwNotifyChangeKey
PsSetCreateThreadNotifyRoutine
ZwTerminateProcess
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
ExAllocateFromPagedLookasideList
ExInitializePagedLookasideList
RtlAnsiStringToUnicodeString
ExAllocatePoolWithTag
ExFreePool
KeBugCheck
ZwQueryVolumeInformationFile
InterlockedExchange
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable

hal

ExReleaseFastMutex
KeGetCurrentIrql
KfAcquireSpinLock
KfReleaseSpinLock
ExAcquireFastMutex

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LongRAShell.exe
.exe windows:4 windows x86 arch:x86

13c1f8000a2e310450d85082cb8b010a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:2e:80:d8:37:c9:bc:d7:3b:95:06:4d:55:db:c0:2e:90:fd:8a:95
Signer

Actual PE Digest

2a:2e:80:d8:37:c9:bc:d7:3b:95:06:4d:55:db:c0:2e:90:fd:8a:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
CreateProcessA
FormatMessageA
FlushFileBuffers
LCMapStringW
LocalFree
Sleep
GetVersionExA
LCMapStringA
SetStdHandle
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
SetFilePointer
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
CloseHandle

user32

MessageBoxA

shell32

ShellExecuteExA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
SESetup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:d4:6a:1f:be:c3:e1:c7:c6:7c:9a:b5:c0:a3:f5:fb:aa:2a:a1:be
Signer

Actual PE Digest

70:d4:6a:1f:be:c3:e1:c7:c6:7c:9a:b5:c0:a3:f5:fb:aa:2a:a1:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/behavior.dll
.dll windows:4 windows x86 arch:x86

db91e54af4814bff24835029ebdcfcdc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:16:a5:fe:de:b8:80:91:4c:df:de:ec:48:18:44:ae:85:45:3d:be
Signer

Actual PE Digest

c8:16:a5:fe:de:b8:80:91:4c:df:de:ec:48:18:44:ae:85:45:3d:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
LoadStringA
GetSystemMetrics
CharNextA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
Sleep
SetFilePointer
SetEvent
SetEndOfFile
ResetEvent
ReadFile
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryA
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetFullPathNameA
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

Exports

Exports

GetBehaviorLogger
GetLoggerPoint

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/mid.dll
.dll windows:4 windows x86 arch:x86

5036a00ab02ee3a854c622afcc8a77f6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:f1:85:c2:46:3d:23:cb:f0:80:de:73:0b:73:e3:85:2e:99:7d:18
Signer

Actual PE Digest

33:f1:85:c2:46:3d:23:cb:f0:80:de:73:0b:73:e3:85:2e:99:7d:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

user32

GetKeyboardType
DestroyWindow
LoadStringA
MessageBoxA
CharNextA
MessageBoxA
MessageBeep
LoadStringA
GetSystemMetrics
CharNextA
CharUpperBuffA
CharToOemA

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpynA
LoadLibraryExA
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
FindFirstFileA
FindClose
ExitProcess
CompareStringA
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
WriteFile
WaitForSingleObject
VirtualQuery
SetLastError
SetEvent
ResetEvent
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
GetVersion
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetLocaleInfoA
GetLocalTime
GetLastError
GetDiskFreeSpaceA
GetDateFormatA
GetCurrentThreadId
GetCPInfo
FreeLibrary
FormatMessageA
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
CreateFileA
CreateEventA
CompareStringA
CloseHandle
Sleep

ole32

CoCreateGuid

netapi32

Netbios

iphlpapi

GetAdaptersInfo

Exports

Exports

get_mid

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1024B - Virtual size: 712B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/sddALog.dll
.dll windows:5 windows x86 arch:x86

6e0c1011614e810936c7870b3307614f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2c:19:57:de:2c:ba:0d:86:f5:05:ce:f7:5c:4c:c2:3c:28:e2:9e:e6
Signer

Actual PE Digest

2c:19:57:de:2c:ba:0d:86:f5:05:ce:f7:5c:4c:c2:3c:28:e2:9e:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SvnRoot\FenHong\SNDADownload\project\NewService\trunk\product\release\dbginfo\sddALog.pdb

Imports

kernel32

MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
GetLastError
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

shlwapi

PathRemoveFileSpecW
PathAppendW

Exports

Exports

SaveLogA
SaveLogW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SddRun.dll
.dll windows:5 windows x86 arch:x86

b156256615ee486eb70be1185c4ad87d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:a8:7a:f7:fd:67:ef:f9:25:f4:dc:7a:1d:68:0c:a2:22:5f:4e:cf
Signer

