23b4cc232b8a23bf4d7a842d17424ba5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23b4cc232b8a23bf4d7a842d17424ba5_JaffaCakes118
Size

3.9MB
MD5

23b4cc232b8a23bf4d7a842d17424ba5
SHA1

ce98f26f81d1dc8eb18d5d2bb4b84bd5125a9782
SHA256

4c26472ea9ab884f91036e60c176617c9980431412215d7a6ae5451c9c58f239
SHA512

48d482fb41a193fb94ba5ef0bc81c7ff6b2a9ae357086f782e0378fc4babc8a17b81d77eb58b3b57b149eb0b2afa6c5acf7a7930fd98289d5f006abb1ff6ed7a
SSDEEP

98304:W+/cZfB6emAdR/3/5NLgblCXeYYPAFHiuyzlR43z2BLCSNSl:W+kZSg13/5JguFDyhJCL

Score

3^/10

Malware Config

Signatures

Unsigned PE 24 IoCs

Checks for missing Authenticode signature.

resource
unpack001/feidian1.7.0.exe
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$SYSDIR/toolbar.exe
unpack002/AddIn/VisLrc.dll
unpack002/Codecs/ColorFilter.ax
unpack002/Codecs/RealMediaSplitter.ax
unpack002/Codecs/asfsplliter.ax
unpack002/Codecs/atrc.dll
unpack002/Codecs/drvc.dll
unpack002/Codecs/raac.dll
unpack002/Feidianol.exe
unpack002/Lang/en_US.dll
unpack002/Lang/zh_TW.dll
unpack002/MyUpdate.exe
unpack002/NetAgent.dll
unpack002/QvodBand.dll
unpack002/QvodInit.exe
unpack002/QvodInsert.dll
unpack002/QvodPlayer.exe
unpack002/QvodTerminal.exe
unpack002/QvodUninst.exe
unpack004/$TEMP/QvodInit.exe
unpack002/ShareModule.dll
unpack002/uninst.exe

NSIS installer 7 IoCs

installer

resource	yara_rule
static1/unpack001/feidian1.7.0.exe	nsis_installer_1
static1/unpack001/feidian1.7.0.exe	nsis_installer_2
static1/unpack002/$SYSDIR/toolbar.exe	nsis_installer_1
static1/unpack002/QvodUninst.exe	nsis_installer_1
static1/unpack002/QvodUninst.exe	nsis_installer_2
static1/unpack002/uninst.exe	nsis_installer_1
static1/unpack002/uninst.exe	nsis_installer_2

Files

23b4cc232b8a23bf4d7a842d17424ba5_JaffaCakes118
.rar
feidian1.7.0.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/toolbar.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Baidu/Toolbar/Custom Buttons/custom.xml
$PROFILE/AppData/LocalLow/Baidu/Toolbar/Custom Buttons/custom.xml
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

dbb6ae12303c20296c693f51a2687989

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/07/2006, 00:00

Not After

12/08/2009, 23:59

Subject

CN=Baidu.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet,O=Baidu.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupIterateCabinetW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
GetFileSize
Process32NextW
GetCurrentProcessId
Process32FirstW
CreateToolhelp32Snapshot
ReadProcessMemory
OpenProcess
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
SetCurrentDirectoryW
TerminateThread
GetExitCodeThread
OpenMutexW
ReadFile
UnmapViewOfFile
SetUnhandledExceptionFilter
TerminateProcess
MapViewOfFile
CreateFileMappingW
Thread32Next
SuspendThread
OpenThread
Thread32First
SetPriorityClass
GetCommandLineW
SwitchToThread
ExpandEnvironmentStringsW
GetPrivateProfileIntW
WritePrivateProfileStringW
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
lstrcmpW
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
SetFileTime
SetErrorMode
FileTimeToSystemTime
MoveFileExW
GetLocalTime
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
GetOEMCP
GetDriveTypeA
GetFullPathNameA
FlushFileBuffers
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
UnhandledExceptionFilter
SetCurrentDirectoryA
GetCurrentDirectoryA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
HeapSize
GetCurrentThread
FatalAppExitA
ExitProcess
GetCommandLineA
GetFullPathNameW
RaiseException
ExitThread
GetDriveTypeW
FileTimeToLocalFileTime
GetSystemTime
GetTimeZoneInformation
HeapReAlloc
RtlUnwind
GetACP
GetPrivateProfileStringW
SetThreadPriority
ResumeThread
SetFileAttributesW
GetWindowsDirectoryW
DeviceIoControl
GetSystemDirectoryW
CopyFileW
GetVersionExW
CreateThread
CreateMutexW
WaitForSingleObject
GetTempFileNameW
DeleteFileW
ReleaseMutex
CompareStringW
LoadLibraryA
lstrcatW
lstrcpyW
DisableThreadLibraryCalls
TryEnterCriticalSection
HeapDestroy
lstrcpynW
LoadLibraryExW
MultiByteToWideChar
lstrcmpiW
GetShortPathNameW
FreeLibrary
LocalFree
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
WideCharToMultiByte
WriteFile
CloseHandle
GetTempPathW
CreateDirectoryW
CreateProcessW
GetModuleFileNameW
LoadLibraryW
GetModuleHandleW
OutputDebugStringA
GetVersion
GetFileAttributesW
GetModuleHandleA
GetProcAddress
SetLastError
GetCurrentThreadId
GetTickCount
Sleep
EnterCriticalSection
InterlockedIncrement
LeaveCriticalSection
GetLastError
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
OutputDebugStringW
DebugBreak
GetCurrentProcess
FlushInstructionCache
lstrlenW
InterlockedDecrement
CompareStringA
SetEnvironmentVariableA
GetFileInformationByHandle