Actual PE Digest

c7:a8:7a:f7:fd:67:ef:f9:25:f4:dc:7a:1d:68:0c:a2:22:5f:4e:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SvnRoot\FenHong\SNDADownload\project\NewService\trunk\product\release\dbginfo\SddRun.pdb

Imports

kernel32

GetLastError
Process32FirstW
LocalAlloc
Process32NextW
OpenProcess
LocalFree
GetModuleFileNameA
GetCurrentProcess
CloseHandle
GetProcAddress
GetModuleFileNameW
GetVersionExW
LoadLibraryW
OutputDebugStringW
CreateToolhelp32Snapshot
FreeLibrary
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapAlloc
HeapFree
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle

advapi32

AllocateAndInitializeSid
DuplicateTokenEx
SetTokenInformation
EqualSid
GetTokenInformation
OpenProcessToken
CreateProcessAsUserW
FreeSid

shlwapi

PathRemoveFileSpecW
PathAppendW

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

Exports

Exports

CreateProcessAsPowerUser

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 544B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SddSUpdate.exe
.exe windows:5 windows x86 arch:x86

3ff0f95f07a43f857bc0e5fbf3d6c653

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

d3:e3:09:8c:10:84:e7:cc:aa:1b:1d:9a:ee:e6:43:42:3e:2e:bc:6d
Signer

Actual PE Digest

d3:e3:09:8c:10:84:e7:cc:aa:1b:1d:9a:ee:e6:43:42:3e:2e:bc:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\SvnRoot\FenHong\SNDADownload\project\NewService\trunk\product\release\dbginfo\SddSUpdate.pdb

Imports

kernel32

GetModuleFileNameW
InitializeCriticalSection
SetEvent
Sleep
CreateEventW
WriteFile
DeleteCriticalSection
WideCharToMultiByte
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
DeleteFileW
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
OpenProcess
WaitForSingleObject
CloseHandle
GetTickCount
CreateDirectoryA
MultiByteToWideChar
GetLastError
FreeLibrary
GetModuleFileNameA
LoadLibraryA
CreateFileA
GetProcAddress
CompareStringW
CompareStringA
GetFullPathNameA
GetDriveTypeA
GetProcessHeap
SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
CreateFileW
SetStdHandle
InitializeCriticalSectionAndSpinCount
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
FatalAppExitA
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
SetEnvironmentVariableA

advapi32

RegQueryValueExW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
StartServiceW
ControlService
OpenServiceW
DeleteService
OpenSCManagerW
CreateServiceW
CloseServiceHandle
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExW

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

shlwapi

PathRemoveFileSpecA
PathFileExistsA
PathRemoveFileSpecW
PathStripPathA
PathStripPathW
PathAppendA

wininet

InternetConnectA
InternetSetFilePointer
HttpOpenRequestA
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpAddRequestHeadersA
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetReadFile

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sddutils.dll
.dll windows:5 windows x86 arch:x86

bdc9b64f6376688fd80c68137faea123

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:cb:0e:69:cc:53:6d:14:c6:43:23:79:28:38:75:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

09/07/2010, 00:00

Not After

08/08/2011, 23:59

Subject

CN=Shanda Computer (Shanghai) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shanda Computer (Shanghai) Co.\, Ltd.,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:c0:31:9e:81:ec:e7:18:c4:2d:0c:d3:a3:98:a8:4a:4c:ce:81:3f
Signer

Actual PE Digest

16:c0:31:9e:81:ec:e7:18:c4:2d:0c:d3:a3:98:a8:4a:4c:ce:81:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\SvnRoot\FenHong\SNDADownload\project\NewService\trunk\product\release\dbginfo\sddutils.pdb

Imports

kernel32

GetLastError
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
CloseHandle
CreateFileA
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

iphlpapi

GetAdaptersInfo

wininet

HttpOpenRequestA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestA

Exports

Exports

SddUtilsFun1A
SddUtilsFun1W
SddUtilsFun2A
SddUtilsFun2W

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 956B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
bookclient.mht
.eml .js polyglot
email-html-1.txt
.js
cloud.exe
.exe windows:4 windows x86 arch:x86