user32

GetSysColorBrush
MonitorFromRect
GetMonitorInfoW
SetRect
PostThreadMessageW
DrawIconEx
GetMessageW
WindowFromPoint
InflateRect
FindWindowExW
GetUpdateRect
ClientToScreen
DeleteMenu
GetTopWindow
MenuItemFromPoint
GetMenuItemID
IsRectEmpty
SetDlgItemTextW
CreateDialogParamW
GetDlgItemTextW
GetWindowDC
AdjustWindowRect
LoadIconW
EnumWindows
IsChild
IsDialogMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperW
CharUpperBuffA
GetAsyncKeyState
CharNextA
WaitForInputIdle
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
CharLowerBuffW
CreatePopupMenu
AppendMenuW
CreateMenu
EnableMenuItem
TrackPopupMenu
RemoveMenu
DestroyMenu
CopyRect
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
LoadImageW
RedrawWindow
GetMenuItemInfoW
GetMenuItemCount
InsertMenuItemW
SetScrollPos
SetScrollInfo
GetScrollInfo
SetWindowRgn
GetMenuItemRect
RemovePropW
SetPropW
GetPropW
SetWindowLongA
DefWindowProcW
EndDialog
ShowWindow
SetWindowTextW
LoadStringW
IsWindow
SetWindowLongW
GetDlgItem
EndPaint
BeginPaint
GetDC
CallWindowProcW
GetWindowLongW
wvsprintfW
CharNextW
GetKeyState
CharLowerW
EnableWindow
DestroyIcon
DialogBoxParamW
FindWindowW
MessageBoxW
GetWindowThreadProcessId
GetGUIThreadInfo
IsWindowVisible
GetActiveWindow
AdjustWindowRectEx
MoveWindow
DrawTextW
IsWindowEnabled
GetSysColor
GetFocus
DrawFocusRect
FillRect
IsWindowUnicode
GetWindowLongA
EnumChildWindows
GetMessagePos
MessageBeep
SetMenuItemInfoW
FrameRect
GetSystemMetrics
GetDesktopWindow
ScrollWindow
GetClassLongW
SetClassLongW
CreateIconFromResourceEx
CharLowerBuffA
TrackPopupMenuEx
ModifyMenuW
GetSubMenu
DrawStateW
InsertMenuW
LoadBitmapW
DispatchMessageW
TranslateMessage
PeekMessageW
PostMessageW
DestroyWindow
KillTimer
SetTimer
CreateWindowExW
wsprintfW
LoadCursorW
RegisterClassExW
GetClassInfoExW
IsMenu
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
SendMessageW
RegisterWindowMessageW
PtInRect
SetRectEmpty
ScreenToClient
GetCursorPos
ReleaseCapture
GetCapture
SetCapture
SetFocus
UpdateWindow
SetCursor
InvalidateRect
GetDlgCtrlID
OffsetRect
ReleaseDC
GetWindowTextW
GetWindowTextLengthW
GetClassNameW
CallWindowProcA

gdi32

PatBlt
GetTextColor
Rectangle
CreateRoundRectRgn
FillRgn
CreateRectRgn
ExcludeClipRect
GetDeviceCaps
DPtoLP
SelectObject
MoveToEx
LineTo
DeleteObject
GetClipBox
ExtTextOutW
SaveDC
RestoreDC
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateBitmap
GetCurrentObject
CreateSolidBrush
GetTextExtentPoint32W
GetPixel
TextOutW
SetTextColor
DeleteDC
CreateFontIndirectW
SetBkMode
SetBkColor
GetStockObject
GetObjectW
CreatePen
SetViewportOrgEx

advapi32

RegCreateKeyW
GetUserNameW
RegSetKeySecurity
AllocateAndInitializeSid
InitializeAcl
AddAce
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
FreeSid
RegGetKeySecurity
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
GetTokenInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegQueryValueExW
RegOpenKeyW
SetSecurityInfo
GetSecurityDescriptorSacl
RegEnumKeyW
SetTokenInformation
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
CopySid

shell32

DuplicateIcon
DragQueryFileA
ExtractIconW
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFileInfoW
SHGetFolderPathW

ole32

OleInitialize
OleUninitialize
RevokeDragDrop
RegisterDragDrop
ReleaseStgMedium
CLSIDFromProgID
StringFromGUID2
GetHGlobalFromStream
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoCreateGuid

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
LoadRegTypeLi
VarUI4FromStr
RegisterTypeLi
LoadTypeLi
VariantCopy
SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantChangeType
SetErrorInfo
GetErrorInfo
VariantInit
SysFreeString
CreateErrorInfo

shlwapi

SHCopyKeyW
StrStrIW
SHGetValueW
SHDeleteKeyW
PathFileExistsW
SHDeleteValueW
SHSetValueW
UrlCombineW
PathFindFileNameW
PathRemoveExtensionW
StrCmpIW
UrlUnescapeA
StrRetToStrW
StrRetToStrA
PathIsDirectoryA
PathRemoveFileSpecA
UrlUnescapeW
UrlCanonicalizeW
PathIsDirectoryW
PathRemoveFileSpecW

wininet

InternetCanonicalizeUrlW
GetUrlCacheEntryInfoW
InternetCloseHandle
InternetReadFile
InternetSetFilePointer
FindFirstUrlCacheGroup
DeleteUrlCacheGroup
FindNextUrlCacheGroup
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenUrlW
HttpSendRequestExW
HttpEndRequestW
InternetGetConnectedState
DeleteUrlCacheEntryW
InternetOpenA
InternetSetOptionA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
InternetQueryDataAvailable
InternetQueryOptionW
InternetGetCookieW
InternetSetCookieW
InternetCrackUrlW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW

urlmon

URLDownloadToFileW
CoInternetGetSession

rpcrt4

UuidCreate

iphlpapi

GetNetworkParams
GetAdaptersInfo

ws2_32

gethostname
gethostbyname

msimg32

AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
RunOnceRemove
RunOnceUpdate
SVCUninstall
Uninstall
UpdateBaiduToolbar

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduService.exe
.exe windows:4 windows x86 arch:x86

b2e7f59043adad73fe020115daa83498

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/07/2006, 00:00

Not After

12/08/2009, 23:59

Subject

CN=Baidu.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet,O=Baidu.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

kernel32

GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcpynW
InitializeCriticalSection
lstrcpyW
lstrcatW
InterlockedDecrement
InterlockedIncrement
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
lstrlenW
GetCPInfo
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WideCharToMultiByte
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineW
lstrcmpiW
LoadLibraryW
GetProcAddress
FreeLibrary
GetACP
GetOEMCP
FreeEnvironmentStringsW
GetCurrentProcess
WriteFile
GetStartupInfoA
GetFileType
FreeEnvironmentStringsA
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
UnhandledExceptionFilter
TerminateProcess
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
HeapFree
RtlUnwind
HeapAlloc
HeapReAlloc
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetEnvironmentStringsW

user32

CharNextW
DispatchMessageW
GetMessageW
ShowWindow
PostThreadMessageW
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
CreateWindowExW
CallWindowProcW
GetWindowLongW
SetWindowLongW
PostQuitMessage
DestroyWindow
DefWindowProcW
FindWindowW
IsWindow
GetWindowThreadProcessId

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegEnumValueW

ole32

CoUninitialize
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx
CoTaskMemFree

oleaut32

SysAllocStringLen
RegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
VarUI4FromStr

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe
.exe windows:4 windows x86 arch:x86

10c4284ada8f296e35a475657fe1334f

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/07/2006, 00:00

Not After

12/08/2009, 23:59

Subject

CN=Baidu.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet,O=Baidu.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
lstrlenW
GetShortPathNameW
GetModuleHandleW
GetModuleFileNameW
MultiByteToWideChar
lstrlenA
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
lstrcpynW
HeapDestroy
lstrcpyW
lstrcatW
InterlockedIncrement
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
CreateFileW
DeleteFileW
GetTempPathW
OpenThread
GetModuleFileNameA
VirtualQueryEx
WideCharToMultiByte
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
FlushInstructionCache
GetCurrentProcess
DebugBreak
OutputDebugStringW
WriteFile
CopyFileW
CreateEventW
GetVersionExW
ReadFile
GetFileSize
SetFilePointer
SystemTimeToFileTime
FileTimeToSystemTime
GetFileInformationByHandle
GetLocalTime
GetTickCount
SetStdHandle
LoadLibraryA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapSize
TerminateProcess
IsBadWritePtr
VirtualAlloc
VirtualFree
FlushFileBuffers
HeapCreate
GetVersionExA
CreateThread
WaitForSingleObject
CloseHandle
InterlockedDecrement
SetEvent
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
LeaveCriticalSection
CreateDirectoryW
LocalFree
GetEnvironmentVariableA
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
RaiseException
GetFileAttributesA
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind

user32

DispatchMessageW
GetMessageW
DialogBoxParamW
GetActiveWindow
DestroyWindow
EndDialog
SetWindowLongW
wvsprintfW
LoadStringW
CharNextW
LoadImageW
GetSystemMetrics
ShowWindow
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
GetWindowLongW
CharLowerBuffW
GetDesktopWindow
PostThreadMessageW
SendMessageW

advapi32

RegOpenKeyW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyW

shell32

SHGetFolderPathW

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr

psapi

GetModuleFileNameExW

dbghelp

SymGetModuleInfo
SymLoadModule
StackWalk
SymFunctionTableAccess
SymInitialize
SymGetOptions
SymSetOptions

wininet

HttpOpenRequestA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpAddRequestHeadersA
InternetConnectA
InternetSetOptionA
InternetOpenA
InternetCanonicalizeUrlW
InternetCrackUrlW
InternetCloseHandle

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll
.dll windows:4 windows x86 arch:x86

90fb0d3b9147b78e7ee69fa48ce244a0

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

28/07/2006, 00:00

Not After

12/08/2009, 23:59

Subject

CN=Baidu.com,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet,O=Baidu.com,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
HeapAlloc
UnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
Sleep
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
AddIn/VisLrc.dll
.dll windows:4 windows x86 arch:x86

405f85e6c10ba505edbac8ea83c4ca8c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DebugBreak
OutputDebugStringW
GetLastError
MulDiv
FindClose
FindFirstFileW
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileA
GetCPInfo
LCMapStringW
LCMapStringA
CreateFileW
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
MultiByteToWideChar
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TerminateProcess
WriteFile
ExitProcess
SetFilePointer
ReadFile
CloseHandle
GetModuleFileNameW
WideCharToMultiByte
lstrlenA
InterlockedDecrement
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcmpW
InterlockedIncrement
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetModuleHandleA
GetProcAddress
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
HeapAlloc
HeapFree
GetVersion
GetCommandLineA
GetLocalTime
GetSystemTime
GetTimeZoneInformation
RtlUnwind
GetPrivateProfileIntW
HeapCreate
SetEnvironmentVariableA

user32

SetWindowPos
CreateWindowExW
GetClientRect
SetRectEmpty
RegisterClassExW
LoadCursorW
GetClassInfoExW
RegisterWindowMessageW
DefWindowProcW
GetWindow
SetWindowLongW
OpenClipboard
EmptyClipboard
CloseClipboard
SetClipboardData
DrawTextW
PostMessageW
CharLowerW
LoadStringW
CharNextW
wvsprintfW
InvalidateRgn
InvalidateRect
SetCapture
SetWindowTextW
CreateAcceleratorTableW
GetDesktopWindow
RedrawWindow
GetParent
GetClassNameW
ReleaseCapture
GetFocus
IsChild
SetFocus
GetDC
ReleaseDC
BeginPaint
FillRect
EndPaint
CallWindowProcW
GetDlgItem
SendMessageW
GetSysColor
IsWindow
DestroyWindow
wsprintfW
LoadImageW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW

gdi32

SetBkMode
SetTextColor
GetMapMode
SetMapMode
GetWindowExtEx
GetViewportExtEx
CreateFontIndirectW
GetStockObject
GetObjectW
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
GetTextExtentPoint32W

ole32

CoInitialize
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
OleLockRunning

oleaut32

SysStringLen
OleCreateFontIndirect
OleLoadPicture
SysAllocStringLen
VariantClear
SysAllocString
SysFreeString
LoadRegTypeLi

comctl32

InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

VisCurTime_
VisDraw_
VisFileName_
VisFree_
VisGetProperty_
VisInit_
VisSetFormat_
VisSetProperty_
VisTotalTime_

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/ColorFilter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

d6358db2b2f2325d29c23c3433a0656f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
??3@YAXPAX@Z
free
__CxxFrameHandler
wcslen
sscanf
strncmp
strncpy
_filelength
_read
_purecall
_open
_close
_CIpow
atoi
sprintf
strstr
fflush
fwrite
fclose
fopen
fseek
_ftol
??2@YAPAXI@Z
_onexit

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleHandleA
CreateThread
InterlockedExchange
SetErrorMode
lstrcmpiA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetACP
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
SystemTimeToTzSpecificLocalTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
GetTickCount

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

user32

ShowWindow
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
InvalidateRect
SetWindowLongA
GetWindowLongA
wsprintfA
DrawTextA
SetDlgItemInt
CheckRadioButton
GetParent
CreateWindowExA
GetDlgItem
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
MoveWindow
GetDesktopWindow
CreateDialogParamA

gdi32

ExtTextOutA
SelectObject
GetTextExtentPoint32A
SetBkColor
SetTextColor
CreateDIBitmap
GetDIBits
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
DeleteDC

comctl32

ord16
ord17

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/RealMediaSplitter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

092c362fafa1e9277558c0e5612fdfba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\vcexample\guliverkli\guliverkli\trunk\guliverkli\src\filters\parser\realmediasplitter\Release\RealMediaSplitter.pdb

Imports

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcatA
SetErrorMode
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
DeleteFileA
Sleep
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
CreateThread
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
RaiseException
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualProtect

user32

DestroyMenu
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
GetClassNameA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
WinHelpA
EnableWindow
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
wsprintfA
UnregisterClassA
CharUpperA
SetWindowTextA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA
PathAddBackslashA
PathIsUNCA
PathStripToRootA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/asfsplliter.ax
.dll regsvr32 windows:4 windows x86 arch:x86

61540ae4d5f1fe29babe6b430f77a241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateReader

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

user32

wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcrt

free
??1type_info@@UAE@XZ
_CxxThrowException
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm

kernel32

DisableThreadLibraryCalls
LocalFree
GetModuleFileNameA
lstrlenA
GetVersionExA
GetLastError
SetThreadPriority
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CreateThread
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
InterlockedIncrement
SetEvent
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/atrc.dll
.dll windows:4 windows x86 arch:x86

5132cde9ac8899a69f40dfaacc320c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_ftol
??3@YAXPAX@Z
memmove
calloc
free
malloc
_CIpow
floor
??2@YAPAXI@Z
_assert
_except_handler3
_purecall
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/f4v.swf
Codecs/raac.dll
.dll windows:4 windows x86 arch:x86

2569b16af6a5e82c06ef6aed87f5e148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
memmove
_CxxThrowException
calloc
free
malloc
exp
fputs
printf
pow
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
log10
atan
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_iob
log
_purecall
_except_handler3

kernel32

DisableThreadLibraryCalls
IsBadReadPtr

Exports

Exports

RACloseCodec
RACreateDecoderInstance
RACreateEncoderInstance
RADecode
RAFlush
RAFreeDecoder
RAGetBackend
RAGetFlavorProperty
RAGetGUID
RAInitDecoder
RAOpenCodec2
RASetComMode