47fadf5ae888a4b8ab5243b70a4e81c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/10/2010, 00:00

Not After

11/10/2011, 23:59

Subject

CN=ChengDu YunDuan Network Tech Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ChengDu YunDuan Network Tech Co.\, Ltd.,L=chengdu,ST=sichuan,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b8:21:27:90:a5:47:70:47:2f:23:7d:a7:b3:79:6a:76:d2:6c:60:7e
Signer

Actual PE Digest

b8:21:27:90:a5:47:70:47:2f:23:7d:a7:b3:79:6a:76:d2:6c:60:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

SHDeleteKeyA
StrStrIA

ws2_32

WSAGetLastError
setsockopt
WSAEventSelect
ioctlsocket
WSACreateEvent
WSASetEvent
WSASend
connect
htons
socket
htonl
gethostbyname
inet_addr
WSACloseEvent
WSAResetEvent
closesocket
ntohl
accept
WSAWaitForMultipleEvents
WSARecv
send
recv
sendto
inet_ntoa
getsockname
bind
listen
WSAEnumNetworkEvents

winmm

PlaySoundA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

ftkernelapi

FTK_Context_IsRunning
FTK_Context_Run
FTK_Context_Init
FTK_Protocol_RandDirtyLength
FTK_Protocol_CmdVaseVal
FTK_Protocol_IDS
FTK_Identifier_String10
FTK_Context_NotifyCB
FTK_UDPT_MapPort
FTK_UDPT_Connect
FTK_UDPT_Init2
FTK_UDPT_SetTunnelInfo
FTK_UDPT_PreInitPeerCallCB
FTK_UDPT_PreInitLog
FTK_UDPT_PreInitThreadPool
FTK_Context_Release
FTK_Context_IsInit
FTK_UDPT_Release
FTK_UDPT_Disconnect
FTK_Torrent_Close
FTK_Context_ShareTorrent
FTK_Torrent_GetHexInfoHash
FTK_Torrent_Open
FTK_Downloader_Close
FTK_Downloader_Release
FTK_GlobalVar_RemoveTorrentSHA1
FTK_Context_UnshareTorrent
FTK_Downloader_Resume
FTK_GlobalVar_AddTorrentSHA1
FTK_Downloader_Execute
FTK_Downloader_Init
FTK_Downloader_PreInitTrackers
FTK_Downloader_SetHttpDataErrCB
FTK_Downloader_PreInitWebSeedURLPaths
FTK_Downloader_SetOnComleteCB
FTK_Downloader_SetNatPeerCB
FTK_Downloader_Open
FTK_Torrent_GetFileSize
FTK_Torrent_GetFileSHA1
FTK_Downloader_Pause
FTK_Downloader_GetState
FTK_Stat_GetDownloadRate
FTK_Stat_GetTotalFileHaveSize
FTK_Stat_GetUploaded
FTK_Stat_GetUploadRate
FTK_Stat_GetPeerData
FTK_Stat_GetTotalPeerCount
FTK_UDPT_DoEvents
FTK_Downloader_AddSourceExt
FTK_UDPT_RemoteCallPeer
FTK_Context_ReBindListenPort
FTK_Proxy_SetType
FTK_Proxy_SetAuthProxy
FTK_MT_SaveAsTorrentFile
FTK_MT_Close
FTK_MT_MakeTorrent
FTK_MT_SetRealName
FTK_MT_SetMaxFilesCount
FTK_MT_SetBlankPath
FTK_MT_SetFileSHA1
FTK_MT_SetPieceSize
FTK_MT_SetFile
FTK_MT_SetAnnounceUrl
FTK_MT_Open
FTK_Ext_GetFileSHA1
FTK_Context_SetFixMaxDownloadRate
FTK_Context_SetFixMaxUploadRate
FTK_Context_EnableSharePub
FTK_Http_UserAgent