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Feidianol.exe
.exe windows:4 windows x86 arch:x86

13ed0533c9f2eab8cd165aa39d473bb5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
GetCurrentThreadId
EnterCriticalSection
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
lstrlenA
DebugBreak
OutputDebugStringW
lstrcatW
CloseHandle
CreateEventW
CreateThread
LoadLibraryA
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetModuleFileNameW
GetStartupInfoA
GetFileType
GetStdHandle
OpenProcess
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetProcAddress
HeapSize
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
RaiseException
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
RtlUnwind
HeapFree
HeapAlloc
LocalFree
WideCharToMultiByte
Sleep
MultiByteToWideChar
GetLocalTime
InterlockedDecrement
lstrcpynW
TerminateProcess
WinExec
lstrcpyW
lstrcmpW
SetHandleCount
OpenEventW
WriteFile
lstrlenW

user32

FindWindowW
DispatchMessageW
TranslateMessage
LoadStringW
PostMessageW
IsWindow
GetMessageW
EnumChildWindows
GetTopWindow
ShowWindow
LoadIconW
DefWindowProcW
SetTimer
AppendMenuW
CreatePopupMenu
RegisterWindowMessageW
LoadCursorW
PostQuitMessage
DestroyWindow
SetWindowPos
SetCursor
SetForegroundWindow
IsWindowVisible
GetClientRect
ReleaseDC
GetDC
ModifyMenuW
TrackPopupMenu
GetCursorPos
CallWindowProcW
SetWindowLongW
GetClassInfoExW
ReleaseCapture
SetCapture
CharNextW
wvsprintfW
GetWindowLongW
FindWindowExW
GetClassNameW
CreateWindowExW
SendMessageW
wsprintfW
RegisterClassExW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints

gdi32

SelectObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegSetValueExW

shell32

Shell_NotifyIconW
ShellExecuteW

ole32

CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
OleRun
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen
SysFreeString

gdiplus

GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipCloneImage
GdipCreateFontFamilyFromName
GdipCreateFont
GdipDeleteFontFamily
GdipDrawString
GdipCreateSolidFill
GdipCloneBrush
GdipAlloc
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipDeleteFont
GdipCreateHBITMAPFromBitmap
GdipDeleteGraphics
GdipFree
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown

atl

ord47
ord39
ord42

netapi32

Netbios

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Lang/en_US.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Lang/zh_TW.dll
.dll windows:4 windows x86 arch:x86

5c54715227e960c5019e7a45d4b9d02a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MyUpdate.exe
.exe windows:4 windows x86 arch:x86

ec499da4f7d5f680aeea58351231f8ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetOpenUrlA
InternetOpenA
InternetGetConnectedState
InternetReadFile
HttpQueryInfoA
InternetCloseHandle

winmm

timeGetTime

mfc71

ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord757
ord605
ord578
ord741
ord591
ord764
ord2020
ord1054
ord3641
ord5182
ord4212
ord4735
ord4890
ord4580
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord2537
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2862
ord4486
ord4262
ord3182
ord354
ord1084
ord2371
ord1903
ord2095
ord1591
ord5915
ord1402
ord4240
ord5214
ord2991
ord3317
ord572
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord1063
ord310
ord1794
ord6090
ord2657
ord876
ord3934
ord4035
ord4749
ord709
ord501
ord1056
ord297
ord6067
ord784
ord2322
ord4109
ord2272
ord781
ord1024
ord2899
ord2164
ord1439
ord6288
ord5089
ord1207
ord384
ord304
ord5235
ord5233
ord2390
ord2400
ord2398
ord2396
ord2392
ord2415
ord2403
ord5566
ord5213
ord5230
ord4568
ord3948
ord2248
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord3802
ord629

msvcr71

_setmbcp
__CxxFrameHandler
_adjust_fdiv
free
_except_handler3
sprintf
memset
__dllonexit
_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_controlfp
__security_error_handler
__set_app_type
__p__fmode
__p__commode

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetVersionExA
TerminateThread
WinExec
InterlockedExchangeAdd
lstrlenA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetStartupInfoA
ExitProcess

user32

GetSystemMetrics
LoadIconA
EnableWindow
KillTimer
SetTimer
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
NetAgent.dll
.dll windows:4 windows x86 arch:x86

f618d4cb4d41a461355f2eab6ae077ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSACloseEvent
recv
WSAGetLastError
send
socket
WSACreateEvent
connect
WSAEventSelect
htons
gethostbyname

kernel32

GetStdHandle
LCMapStringW
LCMapStringA
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
GetLastError
MoveFileW
DeleteFileW
CreateDirectoryW
CloseHandle
GetFileType
CreateFileW
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapAlloc
SetStdHandle
SetHandleCount
GetStartupInfoA
SetEndOfFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

CreateAndRunAgent
GetDownloadLen
GetFileLen
Seek
Terminate

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Playlist/Channel.xml
Playlist/Mediacenter.xml
Playlist/Playlist.xml
QvodBand.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0e32a3b828b41920c248142fcbc590d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetTickCount
GetFileAttributesA
CloseHandle
Sleep
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA

user32

LoadStringA
InsertMenuItemA
LoadImageA
FindWindowA
SendMessageA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA

ole32

CoTaskMemFree
StringFromIID
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodInit.exe
.exe windows:4 windows x86 arch:x86

01f6ed59eb715c2fdc6ede31fe9a89f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetStdHandle
GetStringTypeW
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetLastError
FlushFileBuffers

user32

PostMessageA
FindWindowA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodInsert.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1aa866289ae3d921c8a9dd1f9cef1a9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
HeapDestroy
lstrcpyW
lstrcatW
LocalFree
SetEnvironmentVariableA
GetLocaleInfoW
SetEndOfFile
SetConsoleCtrlHandler
LoadLibraryA
GetOEMCP
GetACP
CreateFileA
IsBadCodePtr
IsBadReadPtr
CreateFileW
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
FindResourceW
WriteFile
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
CompareStringW
CompareStringA
UnhandledExceptionFilter
SetLastError
TlsFree
TlsAlloc
GetModuleHandleA
HeapSize
TerminateProcess
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
GetLocalTime
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetVersionExW
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
LoadResource
SizeofResource
GetModuleHandleW
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
OpenMutexW
OpenSemaphoreW
GetSystemTime
CreateProcessW
GetFileAttributesW
CreateDirectoryW
SetEnvironmentVariableW
CopyFileW
GetTickCount
GetProcAddress
FreeLibrary
LoadLibraryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
FindFirstFileW
FindClose
Sleep
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
GetUserDefaultLangID
WideCharToMultiByte
GetModuleFileNameW
InterlockedDecrement
lstrlenW
FlushFileBuffers

user32

FillRect
GetDC
ReleaseDC
SendMessageW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
GetClientRect
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
CharLowerW
MessageBoxW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
CreateWindowExW
LoadStringW
DialogBoxParamW
ClientToScreen
FindWindowW
CreateMenu
GetSubMenu
GetKeyState
CharNextW
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
CopyRect
SetRect
DestroyWindow
SetTimer
SetRectEmpty
MoveWindow
InvalidateRect
ShowWindow
FindWindowExW
PostMessageW
SetWindowTextW
BringWindowToTop
ShowCursor
GetDesktopWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
SetSysColors
GetSysColor
EnumChildWindows
LoadImageW
GetClassNameW
LoadBitmapW
UnionRect
wvsprintfW
DrawTextW
GetActiveWindow
SetDlgItemInt
GetDlgItemTextW
CheckRadioButton
SetDlgItemTextW
GetQueueStatus
DispatchMessageW
GetDlgCtrlID
EndDialog
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
UnregisterHotKey
KillTimer
TrackPopupMenu
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetCursor
LoadCursorW
GetParent

gdi32

Rectangle
SetTextAlign
TextOutW
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
SetBkMode
CreateCompatibleDC
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject
GetDIBits
SetTextColor
StretchDIBits
SetStretchBltMode
CreateDIBSection
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateDCW
CreateRectRgnIndirect
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
SetDIBits
CreateCompatibleBitmap
DeleteMetaFile
CreatePatternBrush

comdlg32

ChooseColorW
GetOpenFileNameW
ChooseFontA
GetSaveFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleLoadFromStream
WriteClassStm
CoUninitialize
CoFreeUnusedLibraries
OleSaveToStream
OleRegGetMiscStatus
CreateDataAdviseHolder

oleaut32

GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString

ws2_32

WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
gethostbyname
htonl
connect
recv
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
inet_addr

winmm

timeGetTime
timeSetEvent

quartz

AMGetErrorTextW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ord16

msimg32

TransparentBlt
AlphaBlend

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodPlayer.exe
.exe windows:4 windows x86 arch:x86

a932a56d18fdc4bde5489c146d4c9199

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToSystemTime
GetTickCount
GetTempPathW
RemoveDirectoryW
CreateMutexW
OpenMutexW
HeapDestroy
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
LoadLibraryA
CreateFileW
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
SetStdHandle
CompareStringW
CompareStringA
IsBadWritePtr
HeapCreate
GetVersionExA
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapAlloc
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
HeapFree
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetDiskFreeSpaceExW
OpenSemaphoreW
CreateProcessW
GlobalSize
FindFirstChangeNotificationW
FindNextChangeNotification
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
SetSystemPowerState
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
GetProcAddress
SetFileAttributesW
GetLocalTime
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
InterlockedDecrement
GetVersionExW
FreeLibrary
LoadLibraryW
GetEnvironmentVariableA
RaiseException

user32

SetDlgItemInt
CheckRadioButton
GetDlgCtrlID
SetDlgItemTextW
GetDlgItemTextW
GetActiveWindow
DialogBoxParamW
ClientToScreen
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
GetMenuItemInfoW
UpdateWindow
OffsetRect
GetDlgItemTextA
GetDlgItemInt
DrawTextW
IsMenu
CloseClipboard
GetClipboardData
EndDialog
SetForegroundWindow
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetWindowRect
CallNextHookEx
MessageBoxW
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
FindWindowW
CreateMenu
MessageBeep
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
LoadMenuW
DefWindowProcW
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
wsprintfW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyWindow
SetRectEmpty
LoadCursorW
SetTimer
RegisterClassExW
GetClassInfoExW
InvalidateRect
FindWindowExW
ShowCursor
CharLowerW
OpenClipboard
SetRect
SetMenuItemInfoW
DeleteMenu
EnableWindow
ExitWindowsEx
GetSystemMetrics
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
LoadIconW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
UnhookWindowsHookEx
SetWindowsHookExW
GetDesktopWindow
RegisterWindowMessageW
GetWindow
GetSubMenu
RegisterHotKey
TranslateAcceleratorW
GetKeyboardState
MapWindowPoints
TrackPopupMenuEx
IsWindowVisible
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
SetWindowRgn
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetParent
SetCursor
GetCursorPos
ScreenToClient
PtInRect
BringWindowToTop
KillTimer
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW

gdi32

SetViewportOrgEx
Rectangle
CreatePatternBrush
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
GetPixel
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
CreateFontIndirectW
GetStockObject
CreateRectRgn
CombineRgn
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateSolidBrush
BitBlt
DeleteObject
RoundRect
GetDeviceCaps
DeleteDC

comdlg32

GetSaveFileNameW
ChooseFontA
ChooseFontW
GetOpenFileNameW
ChooseColorW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW

shell32

SHGetPathFromIDListW
ExtractIconW
SHFileOperationW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
DragQueryFileW
DragFinish
DragAcceptFiles
ShellExecuteW
SHBrowseForFolderW

ole32

CLSIDFromProgID
CoTaskMemFree
OleUninitialize
OleInitialize
CLSIDFromString
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
CreateStreamOnHGlobal

oleaut32

VariantInit
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo

ws2_32

ntohl
WSAStartup
WSACleanup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_ntoa
htons
gethostbyname
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
inet_addr

winmm

mciSendStringW
timeGetTime

quartz

AMGetErrorTextW

comctl32

_TrackMouseEvent
ord16
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
ImageList_LoadImageW
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

urlmon

CoInternetGetSession

Sections

.text
Size: 948KB - Virtual size: 946KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodTerminal.exe
.exe windows:4 windows x86 arch:x86

05572a72dbb7a93e408d8592452445db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostbyname
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
inet_addr
htonl
connect
recv
setsockopt
socket
ntohs
closesocket
__WSAFDIsSet
select
ioctlsocket
gethostname
WSAStartup
getpeername
WSAJoinLeaf
WSASocketA
inet_ntoa
sendto
htons
recvfrom
WSACloseEvent
accept
bind
listen
WSACreateEvent
WSAGetLastError
send
ntohl
WSAEventSelect

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

kernel32

HeapSize
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
DeleteFileA
InterlockedExchange
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MoveFileExA
Sleep
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetTempPathA
GetPrivateProfileStringA
WritePrivateProfileStringA
InterlockedDecrement
QueryPerformanceCounter
GetSystemTime
InterlockedIncrement
CopyFileA
CreateSemaphoreA
OpenSemaphoreA
HeapFree
HeapAlloc
GetProcessHeap
MoveFileA
LocalFree
LocalAlloc
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
GetDiskFreeSpaceExA
GetLastError
GetLogicalDriveStringsA
TerminateProcess
ReadFile
PeekNamedPipe
GetWindowsDirectoryA
GetStartupInfoA
CreatePipe
GetProcAddress
LoadLibraryA
lstrlenA
lstrlenW
RtlUnwind
GetFileType
CreateFileA
CreateDirectoryA
GetStdHandle
FlushFileBuffers
WriteFile
SetFilePointer
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
CreateDirectoryW
CreateFileW
GetTimeZoneInformation
GetSystemTimeAsFileTime
RaiseException
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsAlloc
SetLastError
SetStdHandle
SetEndOfFile
SetHandleCount
LCMapStringA

user32

DispatchMessageA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
PostQuitMessage
CreateWindowExA
LoadIconA
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage

advapi32

RegOpenKeyA
RegCloseKey

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoCreateGuid

oleaut32

SysStringLen
SysAllocString
VariantClear
SysFreeString

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodUninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/QvodInit.exe
.exe windows:4 windows x86 arch:x86

01f6ed59eb715c2fdc6ede31fe9a89f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetStdHandle
GetStringTypeW
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
SetFilePointer
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
HeapReAlloc
IsBadWritePtr
GetLastError
FlushFileBuffers

user32

PostMessageA
FindWindowA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShareModule.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a47c3f9f7087ea0a7f24fa9676beea78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
ResetEvent
WaitForSingleObject
WideCharToMultiByte
GetFileAttributesW
OpenMutexW
DebugBreak
OutputDebugStringW
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
FindResourceW
GetLastError
LoadLibraryExW
CreateEventW
lstrcpynW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrcatW
GetProcAddress
LoadLibraryW
LoadLibraryA
SetEvent
lstrlenW
MultiByteToWideChar
lstrlenA
Sleep
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntW
lstrcmpiW
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
WriteFile
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
RtlUnwind
UnhandledExceptionFilter
SetLastError
TlsFree
GetFileType
CreateFileA
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
ReadFile
SetFilePointer
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetCurrentThreadId
TlsAlloc

user32

wvsprintfW
MessageBoxW
LoadStringW
CharNextW
CharLowerW

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegEnumValueW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

VarUI4FromStr
SysFreeString
SysAllocString
VariantClear
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen

ws2_32

htons
socket
closesocket
WSAStartup
setsockopt
connect
htonl
ntohs
recv
WSAGetLastError
inet_addr
send
ntohl