mfc42

ord3092
ord4710
ord2580
ord4400
ord3630
ord682
ord2582
ord3370
ord4402
ord3640
ord693
ord4243
ord6242
ord6696
ord4774
ord6675
ord6762
ord3301
ord3293
ord6888
ord6453
ord3797
ord3346
ord1200
ord2915
ord3337
ord5785
ord2841
ord1247
ord2764
ord4202
ord6877
ord2107
ord798
ord6407
ord1997
ord5465
ord5194
ord533
ord6680
ord941
ord4129
ord6663
ord3584
ord543
ord803
ord2614
ord6929
ord539
ord6779
ord5683
ord2514
ord326
ord4234
ord2086
ord6449
ord2727
ord6467
ord2730
ord2729
ord4376
ord4853
ord2302
ord6377
ord3706
ord2448
ord6662
ord6928
ord668
ord356
ord5834
ord2044
ord6199
ord6283
ord6282
ord1105
ord3903
ord536
ord1768
ord2405
ord3908
ord665
ord1979
ord3318
ord5186
ord354
ord2135
ord818
ord1572
ord850
ord2688
ord4204
ord5232
ord1567
ord2147
ord1180
ord268
ord1568
ord5268
ord1229
ord2714
ord3874
ord5651
ord3127
ord3616
ord350
ord324
ord6379
ord6010
ord5981
ord551
ord6905
ord6378
ord4123
ord556
ord809
ord1088
ord2122
ord2642
ord857
ord3286
ord6892
ord6673
ord3815
ord5685
ord3274
ord3353
ord4229
ord3579
ord439
ord736
ord4523
ord4528
ord4542
ord4544
ord4525
ord4530
ord5148
ord6129
ord3753
ord6128
ord5606
ord3870
ord4124
ord802
ord542
ord6569
ord3711
ord783
ord4694
ord3499
ord3177
ord4160
ord3452
ord5609
ord6907
ord3996
ord3998
ord6007
ord3921
ord1187
ord1871
ord6571
ord5460
ord2740
ord2801
ord603
ord1969
ord273
ord353
ord6153
ord3790
ord2770
ord538
ord2860
ord2096
ord384
ord5873
ord5794
ord711
ord413
ord1980
ord3181
ord3178
ord4058
ord2781
ord5856
ord4083
ord1106
ord1948
ord2396
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord817
ord565
ord2726
ord4226
ord2566
ord3742
ord6442
ord2584
ord4220
ord3654
ord2438
ord397
ord699
ord4188
ord5593
ord3438
ord912
ord2370
ord6334
ord5601
ord1086
ord325
ord2645
ord4125
ord3303
ord3914
ord4000
ord5631
ord3938
ord1929
ord6883
ord6143
ord548
ord6672
ord5216
ord2431
ord3644
ord395
ord697
ord6195
ord5681
ord3273
ord438
ord614
ord5344
ord4367
ord1945
ord5495
ord729
ord2504
ord1706
ord430
ord3631
ord683
ord6385
ord5442
ord2289
ord1176
ord1233
ord2112
ord3752
ord1194
ord663
ord348
ord5572
ord861
ord2784
ord2919
ord2827
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1205
ord1134
ord824
ord1232
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3872
ord3871
ord6198
ord4286
ord4283
ord1576
ord3796
ord5719
ord6092
ord3524
ord4032
ord6095
ord4035
ord2549
ord2433
ord426
ord726
ord826
ord5645
ord6676
ord6889
ord1949
ord4034
ord1270
ord1622
ord2243
ord2152
ord2089
ord2099
ord3174
ord4042
ord1153
ord700
ord4189
ord913
ord879
ord398
ord2971
ord5759
ord6192
ord5756
ord6186
ord6189
ord6021
ord5579
ord5571
ord6061
ord5864
ord3596
ord5781
ord2567
ord6874
ord355
ord4834
ord2515
ord4852
ord4375
ord5016
ord4608
ord4750
ord4716
ord4607
ord4635
ord5067
ord1834
ord940
ord3296
ord2762
ord5607
ord501
ord289
ord3754
ord2571
ord4317
ord613
ord773
ord3702
ord6008
ord5600
ord1083
ord3287
ord3297
ord4271
ord810
ord3733
ord3398
ord4496
ord1644
ord1175
ord6270
ord1669
ord2652
ord323
ord1640
ord2380
ord5736
ord5678
ord640
ord1146
ord3571
ord3089
ord6119
ord6605
ord4330
ord2753
ord2116
ord1168
ord795
ord3721
ord541
ord801
ord2763
ord4278
ord4277
ord926
ord939
ord5710
ord3811
ord2820
ord922
ord2859
ord562
ord816
ord4284
ord656
ord3610
ord3573
ord4299
ord4275
ord567
ord692
ord3639
ord3402
ord4401
ord2581
ord4219
ord2024
ord2413
ord6366
ord1771
ord2818
ord4297
ord4133
ord537
ord860
ord472
ord2754
ord5875
ord6394
ord5450
ord6383
ord5440
ord535
ord924
ord2393
ord823
ord540
ord858
ord5860
ord2864
ord470
ord1641
ord5789
ord283
ord5787
ord5788
ord6172
ord2414
ord755
ord3663
ord3626
ord3693
ord3619
ord800
ord6142
ord772
ord500
ord4424
ord5290
ord1776
ord6055
ord3701
ord6880
ord5280
ord6215
ord2379
ord6380
ord6197
ord4287
ord641
ord3597

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
vsprintf
printf
isprint
_strupr
_mbscspn
_mbsspn
tolower
strchr
isspace
isalpha
_setmbcp
_strcmpi
_stricmp
_strnicmp
_wcsicmp
_CxxThrowException
__dllonexit
_controlfp
_ftol
__CxxFrameHandler
strncmp
_mbscmp
realloc
malloc
free
memmove
_purecall
isalnum
_mbsicmp
atoi
strstr
strncat
strncpy
sscanf
sprintf
wcscmp
atof
wcslen
qsort
clock
rand
srand
time
strrchr
strtoul
strtol
_beginthreadex
fclose
fread
fopen
_ismbcalpha
_itoa
_ultoa
floor
atol
_strdup
calloc
_msize
wcschr
__p___argv
__p___argc
_mbsnbicmp
_mbsnbcpy
_beginthread
_snprintf
fprintf
ftell
fseek
fputc

kernel32

Thread32Next
GetDriveTypeA
MultiByteToWideChar
LoadLibraryExA
SetErrorMode
GetLongPathNameA
Thread32First
GetFileSizeEx
DeleteFileW
GetFileAttributesW
SetFileAttributesW
FindFirstFileW
FindNextFileW
FindClose
SetThreadPriority
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetComputerNameA
GetCurrentThreadId
GetTickCount
WaitNamedPipeA
FlushFileBuffers
GetOverlappedResult
CreateNamedPipeA
ConnectNamedPipe
Sleep
DisconnectNamedPipe
GlobalDeleteAtom
GlobalAddAtomA
ReadFile
SetEvent
CreateEventA
GetFileAttributesExA
DeleteFileA
WaitForSingleObject
GetFileTime
CreateDirectoryA
WriteFile
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetFilePointerEx
CreateFileA
GetFileSize
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetLastError
GetCurrentProcessId
GlobalFree
Module32First
Process32First
Process32Next
SetLastError
GetExitCodeThread
CreateDirectoryW
RemoveDirectoryW
GetModuleFileNameA
GetShortPathNameA
WinExec
SetCurrentDirectoryA
QueryDosDeviceA
VirtualAlloc
VirtualFree
DuplicateHandle
GetWindowsDirectoryA
lstrcmpA
FindNextFileA
FindFirstFileA
lstrcmpiA
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
VirtualAllocEx
GetStartupInfoA
GlobalUnlock
GlobalLock
GlobalAlloc
OutputDebugStringA
LockResource
LoadResource
FindResourceA
CreateMutexA
CreateProcessA
GetDiskFreeSpaceA
lstrlenW
WideCharToMultiByte
LocalAlloc
GetModuleHandleA
SetFileAttributesA
GetFileAttributesA
GetCurrentDirectoryA
lstrcpyA
SizeofResource
EnumResourceNamesA
ResumeThread
ResetEvent
DeviceIoControl
CopyFileA
GetSystemDirectoryA
CompareFileTime
SetEnvironmentVariableA
ExpandEnvironmentStringsA
WritePrivateProfileStringA
SuspendThread
MoveFileA
EndUpdateResourceA
UpdateResourceA
BeginUpdateResourceA
GetLocalTime
TerminateThread
GetVersionExA
LocalFree
LocalLock
FormatMessageA
MoveFileW
TerminateProcess
OpenProcess
CopyFileW
SetFilePointer
SetEndOfFile
CreateToolhelp32Snapshot
CreateFileW
GetLogicalDrives
lstrlenA
GetCurrentProcess
SetProcessWorkingSetSize

user32

DrawFrameControl
GetMenuDefaultItem
GetMenuStringA
InsertMenuA
RedrawWindow
GetWindowThreadProcessId
WindowFromPoint
FindWindowExA
GetForegroundWindow
GetShellWindow
GetAsyncKeyState
AnimateWindow
GetWindowTextA
CreateIconIndirect
TrackPopupMenuEx
AppendMenuA
SetParent
GetDlgItem
DestroyCursor
RegisterWindowMessageA
CallWindowProcA
GetPropA
ModifyMenuA
GetClassInfoA
RegisterClipboardFormatA
CallNextHookEx
RegisterClassA
UnhookWindowsHookEx
SetWindowsHookExA
mouse_event
SwapMouseButton
AttachThreadInput
IsChild
SendMessageTimeoutA
TabbedTextOutA
DrawTextA
GrayStringA
GetSysColor
GetTabbedTextExtentA
FrameRect
SetForegroundWindow
ShowWindow
CopyImage
LoadImageA
DrawIconEx
PostMessageA
GetMessagePos
SetWindowRgn
GetCursor
MessageBoxA
PeekMessageA
UnregisterHotKey
RegisterHotKey
UpdateWindow
GetFocus
SetFocus
GetSystemMetrics
GetMessageA
GetCapture
DispatchMessageA
SetRect
CreatePopupMenu
EnableMenuItem
CheckMenuItem
SetRectEmpty
LoadBitmapA
OffsetRect
ReleaseCapture
SetCapture
SetCursor
ClientToScreen
ScreenToClient
LoadCursorA
GetParent
IntersectRect
InvalidateRect
IsRectEmpty
CreateIconFromResourceEx
CreateIconFromResource
GetDC
GetIconInfo
ReleaseDC
DestroyIcon
GetDesktopWindow
GetClientRect
EnableWindow
SetWindowLongA
IsWindow
SetWindowPos
GetWindowLongA
GetMenuItemInfoA
DefWindowProcA
RegisterClassExA
PostQuitMessage
PtInRect
GetWindowRect
GetCursorPos
IsWindowVisible
SendMessageA
SetTimer
PostThreadMessageA
GetWindowPlacement
KillTimer
CopyRect
GetClipboardData
LookupIconIdFromDirectory
SetActiveWindow
GetMenuItemCount
GetMenuState
GetMenuItemID
InflateRect
SetCursorPos
EqualRect
GetWindow
DrawIcon
FindWindowA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetKeyState
IsIconic
CopyIcon
ExitWindowsEx
EnumWindows
IsZoomed
InvalidateRgn
GetClassNameA
EnumChildWindows
LoadIconA
TranslateMessage
IsWindowEnabled
GetActiveWindow
SystemParametersInfoA

gdi32

CreatePatternBrush
PatBlt
GetPixel
GetTextMetricsA
Escape
ExtTextOutA
RectVisible
PtVisible
SetBrushOrgEx
SetBitmapBits
SetPixel
SetBkMode
TextOutA
CreateCompatibleBitmap
CreateRoundRectRgn
CreateRectRgn
CreateFontIndirectA
RoundRect
CreateHalftonePalette
GetPaletteEntries
GetStockObject
CreateDIBSection
SetDIBColorTable
SetStretchBltMode
BitBlt
GdiFlush
CreateRectRgnIndirect
CombineRgn
StretchBlt
CreateCompatibleDC
SelectObject
CreateSolidBrush
Polyline
GetBitmapBits
CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetDIBits
DeleteObject
CreateFontA
CreatePen
Rectangle
GetTextExtentPoint32A
CreateBitmap

advapi32

RegSetValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteKeyA
RegSetValueA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetAce
SetFileSecurityA
FreeSid
OpenProcessToken
GetTokenInformation
RegCreateKeyA
RegSaveKeyA
RegUnLoadKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetFileInfoA
ExtractIconExA
DragFinish
DragAcceptFiles
SHGetMalloc
DragQueryFileA
SHChangeNotify
Shell_NotifyIconA
SHGetFolderPathA
ShellExecuteExA
ord155
ord25
ord21
SHGetFolderLocation
SHGetDesktopFolder

comctl32

ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_DragLeave
ImageList_EndDrag
ImageList_BeginDrag
ImageList_AddMasked
_TrackMouseEvent
ImageList_Remove
ImageList_GetImageCount

ole32

CoCreateGuid
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

olepro32

ord251

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
VariantCopy
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
VariantClear
GetErrorInfo

gdiplus

GdipCloneImage
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeleteFontFamily
GdipDeleteFont
GdipDeleteStringFormat
GdipDeleteBrush
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateStringFormat
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCloneBrush
GdipDrawImageRectRect
GdipMeasureString
GdipGetGenericFontFamilySansSerif
GdipSetSolidFillColor
GdipGetSolidFillColor
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipGetImageHeight
GdipFillRectangle
GdipDrawImageI
GdipSetImageAttributesColorKeys
GdipGetImageGraphicsContext
GdipDeletePen
GdipDrawRectangle
GdipSetPenDashStyle
GdipCreatePen1
GdipFillRectangleI
GdipCreateBitmapFromHBITMAP
GdipSetClipRect
GdipSetClipRectI
GdipCreateBitmapFromFile
GdipCreateHICONFromBitmap
GdipLoadImageFromStreamICM
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipImageSelectActiveFrame
GdipDrawImageRectI
GdipEndContainer
GdipSetInterpolationMode
GdipBeginContainer2
GdipSetStringFormatTrimming
GdipDrawLineI
GdipSetSmoothingMode
GdipCreateBitmapFromResource
GdipCreateHBITMAPFromBitmap
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipReleaseDC
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetDC
GdipGetImageWidth
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromHICON
GdipAlloc
GdipCreateBitmapFromScan0
GdipFree
GdipDisposeImage
GdipSetImageAttributesWrapMode

msimg32

TransparentBlt

ddraw

DirectDrawCreateEx

iphlpapi

GetAdaptersInfo

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mycompress.dll
.dll windows:4 windows x86 arch:x86

98ed3d9ae36f1a87a796ffa68a0266d2

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

13/10/2009, 04:52

Not After

13/10/2010, 04:52

Subject

CN=Cheng Du YunDuan Network Tech.\,Ltd,O=Cheng Du YunDuan Network Tech.\,Ltd,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e3:43:59:d8:33:ba:55:be:56:84:a6:f6:fb:08:ac:3f:4a:79:96:0c
Signer

Actual PE Digest

e3:43:59:d8:33:ba:55:be:56:84:a6:f6:fb:08:ac:3f:4a:79:96:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1168
ord1575
ord1176
ord4274
ord6467
ord860
ord537
ord535
ord2818
ord5710
ord800
ord924
ord858
ord2915
ord539
ord922
ord815
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord3953
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord826
ord269
ord1116

msvcrt

__CxxFrameHandler
_CxxThrowException
_purecall
wcscmp
_mbscmp
memmove
malloc
free
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv

kernel32

LocalAlloc
LocalFree
WideCharToMultiByte
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindFirstFileA
DeleteFileW
DeleteFileA
CreateDirectoryW
CreateDirectoryA
SetFileAttributesW
SetFileAttributesA
CreateFileW
SetFileTime
CloseHandle
AreFileApisANSI
LoadLibraryA
FreeLibrary
GetVersionExA
GetProcAddress
MultiByteToWideChar
FindFirstFileW
FindNextFileW
FindClose
GetLastError

oleaut32

VariantClear
SysAllocString
SysFreeString

Exports

Exports

AddDirToZip
ExtractZipToDir
GetZipUncompressedSize

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
otherConfig.ini
readme.txt

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 27KB - Virtual size: 27KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

5bdb0074cd7e342ecebede7bb77cb2fb

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4eCertificate

Key Usages

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

01:00:00:00:00:01:24:4c:60:a5:85Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:1e:44:a5:ec:beCertificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1bSigner

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 13KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 1KB

619aaaa2673015a80c521e650cf0395e

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

9f:6c:27:22:99:19:23:6f:04:89:25:8f:22:cf:2d:2d:cd:04:68:1b
Signer

.text
Size: 16KB - Virtual size: 13KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

01:00:00:00:00:01:24:4c:60:a5:85
Certificate

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

24:52:9c:47:14:10:62:c9:3c:e2:79:12:35:ae:6a:1c:ff:36:64:ff
Signer

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 15KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

29:c1:e1:5a:06:bc:ac:bc:7f:95:cd:3f:5d:6d:71:6f
Certificate

20:1a:58:44:d2:e3:43:e4:8b:b2:b3:7c:6a:96:3f:ab:cb:e2:74:3d
Signer

.text
Size: 188KB - Virtual size: 187KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 56KB

.rsrc
Size: 4KB - Virtual size: 1KB

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

04:00:00:00:00:01:20:19:c1:90:66
Certificate