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/Default.xml
Skin/Default/Thumbs.db
Skin/Default/back.bmp
Skin/Default/backleft.bmp
Skin/Default/backmid.bmp
Skin/Default/backright.bmp
Skin/Default/bgline.bmp
Skin/Default/bleft1.bmp
Skin/Default/bottom.bmp
Skin/Default/bottomleft.bmp
Skin/Default/bottomright.bmp
Skin/Default/bright1.bmp
Skin/Default/caption.bmp
Skin/Default/close.bmp
Skin/Default/full.bmp
Skin/Default/icon.bmp
Skin/Default/info.bmp
Skin/Default/infofull.bmp
Skin/Default/left.bmp
Skin/Default/left1.bmp
Skin/Default/listbutton.bmp
Skin/Default/listbutton2.bmp
Skin/Default/listsplit.bmp
Skin/Default/lsearchb1.bmp
Skin/Default/lsearchb2.bmp
Skin/Default/lsearchbg.bmp
Skin/Default/lsearchbg1.bmp
Skin/Default/max.bmp
Skin/Default/media_del.bmp
Skin/Default/media_files.bmp
Skin/Default/media_files_2.bmp
Skin/Default/media_info.bmp
Skin/Default/media_search.bmp
Skin/Default/media_sham.bmp
Skin/Default/media_sham_2.bmp
Skin/Default/mediaeditdel.bmp
Skin/Default/mediare.bmp
Skin/Default/mediatolist.bmp
Skin/Default/mediatree.bmp
Skin/Default/menu.bmp
Skin/Default/min.bmp
Skin/Default/mtk.bmp
Skin/Default/mute.bmp
Skin/Default/mute2.bmp
Skin/Default/next.bmp
Skin/Default/nowplay.bmp
Skin/Default/open.bmp
Skin/Default/pause.bmp
Skin/Default/play.bmp
Skin/Default/playlist_toolbar.bmp
Skin/Default/pre.bmp
Skin/Default/processp.bmp
Skin/Default/progress.bmp
Skin/Default/progress_thumb.bmp
Skin/Default/reold.bmp
Skin/Default/right.bmp
Skin/Default/right1.bmp
Skin/Default/scroll_back.bmp
Skin/Default/scroll_back_h.bmp
Skin/Default/scroll_down.bmp
Skin/Default/scroll_left.bmp
Skin/Default/scroll_limit.bmp
Skin/Default/scroll_limit_h.bmp
Skin/Default/scroll_right.bmp
Skin/Default/scroll_up.bmp
Skin/Default/stop.bmp
Skin/Default/tab.bmp
Skin/Default/tab1.bmp
Skin/Default/tabs_left.bmp
Skin/Default/tabs_mid.bmp
Skin/Default/tabs_right.bmp
Skin/Default/top.bmp
Skin/Default/topleft.bmp
Skin/Default/topleft1.bmp
Skin/Default/topright.bmp
Skin/Default/topright1.bmp
Skin/Default/volume.bmp
Skin/Default/volumeb.bmp
Skin/Default/volumep.bmp
Skin/MiNi/back.bmp
Skin/MiNi/info.bmp
Skin/MiNi/mute.bmp
Skin/MiNi/mute2.bmp
Skin/MiNi/next.bmp
Skin/MiNi/open.bmp
Skin/MiNi/pause.bmp
Skin/MiNi/play.bmp
Skin/MiNi/pre.bmp
Skin/MiNi/processp.bmp
Skin/MiNi/progress.bmp
Skin/MiNi/progress_thumb.bmp
Skin/MiNi/progressd.bmp
Skin/MiNi/volume.bmp
Skin/MiNi/volumeb.bmp
Skin/MiNi/volumep.bmp
Skin/Mini.xml
Skin/div1.png
.png
Skin/div2.png
.png
Skin/ext.png
.png
Skin/left.png
.png
Skin/logo.bmp
Skin/logo.png
.png
Skin/main1.png
.png
Skin/main1_na.png
.png
Skin/main2.png
.png
Skin/main2_na.png
.png
Skin/nc_Max.png
.png
Skin/nc_Min.png
.png
Skin/nc_Normal.png
.png
Skin/nc_close.png
.png
Skin/nc_full.png
.png
Skin/pause.png
.png
Skin/play.png
.png
Skin/pro1.png
.png
Skin/pro2.png
.png
Skin/pro_thumb1.png
.png
Skin/pro_thumb2.png
.png
Skin/right.png
.png
Skin/skin.xml
.xml
Skin/stop.png
.png
Skin/vol.png
.png
Skin/vol1.png
.png
Skin/vol2.png
.png
uninst.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 97KB - Virtual size: 96KB

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

9c523d8653da5455667e3f82274f2f88

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 32KB

.rsrc Size: 24KB - Virtual size: 24KB

dbb6ae12303c20296c693f51a2687989

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:feCertificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

setupapi

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 97KB - Virtual size: 96KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 32KB

.rsrc
Size: 24KB - Virtual size: 24KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 264KB - Virtual size: 263KB

.data
Size: 152KB - Virtual size: 165KB

.Shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 264KB - Virtual size: 261KB

.reloc
Size: 148KB - Virtual size: 147KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 96KB - Virtual size: 95KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

23:89:03:55:99:b2:04:cb:18:73:d5:5a:bd:23:83:fe
Certificate

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 44KB - Virtual size: 41KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate