252605a3274b993f1b4a9c72b5735ba9_JaffaCakes118

resource
252605a3274b993f1b4a9c72b5735ba9_JaffaCakes118
unpack001/$PLUGINSDIR/Base64.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/KuWoNsis_new.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack002/$PLUGINSDIR/Base64.dll
unpack002/$PLUGINSDIR/KuWoNsis_new.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/inetc.dll
unpack001/bin/UINetSongLib.dll

resource	yara_rule
sample	nsis_installer_1
static1/unpack001/$TEMP/KWMUSIC/DownloadUpdate.exe	nsis_installer_1
static1/unpack001/$TEMP/sobar/Baidu-TB-ASBar-Silent_kuwo.exe	nsis_installer_1

.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

CreateFileA

GetFileSize

GetModuleFileNameA

GetTickCount

GetCurrentProcess

SetFileTime

ExitProcess

GetCommandLineA

GetWindowsDirectoryA

GetTempPathA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

CloseHandle

lstrcmpiA

lstrcmpA

GetEnvironmentVariableA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

SetErrorMode

GetModuleHandleA

LoadLibraryA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

SetFilePointer

FindClose

MulDiv

FindNextFileA

FindFirstFileA

DeleteFileA

CopyFileA

user32

ExitWindowsEx

CharNextA

DialogBoxParamA

GetClassInfoA

SystemParametersInfoA

RegisterClassA

EndDialog

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

CheckDlgButton

GetAsyncKeyState

IsDlgButtonChecked

GetMessagePos

LoadBitmapA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

CreateDialogParamA

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxA

CharPrevA

wvsprintfA

DispatchMessageA

PeekMessageA

SendMessageTimeoutA

FindWindowExA

IsWindow

GetDlgItem

LoadImageA

GetDC

EnableWindow

InvalidateRect

CreateWindowExA

GetWindowLongA

DrawFocusRect

DestroyWindow

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

ShowWindow

TrackPopupMenu

wsprintfA

SendMessageA

CallWindowProcA

MapWindowPoints

GetWindowRect

ScreenToClient

PtInRect

LoadCursorA

SetCursor

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

SetWindowLongA

gdi32

SetBkColor

GetDeviceCaps

GetCurrentObject

GetObjectA

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetMalloc

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegEnumKeyA

RegEnumValueA

RegSetValueExA

RegCreateKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegQueryValueExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 480KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$1

$APPDATA/kuwo/Conf/p2pconf/setup.xml

.xml

$PLUGINSDIR/Base64.dll

.dll windows:4 windows x86 arch:x86

472def3d6dc5d4ffe27376a831b4d49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

GetCommandLineA

GetVersion

ExitProcess

TerminateProcess

GetCurrentProcess

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

HeapFree

WriteFile

MultiByteToWideChar

GetStringTypeA

GetStringTypeW

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

HeapAlloc

GetCPInfo

GetACP

GetOEMCP

VirtualAlloc

HeapReAlloc

GetProcAddress

LoadLibraryA

RtlUnwind

LCMapStringA

LCMapStringW

Exports

Decrypt

Encrypt

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/InstallOptions.dll

.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA

GetCurrentDirectoryA

GetPrivateProfileIntA

GetModuleHandleA

lstrcmpiA

GetPrivateProfileStringA

lstrcatA

lstrcpynA

WritePrivateProfileStringA

lstrlenA

lstrcpyA

GlobalFree

MultiByteToWideChar

GlobalAlloc

user32

GetDlgCtrlID

GetClientRect

SetWindowRgn

MapWindowPoints

LoadImageA

SetWindowLongA

CreateWindowExA

MapDialogRect

SetWindowPos

GetWindowRect

CreateDialogParamA

ShowWindow

EnableWindow

GetDlgItem

DestroyIcon

DestroyWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

PtInRect

LoadCursorA

SetCursor

DrawTextA

GetWindowLongA

DrawFocusRect

CallWindowProcA

PostMessageA

MessageBoxA

CharNextA

wsprintfA

GetWindowTextA

SetWindowTextA

SendMessageA

LoadIconA

gdi32

SetTextColor

GetObjectA

SelectObject

GetDIBits

CreateRectRgn

CombineRgn

DeleteObject

CreateCompatibleDC

shell32

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetDesktopFolder

SHGetMalloc

ShellExecuteA

comdlg32

GetOpenFileNameA

GetSaveFileNameA

CommDlgExtendedError

Exports

dialog

initDialog

show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KillProcDLL.dll

.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess

CloseHandle

OpenProcess

FreeLibrary

LoadLibraryA

GetProcAddress

GetVersionExA

GlobalFree

lstrcpyA

InterlockedDecrement

InterlockedIncrement

GetCommandLineA

GetVersion

HeapFree

HeapAlloc

WideCharToMultiByte

MultiByteToWideChar

LCMapStringA

LCMapStringW

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

ExitProcess

GetCurrentProcess

HeapReAlloc

HeapSize

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

WriteFile

VirtualAlloc

RtlUnwind

GetCPInfo

GetStringTypeA

GetStringTypeW

GetACP

GetOEMCP

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:5 windows x86 arch:x86

4ab986f64a1874664feabca76ad3c867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\Program Files\_NSIS_246\Plugins\KuWoNsis_new.pdb

Imports

kernel32

lstrcpyA

lstrcpynA

GlobalAlloc

FindClose

FindNextFileA

FindFirstFileA

MoveFileExA

DeleteFileA

GetVersionExA

GetExitCodeProcess

WaitForSingleObject

GetExitCodeThread

CreateThread

Process32Next

TerminateProcess

DuplicateHandle

GlobalFree

GetCurrentProcessId

Process32First

CreateToolhelp32Snapshot

CreateProcessA

OpenProcess

CreateDirectoryA

MoveFileA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GetTempPathA

GetFileAttributesA

GetLastError

RemoveDirectoryA

GetTempFileNameA

DeviceIoControl

GetLogicalDrives

CreateFileA

CloseHandle

GetLogicalDriveStringsA

GetDriveTypeA

GetCurrentProcess

GetDiskFreeSpaceExA

FlushFileBuffers

RtlUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

HeapFree

HeapAlloc

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

MultiByteToWideChar

LCMapStringW

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

HeapSize

WriteFile

SetFilePointer

GetConsoleCP

GetConsoleMode

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

advapi32

RegQueryValueExA

RegCloseKey

GetNamedSecurityInfoA

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

RegOpenKeyExA

shell32

ShellExecuteExA

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

Exports

AddDirAccessRights

AddRegAccessRights

ClearInstDir

CreateCachePath

DecodePath

GetFileName

GetInstallDate

KwKillProc

KwKillProcEx

ModifyCacheFileAsNow

RenameDeletePathAllFiles

XORBase64

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

GetLastError

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/inetc.dll

.dll windows:4 windows x86 arch:x86

5d31a4a9e83c0a8e38bab1f57d28402c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

msvcrt

strtoul

_adjust_fdiv

malloc

_initterm

free

_mbsrchr

memset

_mbsstr

_mbschr

strtol

strlen

kernel32

DeleteFileA

CreateThread

WaitForSingleObject

TerminateThread

GetModuleHandleA

MulDiv

lstrcpyA

GlobalAlloc

LoadLibraryA

GetProcAddress

lstrcmpiA

WriteFile

ReadFile

lstrlenA

lstrcmpA

lstrcpynA

GetLastError

CreateFileA

GlobalFree

CloseHandle

SleepEx

SetFilePointer

GetTickCount

lstrcatA

GetFileSize

user32

MessageBoxA

GetParent

ShowWindow

PostMessageA

SetWindowTextA

IsWindow

SendMessageA

GetDlgItem

SetDlgItemTextA

SendDlgItemMessageA

SetWindowPos

SystemParametersInfoA

GetClientRect

GetWindowRect

SetTimer

LoadIconA

SetWindowLongA

GetWindowLongA

UpdateWindow

DestroyWindow

KillTimer

RedrawWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

EnableWindow

CreateDialogParamA

FindWindowExA

wsprintfA

GetWindowTextA

wininet

HttpSendRequestA

HttpSendRequestExA

HttpQueryInfoA

InternetCloseHandle

InternetErrorDlg

InternetSetFilePointer

InternetQueryOptionA

HttpAddRequestHeadersA

InternetSetOptionA

HttpOpenRequestA

FtpCreateDirectoryA

FtpOpenFileA

InternetGetLastResponseInfoA

HttpEndRequestA

InternetConnectA

InternetCrackUrlA

InternetOpenA

InternetReadFile

InternetWriteFile

comctl32

ord17

Exports

get

head

post

put

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/ioSpecial.ini

$PLUGINSDIR/kwsobar.bmp

$PLUGINSDIR/modern-header.bmp

$PLUGINSDIR/modern-wizard.bmp

$PLUGINSDIR/sobar/KwMusic_sobar.ini

$TEMP/KWMUSIC/BindConfig.ini

$TEMP/KWMUSIC/DownloadUpdate.exe

.exe windows:4 windows x86 arch:x86

237a51742fed62d237b6f1b75452402f

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

70:1a:a4:39:5a:b1:1a:1c:cf:6e:6d:7c:b7:df:2a:30:60:36:ba:3d
Signer

Actual PE Digest

70:1a:a4:39:5a:b1:1a:1c:cf:6e:6d:7c:b7:df:2a:30:60:36:ba:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

CreateFileA

GetFileSize

GetModuleFileNameA

GetTickCount

GetCurrentProcess

SetFileTime

ExitProcess

GetCommandLineA

GetWindowsDirectoryA

GetTempPathA

lstrcpynA

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

lstrlenA

lstrcatA

GetSystemDirectoryA

CloseHandle

lstrcmpiA

lstrcmpA

GetEnvironmentVariableA

ExpandEnvironmentStringsA

GlobalFree

GlobalAlloc

WaitForSingleObject

GetExitCodeProcess

SetErrorMode

GetModuleHandleA

LoadLibraryA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

GetPrivateProfileStringA

WriteFile

ReadFile

SetFilePointer

FindClose

MulDiv

FindNextFileA

FindFirstFileA

DeleteFileA

CopyFileA

user32

ExitWindowsEx

CharNextA

DialogBoxParamA

GetClassInfoA

SystemParametersInfoA

RegisterClassA

EndDialog

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

CheckDlgButton

GetAsyncKeyState

IsDlgButtonChecked

GetMessagePos

LoadBitmapA

IsWindowVisible

CloseClipboard

SetClipboardData

EmptyClipboard

OpenClipboard

CreateDialogParamA

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxA

CharPrevA

wvsprintfA

DispatchMessageA

PeekMessageA

SendMessageTimeoutA

FindWindowExA

IsWindow

GetDlgItem

LoadImageA

GetDC

EnableWindow

InvalidateRect

CreateWindowExA

GetWindowLongA

DrawFocusRect

DestroyWindow

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

ShowWindow

TrackPopupMenu

wsprintfA

SendMessageA

CallWindowProcA

MapWindowPoints

GetWindowRect

ScreenToClient

PtInRect

LoadCursorA

SetCursor

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

SetWindowLongA

gdi32

SetBkColor

GetDeviceCaps

GetCurrentObject

GetObjectA

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetMalloc

SHGetPathFromIDListA

SHBrowseForFolderA

SHGetFileInfoA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegEnumKeyA

RegEnumValueA

RegSetValueExA

RegCreateKeyExA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegQueryValueExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 288KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PLUGINSDIR/Base64.dll

.dll windows:4 windows x86 arch:x86

472def3d6dc5d4ffe27376a831b4d49b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalFree

lstrcpyA

lstrcpynA

GlobalAlloc

GetCommandLineA

GetVersion

ExitProcess

TerminateProcess

GetCurrentProcess

GetCurrentThreadId

TlsSetValue

TlsAlloc

TlsFree

TlsGetValue

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStrings

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

HeapFree

WriteFile

MultiByteToWideChar

GetStringTypeA

GetStringTypeW

InitializeCriticalSection

EnterCriticalSection

LeaveCriticalSection

HeapAlloc

GetCPInfo

GetACP

GetOEMCP

VirtualAlloc

HeapReAlloc

GetProcAddress

LoadLibraryA

RtlUnwind

LCMapStringA

LCMapStringW

Exports

Decrypt

Encrypt

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/KuWoNsis_new.dll

.dll windows:5 windows x86 arch:x86

7666470595ee14366c90d3ea4ce2cc79

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

C:\Program Files\_NSIS_246\Plugins\KuWoNsis_new.pdb

Imports

kernel32

lstrcpyA

lstrcpynA

GlobalAlloc

FindClose

FindNextFileA

FindFirstFileA

MoveFileExA

DeleteFileA

GetVersionExA

CreateDirectoryA

MoveFileA

SetFileTime

LocalFileTimeToFileTime

SystemTimeToFileTime

GetLocalTime

GlobalFree

GetFileAttributesA

GetLastError

GetExitCodeProcess

WaitForSingleObject

GetExitCodeThread

CreateThread

Process32Next

TerminateProcess

DuplicateHandle

GetCurrentProcess

GetCurrentProcessId

Process32First

CreateToolhelp32Snapshot

CreateProcessA

OpenProcess

DeviceIoControl

GetLogicalDrives

CreateFileA

CloseHandle

GetLogicalDriveStringsA

GetDriveTypeA

GetTempPathA

GetDiskFreeSpaceExA

FlushFileBuffers

RtlUnwind

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RaiseException

GetSystemTimeAsFileTime

GetCurrentThreadId

GetCommandLineA

HeapFree

HeapAlloc

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LCMapStringA

WideCharToMultiByte

MultiByteToWideChar

LCMapStringW

Sleep

ExitProcess

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapCreate

HeapDestroy

VirtualFree

QueryPerformanceCounter

GetTickCount

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

HeapSize

WriteFile

SetFilePointer

GetConsoleCP

GetConsoleMode

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

advapi32

RegQueryValueExA

RegCloseKey

GetNamedSecurityInfoA

BuildExplicitAccessWithNameA

SetEntriesInAclA

SetNamedSecurityInfoA

RegOpenKeyExA

shell32

ShellExecuteExA

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

Exports

AddDirAccessRights

AddRegAccessRights

ClearInstDir

CreateCachePath

DecodePath

GetFileName

GetInstallDate

KwKillProc

ModifyCacheFileAsNow

RenameDeletePathAllFiles

XORBase64

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/System.dll

.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc

GlobalFree

GlobalSize

lstrcpyA

lstrcpynA

FreeLibrary

lstrcatA

GetProcAddress

LoadLibraryA

GetModuleHandleA

MultiByteToWideChar

lstrlenA

WideCharToMultiByte

GetLastError

VirtualAlloc

VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2

CLSIDFromString

Exports

Alloc

Call

Copy

Free

Get

Int64Op

Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PLUGINSDIR/inetc.dll

.dll windows:4 windows x86 arch:x86

5d31a4a9e83c0a8e38bab1f57d28402c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

msvcrt

strtoul

_adjust_fdiv

malloc

_initterm

free

_mbsrchr

memset

_mbsstr

_mbschr

strtol

strlen

kernel32

DeleteFileA

CreateThread

WaitForSingleObject

TerminateThread

GetModuleHandleA

MulDiv

lstrcpyA

GlobalAlloc

LoadLibraryA

GetProcAddress

lstrcmpiA

WriteFile

ReadFile

lstrlenA

lstrcmpA

lstrcpynA

GetLastError

CreateFileA

GlobalFree

CloseHandle

SleepEx

SetFilePointer

GetTickCount

lstrcatA

GetFileSize

user32

MessageBoxA

GetParent

ShowWindow

PostMessageA

SetWindowTextA

IsWindow

SendMessageA

GetDlgItem

SetDlgItemTextA

SendDlgItemMessageA

SetWindowPos

SystemParametersInfoA

GetClientRect

GetWindowRect

SetTimer

LoadIconA

SetWindowLongA

GetWindowLongA

UpdateWindow

DestroyWindow

KillTimer

RedrawWindow

DispatchMessageA

TranslateMessage

GetMessageA

IsDialogMessageA

EnableWindow

CreateDialogParamA

FindWindowExA

wsprintfA

GetWindowTextA

wininet

HttpSendRequestA

HttpSendRequestExA

HttpQueryInfoA

InternetCloseHandle

InternetErrorDlg

InternetSetFilePointer

InternetQueryOptionA

HttpAddRequestHeadersA

InternetSetOptionA

HttpOpenRequestA

FtpCreateDirectoryA

FtpOpenFileA

InternetGetLastResponseInfoA

HttpEndRequestA

InternetConnectA

InternetCrackUrlA

InternetOpenA

InternetReadFile

InternetWriteFile

comctl32

ord17

Exports

get

head

post

put

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$TEMP/sobar/Baidu-TB-ASBar-Silent_kuwo.exe

.exe windows:4 windows x86 arch:x86

b711f65a9aff6a22fb2f57f0ac8bda33

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_LINE_NUMS_STRIPPED

IMAGE_FILE_LOCAL_SYMS_STRIPPED

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime

SearchPathA

GetShortPathNameA

GetFullPathNameA

MoveFileA

lstrcatA

SetCurrentDirectoryA

GetFileAttributesA

GetLastError

CreateDirectoryA

SetFileAttributesA

Sleep

CreateFileA

GetFileSize

GetModuleFileNameA

GetTickCount

GetCurrentProcess

CopyFileA

ExitProcess

lstrcpynA

SetFileTime

GetWindowsDirectoryA

GetTempPathA

GetUserDefaultLangID

GetDiskFreeSpaceA

GlobalUnlock

GlobalLock

GlobalAlloc

CreateThread

CreateProcessA

RemoveDirectoryA

GetTempFileNameA

SetEndOfFile

UnmapViewOfFile

MapViewOfFile

CreateFileMappingA

lstrcpyA

lstrlenA

GetSystemDirectoryA

CloseHandle

lstrcmpiA

GetEnvironmentVariableA

ExpandEnvironmentStringsA

GlobalFree

WaitForSingleObject

GetExitCodeProcess

SetErrorMode

GetModuleHandleA

LoadLibraryA

GetProcAddress

FreeLibrary

MultiByteToWideChar

WritePrivateProfileStringA

MulDiv

GetPrivateProfileStringA

WriteFile

ReadFile

SetFilePointer

FindClose

FindNextFileA

FindFirstFileA

DeleteFileA

GetCommandLineA

user32

SystemParametersInfoA

RegisterClassA

EndDialog

ScreenToClient

GetWindowRect

SetClassLongA

IsWindowEnabled

SetWindowPos

GetSysColor

GetWindowLongA

LoadCursorA

SetCursor

CheckDlgButton

GetMessagePos

LoadBitmapA

CallWindowProcA

IsWindowVisible

CloseClipboard

SetClipboardData

CreateWindowExA

OpenClipboard

TrackPopupMenu

AppendMenuA

CreatePopupMenu

GetSystemMetrics

SetDlgItemTextA

GetDlgItemTextA

MessageBoxA

CharPrevA

SetTimer

SetWindowTextA

PostQuitMessage

SetForegroundWindow

ShowWindow

wsprintfA

SendMessageTimeoutA

FindWindowExA

IsWindow

GetClassInfoA

DialogBoxParamA

CharNextA

ExitWindowsEx

CreateDialogParamA

EmptyClipboard

DestroyWindow

SetWindowLongA

LoadImageA

GetDC

EnableWindow

PeekMessageA

DispatchMessageA

InvalidateRect

SendMessageA

DefWindowProcA

BeginPaint

GetClientRect

FillRect

DrawTextA

EndPaint

GetDlgItem

gdi32

SetBkColor

GetDeviceCaps

DeleteObject

CreateBrushIndirect

CreateFontIndirectA

SetBkMode

SetTextColor

SelectObject

shell32

SHGetMalloc

SHGetPathFromIDListA

SHBrowseForFolderA

ShellExecuteA

SHFileOperationA

SHGetSpecialFolderLocation

advapi32

RegQueryValueExA

RegSetValueExA

RegEnumKeyA

RegEnumValueA

RegOpenKeyExA

RegDeleteKeyA

RegDeleteValueA

RegCloseKey

RegCreateKeyExA

comctl32

ImageList_AddMasked

ImageList_Destroy

ord17

ImageList_Create

ole32

OleInitialize

OleUninitialize

CoCreateInstance

version

GetFileVersionInfoSizeA

GetFileVersionInfoA

VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/ASBarBroker.exe

.exe windows:4 windows x86 arch:x86

8cb73f23fc4ffce04345bba981c347fe

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

OutputDebugStringW

FreeLibrary

MultiByteToWideChar

SizeofResource

LoadResource

FindResourceW

LoadLibraryExW

GetModuleHandleW

Sleep

GetProcAddress

LoadLibraryW

GetLongPathNameW

GetCurrentThreadId

GetCommandLineW

EnterCriticalSection

LeaveCriticalSection

VirtualFreeEx

CreateRemoteThread

WriteProcessMemory

DebugBreak

GetShortPathNameW

OpenProcess

CreateFileW

DeviceIoControl

GetVersionExW

GlobalFree

GlobalAlloc

GetCurrentProcess

GetLocaleInfoA

GetStringTypeW

GetStringTypeA

LCMapStringW

LCMapStringA

GetConsoleMode

lstrlenA

InterlockedIncrement

GetModuleFileNameW

CreateEventW

CreateThread

SetEvent

lstrcmpiW

InterlockedDecrement

GetLastError

DeleteCriticalSection

InitializeCriticalSection

RaiseException

lstrlenW

WideCharToMultiByte

WaitForSingleObject

CloseHandle

VirtualAllocEx

GetConsoleCP

SetFilePointer

LoadLibraryA

SetStdHandle

FlushFileBuffers

CreateFileA

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

GetSystemTimeAsFileTime

GetCurrentProcessId

GetTickCount

QueryPerformanceCounter

GetStartupInfoA

GetFileType

SetHandleCount

GetCommandLineA

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

HeapSize

GetVersionExA

HeapAlloc

HeapFree

RtlUnwind

HeapReAlloc

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetProcessHeap

GetStartupInfoW

VirtualFree

VirtualAlloc

HeapDestroy

HeapCreate

GetModuleHandleA

ExitProcess

WriteFile

GetStdHandle

GetModuleFileNameA

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

SetLastError

user32

GetMessageW

TranslateMessage

DispatchMessageW

LoadStringW

CharNextW

PostThreadMessageW

UnregisterClassA

CharLowerBuffW

advapi32

RegCreateKeyW

OpenProcessToken

GetTokenInformation

AllocateAndInitializeSid

EqualSid

FreeSid

RegEnumKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegOpenKeyExW

RegCreateKeyExW

RegCloseKey

RegDeleteValueW

RegDeleteKeyW

shell32

ShellExecuteExW

SHGetFolderPathW

ole32

CoInitialize

CoUninitialize

CoCreateInstance

CoTaskMemFree

CoRegisterClassObject

CoRevokeClassObject

CoTaskMemRealloc

CoTaskMemAlloc

StringFromGUID2

oleaut32

SysAllocString

LoadTypeLi

UnRegisterTypeLi

RegisterTypeLi

SysStringLen

SysFreeString

VarUI4FromStr

shlwapi

PathFileExistsW

StrCmpNIW

SHGetValueW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/AddressBar.dll

.dll regsvr32 windows:4 windows x86 arch:x86

c6079cff13dd538f8c2b93227d9d6d6c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\pupeng_213326_win32\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb

Imports

version

GetFileVersionInfoW

GetFileVersionInfoSizeW

VerQueryValueW

ws2_32

gethostname

WSAStartup

gethostbyname

inet_ntoa

WSACleanup

shlwapi

StrDupW

PathRemoveFileSpecW

StrCmpNW

UrlCanonicalizeW

UrlUnescapeA

StrCmpIW

PathRemoveFileSpecA

PathIsDirectoryA

SHDeleteValueW

PathFileExistsW

StrStrIW

SHGetValueW

StrCpyNW

SHDeleteKeyW

SHSetValueW

dbghelp

ImageDirectoryEntryToData

winmm

timeGetTime

iphlpapi

GetAdaptersInfo

GetNetworkParams

wininet

InternetConnectA

InternetConnectW

HttpOpenRequestA

HttpOpenRequestW

InternetCloseHandle

InternetSetStatusCallbackA

InternetSetStatusCallbackW

HttpSendRequestW

InternetOpenW

InternetQueryOptionW

DeleteUrlCacheEntryW

InternetGetCookieW

InternetCrackUrlW

InternetOpenUrlW

InternetSetOptionW

HttpQueryInfoW

InternetQueryDataAvailable

InternetReadFile

GetUrlCacheEntryInfoW

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmGetOpenStatus

ImmGetDefaultIMEWnd

ImmGetContext

ImmReleaseContext

ImmGetCompositionStringW

ImmGetCompositionWindow

kernel32

GetConsoleCP

GetModuleFileNameA

GetConsoleMode

LoadLibraryA

LoadLibraryW

GetModuleHandleA

GetModuleHandleW

GetProcAddress

GetFileAttributesW

GetVersion

RaiseException

InterlockedDecrement

lstrlenW

EnterCriticalSection

LeaveCriticalSection

GetLastError

SetLastError

GetModuleFileNameW

OutputDebugStringA

InterlockedIncrement

OutputDebugStringW

InitializeCriticalSection

DeleteCriticalSection

lstrcmpiW

LoadLibraryExW

lstrlenA

DebugBreak

FreeLibrary

MultiByteToWideChar

SizeofResource

LoadResource

FindResourceW

DisableThreadLibraryCalls

LocalFree

CloseHandle

ResumeThread

SetThreadPriority

ReleaseMutex

WaitForSingleObject

CreateMutexW

DeleteFileW

GetACP

GetCurrentThreadId

WideCharToMultiByte

GetTickCount

GlobalUnlock

GlobalLock

CreateFileW

DeviceIoControl

GetVersionExW

FlushInstructionCache

GetCurrentProcess

lstrcmpW

SwitchToThread

GetCurrentProcessId

GetCommandLineW

Sleep

GetPrivateProfileIntW

GetPrivateProfileStringW

MoveFileExW

CreateDirectoryW

GetCurrentDirectoryA

GetSystemDirectoryW

GetLongPathNameW

TerminateThread

CopyFileW

MapViewOfFile

CreateFileMappingW

UnmapViewOfFile

TryEnterCriticalSection

GetLocalTime

CompareStringW

GetWindowsDirectoryW

QueryPerformanceCounter

QueryPerformanceFrequency

TlsAlloc

TlsFree

TlsGetValue

TlsSetValue

SetFilePointer

ReadFile

SystemTimeToFileTime

LocalFileTimeToFileTime

GetCurrentDirectoryW

SetFileTime

WriteFile

GetTempFileNameW

GetTempPathW

LockResource

GlobalFree

GlobalAlloc

SetErrorMode

GetFileSize

FileTimeToSystemTime

GetShortPathNameW

lstrcatW

lstrcpyW

WritePrivateProfileStringW

FindNextFileW

FindClose

FindFirstFileW

FreeResource

WriteProcessMemory

ReadProcessMemory

VirtualProtect

VirtualQuery

lstrcmpiA

GetFileInformationByHandle

HeapAlloc

HeapReAlloc

HeapFree

HeapSize

LocalAlloc

GetProcessHeap

GlobalReAlloc

GetFileAttributesA

DeleteFileA

AreFileApisANSI

CreateFileA

GetTempPathA

FlushFileBuffers

SetEndOfFile

UnlockFile

LockFile

LockFileEx

GetFullPathNameA

GetFullPathNameW

GetSystemTime

GetSystemTimeAsFileTime

SetCurrentDirectoryA

LCMapStringA

LCMapStringW

SetHandleCount

GetFileType

GetStartupInfoA

FreeEnvironmentStringsA

CreateThread

FileTimeToLocalFileTime

GetDriveTypeW

GetDriveTypeA

GetEnvironmentStrings

FindFirstFileA

GetCommandLineA

GetCPInfo

GetOEMCP

IsValidCodePage

GetCurrentThread

HeapDestroy

HeapCreate

FatalAppExitA

ExitProcess

GetStdHandle

FreeEnvironmentStringsW

GetEnvironmentStringsW

GetStringTypeA

GetStringTypeW

GetTimeZoneInformation

GetTimeFormatA

GetDateFormatA

GetUserDefaultLCID

GetLocaleInfoA

EnumSystemLocalesA

IsValidLocale

SetConsoleCtrlHandler

InterlockedExchange

GetLocaleInfoW

SetStdHandle

ExitThread

IsDebuggerPresent

GetVersionExA

InterlockedCompareExchange

IsProcessorFeaturePresent

VirtualFree

VirtualAlloc

RtlUnwind

TerminateProcess

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

CompareStringA

SetEnvironmentVariableA

UnhandledExceptionFilter

RemoveDirectoryW

SetUnhandledExceptionFilter

user32

GetCapture

CreateIconFromResourceEx

CharLowerBuffW

SetForegroundWindow

GetForegroundWindow

AttachThreadInput

GetClassLongW

KillTimer

SetTimer

wsprintfW

RemovePropW

SetPropW

GetPropW

OffsetRect

SetCursor

IsWindowEnabled

GetWindowDC

ScreenToClient

MoveWindow

GetWindowTextLengthW

SetFocus

GetWindow

MapWindowPoints

SetWindowPos

GetDlgItem

EndDialog

MessageBoxW

CharLowerW

FindWindowW

SetWindowTextW

GetActiveWindow

DialogBoxParamW

FindWindowExW

PostThreadMessageW

GetMessageW

TranslateMessage

DispatchMessageW

GetDlgCtrlID

IsWindowVisible

EnumChildWindows

GetKeyState

GetClassNameW

GetParent

GetWindowThreadProcessId

WindowFromPoint

GetWindowRect

CreateWindowExW

GetClassInfoExW

RegisterClassExW

DestroyWindow

PtInRect

LoadCursorW

IsWindow

ShowWindow

PostMessageW

UpdateWindow

SetRectEmpty

CreateDialogParamW

BeginPaint

EndPaint

RegisterWindowMessageW

InvalidateRect

FillRect

GetClientRect

SystemParametersInfoW

GetWindowTextW

ReleaseDC

GetDC

GetFocus

CharLowerBuffA

SetWindowsHookExW

UnhookWindowsHookEx

CallNextHookEx

DefWindowProcW

GetWindowLongW

SetWindowLongW

CharNextW

LoadIconW

GetSysColor

DrawFocusRect

LoadStringW

InflateRect

CopyRect

DrawTextW

SendMessageW

DrawIconEx

SetScrollPos

ReleaseCapture

UpdateLayeredWindow

SetRect

GetSystemMetrics

RegisterClassW

SetCapture

DestroyIcon

GetScrollInfo

SetScrollInfo

ShowScrollBar

PeekMessageW

GetDesktopWindow

CharUpperBuffW

CharUpperW

MonitorFromRect

GetMonitorInfoW

GetCursorPos

LoadImageW

UnregisterClassA

CallWindowProcW

gdi32

GetTextExtentPoint32W

CreateFontIndirectW

DeleteDC

SelectObject

TextOutW

DeleteObject

ExtCreateRegion

CombineRgn

SetStretchBltMode

StretchBlt

GetDIBits

SetTextColor

SetBkMode

SetBkColor

GetPixel

ExtTextOutW

GetTextExtentPointW

BitBlt

CreateCompatibleDC

CreateDIBSection

CreateFontW

GetStockObject

GetCurrentObject

MoveToEx

CreateCompatibleBitmap

LineTo

CreatePen

GetObjectW

CreateSolidBrush

advapi32

CryptAcquireContextW

CryptCreateHash

CryptHashData

CryptDeriveKey

CryptDestroyHash

CryptDuplicateKey

CryptDecrypt

CryptEncrypt

RegOpenKeyW

RegEnumKeyExA

RegEnumKeyExW

RegDeleteKeyW

RegDeleteValueW

RegCloseKey

RegCreateKeyExW

RegOpenKeyExW

RegSetValueExW

RegQueryInfoKeyW

RegEnumValueW

CryptDestroyKey

RegQueryValueExW

RegCreateKeyW

ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW

SHGetFolderPathW

ShellExecuteExW

ExtractIconW

SHGetSpecialFolderPathW

DragQueryFileA

ord85

ole32

GetHGlobalFromStream

CreateStreamOnHGlobal

CoTaskMemAlloc

CoGetClassObject

RevokeDragDrop

CoInitialize

CoUninitialize

ReleaseStgMedium

RegisterDragDrop

CoCreateInstance

CoTaskMemFree

CoTaskMemRealloc

OleUninitialize

OleInitialize

oleaut32

SysAllocString

LoadTypeLi

RegisterTypeLi

VarUI4FromStr

LoadRegTypeLi

VariantInit

SysFreeString

SysAllocStringLen

SafeArrayDestroy

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayCreate

VariantCopy

SysStringLen

VariantClear

GetErrorInfo

VariantChangeType

SetErrorInfo

CreateErrorInfo

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

DllCanUnloadNow

DllCreateObject

DllGetClassObject

DllRegisterServer

DllUnregisterServer

RemoveOldVersion

RunOnceUpdate

SVCUninstall

UpdateASBar

_sqlite3_key_interop@12

_sqlite3_rekey_interop@12

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll

.dll regsvr32 windows:4 windows x86 arch:x86

33a23b97aefe5d050829989e159851d0

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\cuijingbing_470166_win32\0\app\gensoft\bar\toolbar\chinese_unicode_release\BaiduBarX.pdb

Imports

setupapi

SetupIterateCabinetW

version

VerQueryValueW

GetFileVersionInfoSizeW

GetFileVersionInfoW

imm32

ImmReleaseContext

ImmGetContext

ImmGetCompositionStringW

shlwapi

PathFindFileNameW

StrCpyW

SHDeleteKeyW

SHSetValueW

PathRemoveExtensionW

PathIsDirectoryW

PathFileExistsW

SHDeleteValueW

UrlCombineW

PathIsDirectoryA

PathRemoveFileSpecA

StrCmpIW

StrStrIW

PathFindExtensionW

UrlUnescapeA

UrlCanonicalizeW

StrRetToStrW

StrRetToStrA

UrlEscapeW

SHCopyKeyW

UrlUnescapeW

SHGetValueW

PathRemoveFileSpecW

wininet

HttpAddRequestHeadersW

HttpOpenRequestW

GetUrlCacheEntryInfoW

HttpSendRequestW

InternetCloseHandle

InternetCanonicalizeUrlW

InternetReadFile

InternetConnectW

InternetSetOptionW

InternetOpenW

InternetSetStatusCallbackW

InternetQueryDataAvailable

InternetQueryOptionW

FindFirstUrlCacheGroup

DeleteUrlCacheGroup

FindNextUrlCacheGroup

FindCloseUrlCache

FindFirstUrlCacheEntryW

FindNextUrlCacheEntryW

InternetOpenUrlW

InternetGetCookieW

HttpSendRequestExW

HttpEndRequestW

InternetGetConnectedState

InternetOpenA

InternetSetOptionA

InternetConnectA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestExA

InternetWriteFile

HttpEndRequestA

InternetSetCookieW

DeleteUrlCacheEntryW

HttpQueryInfoW

InternetCrackUrlW

urlmon

URLDownloadToFileW

CoInternetGetSession

rpcrt4

UuidCreate

iphlpapi

GetAdaptersInfo

GetNetworkParams

ws2_32

gethostname

gethostbyname

kernel32

OutputDebugStringW

GetModuleHandleA

GetModuleHandleW

GetProcAddress

GetFileAttributesW

GetVersion

RaiseException

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

LoadLibraryW

GetLastError

SetLastError

GetModuleFileNameW

OutputDebugStringA

GetCurrentThreadId

InterlockedIncrement

CreateProcessW

WideCharToMultiByte

CreateDirectoryW

GetTempPathW

CreateFileW

CloseHandle

WriteFile

GlobalReAlloc

GlobalUnlock

GlobalLock

GlobalAlloc

WaitForSingleObject

CreateMutexW

ReleaseMutex

DeleteFileW

ResumeThread

SetThreadPriority

SizeofResource

LockResource

LoadResource

FindResourceW

LocalFree

FreeLibrary

lstrcmpiW

TryEnterCriticalSection

LoadLibraryExW

MultiByteToWideChar

DisableThreadLibraryCalls

CopyFileW

DeviceIoControl

GetSystemDirectoryW

GetVersionExW

GetCurrentProcess

GetTickCount

CompareStringW

LoadLibraryA

GetACP

GetCurrentProcessId

FindClose

FindNextFileW

FindFirstFileW

TerminateThread

GetExitCodeThread

OpenMutexW

GetFullPathNameW

GlobalFree

MulDiv

RemoveDirectoryW

Sleep

ReadFile

GetFileSize

Thread32Next

SuspendThread

OpenThread

Thread32First

CreateToolhelp32Snapshot

UnmapViewOfFile

SetUnhandledExceptionFilter

MapViewOfFile

CreateFileMappingW

TerminateProcess

OpenProcess

SwitchToThread

GetCommandLineW

ExpandEnvironmentStringsW

GetExitCodeProcess

GetPrivateProfileIntW

SetEvent

CreateEventW

Process32NextW

Process32FirstW

InterlockedExchange

FindResourceExW

DebugBreak

ResetEvent

WritePrivateProfileStringW

TlsAlloc

TlsFree

TlsGetValue

TlsSetValue

SetFileAttributesW

lstrcmpW

HeapFree

HeapAlloc

GetProcessHeap

GetEnvironmentVariableW

SetFilePointer

GetSystemInfo

GlobalSize

SetErrorMode

FreeResource

GetShortPathNameW

GetSystemDefaultLCID

ReadProcessMemory

MoveFileExW

lstrcatW

lstrcpyW

GetTempFileNameW

FlushInstructionCache

GetVersionExA

InterlockedCompareExchange

IsProcessorFeaturePresent

VirtualFree

VirtualAlloc

HeapDestroy

HeapReAlloc

HeapSize

RtlUnwind

UnhandledExceptionFilter

IsDebuggerPresent

GetSystemTimeAsFileTime

ExitThread

CreateThread

FileTimeToSystemTime

FileTimeToLocalFileTime

GetDriveTypeW

VirtualProtect

VirtualQuery

GetFileAttributesA

GetCommandLineA

GetCPInfo

GetOEMCP

IsValidCodePage

GetCurrentThread

GetStdHandle

GetModuleFileNameA

FatalAppExitA

HeapCreate

ExitProcess

GetConsoleCP

GetConsoleMode

GetCurrentDirectoryA

SetCurrentDirectoryA

GetTimeZoneInformation

LCMapStringA

LCMapStringW

SetHandleCount

GetFileType

GetStartupInfoA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

QueryPerformanceCounter

FlushFileBuffers

GetStringTypeA

GetStringTypeW

GetTimeFormatA

GetDateFormatA

GetUserDefaultLCID

GetLocaleInfoA

EnumSystemLocalesA

IsValidLocale

SetConsoleCtrlHandler

GetLocaleInfoW

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

CreateFileA

SetEndOfFile

GetDriveTypeA

GetFullPathNameA

CompareStringA

lstrlenA

lstrlenW

GetSystemTime

InterlockedDecrement

SetEnvironmentVariableA

GetPrivateProfileStringW

user32

GetMenuItemCount

GetMenuItemInfoW

InsertMenuItemW

GetSysColorBrush

ShowCursor

UnregisterHotKey

RegisterHotKey

PrintWindow

EnumDisplayMonitors

EndMenu

GetMenuItemRect

RemovePropW

GetPropW

SetPropW

SetMenuItemInfoW

DrawStateW

TrackPopupMenuEx

ModifyMenuW

MessageBeep

LoadBitmapW

GetSubMenu

PostQuitMessage

ValidateRect

SetParent

IntersectRect

CharLowerBuffA

WaitForInputIdle

CreateIconFromResourceEx

CharNextA

SetActiveWindow

ScrollWindow

MonitorFromPoint

RemoveMenu

AppendMenuW

CreatePopupMenu

UnhookWindowsHookEx

CallNextHookEx

GetSystemMetrics

RegisterClipboardFormatW

GetAsyncKeyState

GetMessagePos

IsRectEmpty

GetScrollInfo

SetScrollPos

ClientToScreen

FrameRect

EnableWindow

SetWindowRgn

SetScrollInfo

GetScrollPos

DestroyCursor

DestroyIcon

GetClassLongW

SetClassLongW

MonitorFromRect

GetMonitorInfoW

CopyRect

InflateRect

WindowFromPoint

IsChild

FindWindowW

AdjustWindowRectEx

GetCapture

ReleaseCapture

GetSysColor

SetCursor

GetDlgCtrlID

EnableMenuItem

IsWindowEnabled

UpdateWindow

DrawFocusRect

SetRectEmpty

OffsetRect

SetFocus

GetWindowTextLengthW

DrawTextW

DrawIconEx

FillRect

TrackMouseEvent

CreateDialogParamW

MessageBoxW

MoveWindow

CharLowerBuffW

GetCursorPos

GetWindowThreadProcessId

GetGUIThreadInfo

GetClassNameW

PtInRect

ScreenToClient

GetFocus

ReleaseDC

TranslateMessage

DispatchMessageW

InvalidateRect

GetWindowTextW

RegisterWindowMessageW

SetRect

GetActiveWindow

LoadIconW

IsWindowVisible

GetParent

GetWindow

GetWindowRect

SystemParametersInfoW

GetClientRect

MapWindowPoints

SendMessageW

DialogBoxParamW

DestroyMenu

IsMenu

GetKeyState

CharLowerW

CreateWindowExW

GetClassInfoExW

RegisterClassExW

DeleteMenu

PeekMessageW

MsgWaitForMultipleObjects

EqualRect

UpdateLayeredWindow

SetForegroundWindow

GetForegroundWindow

AttachThreadInput

CharUpperBuffW

LoadKeyboardLayoutW

ActivateKeyboardLayout

GetMessageW

IsIconic

PostThreadMessageW

UnregisterClassA

FindWindowExW

EnumChildWindows

SendMessageA

GetUpdateRect

GetTopWindow

MenuItemFromPoint

GetMenuItemID

GetDlgItemTextW

AdjustWindowRect

GetWindowDC

SetDlgItemTextW

RedrawWindow

EnumWindows

IsDialogMessageW

LoadImageW

OpenClipboard

EmptyClipboard

SetClipboardData

CloseClipboard

DestroyWindow

LoadCursorW

KillTimer

SetTimer

PostMessageW

CharNextW

EndPaint

BeginPaint

DefWindowProcW

LoadStringW

SetWindowPos

IsWindow

GetDlgItem

ShowWindow

GetDC

SetWindowTextW

GetWindowLongW

SetWindowLongW

CallWindowProcW

EndDialog

CharUpperW

CreateMenu

InsertMenuW

SetCapture

TrackPopupMenu

SetWindowsHookExW

gdi32

GetTextMetricsW

PatBlt

GetTextColor

CreateRoundRectRgn

FillRgn

CreateRectRgn

SetPixel

Rectangle

SetROP2

CreateDCW

CreateFontW

CreateBitmap

ExcludeClipRect

GetDeviceCaps

DPtoLP

GetObjectW

CreatePen

LineTo

MoveToEx

SelectObject

GetClipBox

CreateCompatibleBitmap

ExtTextOutW

RoundRect

RestoreDC

SaveDC

GetCurrentObject

CreatePolygonRgn

CreateSolidBrush

CreateFontIndirectW

GetTextExtentPoint32W

TextOutW

GetPixel

SetTextColor

ExtCreateRegion

CombineRgn

SetStretchBltMode

StretchBlt

DeleteObject

GetStockObject

BitBlt

SetBkColor

SetBkMode

DeleteDC

CreateDIBSection

GetDIBits

CreateCompatibleDC

SetViewportOrgEx

advapi32

RegQueryInfoKeyW

GetSecurityDescriptorSacl

SetSecurityInfo

EqualSid

GetUserNameW

RegSetKeySecurity

RegEnumKeyW

AllocateAndInitializeSid

InitializeAcl

AddAce

InitializeSecurityDescriptor

SetSecurityDescriptorDacl

FreeSid

RegGetKeySecurity

GetTokenInformation

CopySid

RegCreateKeyW

RegOpenKeyW

OpenProcessToken

DuplicateTokenEx

ConvertStringSidToSidW

ConvertStringSecurityDescriptorToSecurityDescriptorW

RegCloseKey

RegDeleteKeyW

RegDeleteValueW

RegCreateKeyExW

RegOpenKeyExW

RegSetValueExW

RegEnumKeyExW

RegQueryValueExW

RegEnumValueW

CreateProcessAsUserW

SetTokenInformation

GetLengthSid

shell32

ShellExecuteW

DragQueryFileA

DuplicateIcon

SHFileOperationW

ShellExecuteExW

SHCreateDirectoryExW

ExtractIconW

SHGetMalloc

SHGetFileInfoW

SHGetDesktopFolder

SHGetSpecialFolderLocation

SHGetFolderPathW

SHGetSpecialFolderPathW

ole32

OleUninitialize

OleInitialize

CreateStreamOnHGlobal

OleDraw

CoCreateGuid

RegisterDragDrop

OleDuplicateData

ReleaseStgMedium

RevokeDragDrop

CLSIDFromProgID

StringFromGUID2

CoTaskMemFree

CoTaskMemRealloc

CoTaskMemAlloc

CoCreateInstance

CoInitialize

DoDragDrop

CoUninitialize

GetHGlobalFromStream

oleaut32

VariantClear

SysAllocString

SysAllocStringByteLen

SysStringByteLen

SysAllocStringLen

VarBstrCmp

VariantCopy

LoadTypeLi

UnRegisterTypeLi

VariantInit

VarUI4FromStr

LoadRegTypeLi

VarBstrCat

VarCmp

SafeArrayDestroy

SafeArrayUnaccessData

SafeArrayAccessData

SafeArrayCreate

SysFreeString

RegisterTypeLi

SysStringLen

SetErrorInfo

VariantChangeType

GetErrorInfo

CreateErrorInfo

msimg32

AlphaBlend

GradientFill

gdiplus

GdipCreateBitmapFromScan0

GdipCloneImage

GdiplusShutdown

GdipDisposeImage

GdipGetImageEncoders

GdipGetImageEncodersSize

GdipCreateBitmapFromHBITMAP

GdipSaveImageToFile

GdipAlloc

GdiplusStartup

GdipFree

uxtheme

DrawThemeBackground

OpenThemeData

CloseThemeData

Exports

ClearDefSearch

ClearHomePage

CloseIEUpdate

DllCanUnloadNow

DllCreateObject

DllGetClassObject

DllRegisterServer

MyCopyFile

RunOnceRemove

RunOnceUpdate

SVCUninstall

SetDefSearch

SetHomePageToBaidu

ShowWebMsg

Uninstall

UpdateBaiduToolbar

UpdateBaiduToolbarWithUI

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 772KB - Virtual size: 771KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BarBroker.exe

.exe windows:4 windows x86 arch:x86

118d99c3f6c480f98032ef338c8ef1ff

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

dbghelp

SymGetOptions

SymSetOptions

StackWalk

SymGetModuleInfo

SymFunctionTableAccess

SymInitialize

SymLoadModule

wininet

InternetCrackUrlW

InternetCloseHandle

InternetOpenA

InternetSetOptionA

InternetConnectA

HttpOpenRequestA

HttpAddRequestHeadersA

HttpSendRequestExA

InternetWriteFile

HttpEndRequestA

kernel32

GetStringTypeW

GetStringTypeA

FlushFileBuffers

GetSystemTimeAsFileTime

GetTickCount

QueryPerformanceCounter

GetCommandLineA

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

LCMapStringW

LCMapStringA

GetStartupInfoA

GetFileType

SetHandleCount

LocalFree

InitializeCriticalSection

DeleteCriticalSection

EnterCriticalSection

LeaveCriticalSection

FreeLibrary

GetProcAddress

LoadLibraryW

CloseHandle

WaitForSingleObject

WideCharToMultiByte

lstrlenW

RaiseException

GetLastError

InterlockedDecrement

lstrcmpiW

SetEvent

CreateThread

CreateEventW

GetModuleFileNameW

InterlockedIncrement

lstrlenA

DebugBreak

OutputDebugStringW

MultiByteToWideChar

SizeofResource

LoadResource

FindResourceW

LoadLibraryExW

GetModuleHandleW

Sleep

GetCurrentThreadId

GetCommandLineW

VirtualFreeEx

CreateRemoteThread

WriteProcessMemory

VirtualAllocEx

OpenProcess

GetModuleFileNameA

VirtualQueryEx

UnmapViewOfFile

FlushInstructionCache

GetCurrentProcess

MapViewOfFile

CreateFileMappingW

SetLastError

CreateFileW

DeleteFileW

GetTempPathW

ReadFile

GetFileSize

InterlockedExchange

GetSystemDefaultLCID

GetVersionExW

WriteFile

GlobalFree

GlobalAlloc

GetCurrentProcessId

SetFilePointer

GetShortPathNameW

FindClose

FindFirstFileW

ExitProcess

TlsFree

TlsSetValue

TlsAlloc

TlsGetValue

GetModuleHandleA

GetStartupInfoW

GetFileAttributesA

GetDriveTypeW

FileTimeToLocalFileTime

FileTimeToSystemTime

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

HeapReAlloc

RtlUnwind

VirtualAlloc

VirtualFree

IsProcessorFeaturePresent

LoadLibraryA

HeapAlloc

GetProcessHeap

HeapFree

InterlockedCompareExchange

GetVersionExA

GetStdHandle

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

HeapSize

GetConsoleCP

GetLocaleInfoA

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

SetStdHandle

HeapDestroy

GetTimeZoneInformation

CreateFileA

SetEndOfFile

GetDriveTypeA

CompareStringA

CompareStringW

SetEnvironmentVariableA

HeapCreate

OpenThread

GetConsoleMode

GetFullPathNameW

GetCurrentDirectoryA

user32

CharLowerBuffW

GetSystemMetrics

LoadImageW

GetParent

GetWindow

GetWindowRect

SystemParametersInfoW

GetClientRect

MapWindowPoints

SetWindowPos

SendMessageW

GetDlgItem

ShowWindow

GetWindowLongW

GetActiveWindow

DestroyWindow

EndDialog

DialogBoxParamW

LoadStringW

SetWindowLongW

GetMessageW

TranslateMessage

DispatchMessageW

CharNextW

PostThreadMessageW

UnregisterClassA

advapi32

RegOpenKeyW

RegCreateKeyW

OpenProcessToken

GetTokenInformation

AllocateAndInitializeSid

EqualSid

FreeSid

RegQueryValueExW

RegEnumKeyExW

RegQueryInfoKeyW

RegSetValueExW

RegOpenKeyExW

RegCreateKeyExW

RegDeleteValueW

RegDeleteKeyW

RegCloseKey

ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

SHGetFolderPathW

ShellExecuteExW

ole32

CoInitialize

CoUninitialize

StringFromGUID2

CoTaskMemFree

CoRegisterClassObject

CoRevokeClassObject

CoTaskMemRealloc

CoCreateInstance

CoTaskMemAlloc

oleaut32

UnRegisterTypeLi

LoadTypeLi

SysAllocString

SysFreeString

SysStringLen

VarUI4FromStr

RegisterTypeLi

shlwapi

PathFileExistsW

StrCmpNIW

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/rc.dll

.dll windows:4 windows x86 arch:x86

d811d71710ad58776155b7a8da1fa9db

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId

GetCommandLineA

HeapFree

GetVersionExA

HeapAlloc

GetProcessHeap

GetProcAddress

GetModuleHandleA

ExitProcess

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetLastError

InterlockedDecrement

Sleep

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

DeleteCriticalSection

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

WriteFile

LeaveCriticalSection

EnterCriticalSection

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

LoadLibraryA

InitializeCriticalSection

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

VirtualAlloc

HeapReAlloc

RtlUnwind

HeapSize

MultiByteToWideChar

GetLocaleInfoA

GetStringTypeA

GetStringTypeW

LCMapStringA

LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 444KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

$PROGRAM_FILES/Baidu/conf.xml

.xml

KwMusic.exe

.exe windows:5 windows x86 arch:x86

9547b090d1419a87e737bcbdaf9459ee

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:97:6f:4d:33:fc:96:a6:ef:01:72:20:75:ea:54:6c:fc:c0:8f:86
Signer

Actual PE Digest

f0:97:6f:4d:33:fc:96:a6:ef:01:72:20:75:ea:54:6c:fc:c0:8f:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringA

CloseHandle

WritePrivateProfileStringA

FindFirstFileA

FindClose

GetModuleFileNameA

GetSystemDirectoryA

CreateProcessA

GetProcessHeap

SetEndOfFile

RaiseException

RtlUnwind

GetCommandLineA

GetStartupInfoA

HeapAlloc

GetLastError

HeapFree

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetModuleHandleW

GetProcAddress

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

Sleep

HeapSize

ExitProcess

EnterCriticalSection

LeaveCriticalSection

SetHandleCount

GetStdHandle

GetFileType

DeleteCriticalSection

WriteFile

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

VirtualAlloc

HeapReAlloc

SetFilePointer

GetConsoleCP

GetConsoleMode

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

LoadLibraryA

InitializeCriticalSectionAndSpinCount

SetStdHandle

FlushFileBuffers

MultiByteToWideChar

ReadFile

CreateFileA

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

LCMapStringA

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

user32

MessageBoxA

advapi32

RegOpenKeyExA

RegSetValueExA

RegCreateKeyExA

RegCloseKey

RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ShellExecuteA

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

Microsoft.VC90.CRT.manifest

Microsoft.VC90.MFC.manifest

bin/AdbWinApi.dll

.dll windows:6 windows x86 arch:x86

c64cac39044626770353879245ea25e4

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:8e:ec:b8:71:f3:54:1d:8d:23:fa:6f:ef:41:75:99:a0:70:3f:7b
Signer

Actual PE Digest

2a:8e:ec:b8:71:f3:54:1d:8d:23:fa:6f:ef:41:75:99:a0:70:3f:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

c:\code\android\donut\development\host\windows\usb\api\objfre_wxp_x86\i386\AdbWinApi.pdb

Imports

ole32

CoCreateInstance

kernel32

GetACP

SetLastError

CloseHandle

GetLastError

DeviceIoControl

WriteFile

ReadFile

GetOverlappedResult

CreateFileW

WideCharToMultiByte

Sleep

InterlockedIncrement

InterlockedDecrement

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

GetProcAddress

LoadLibraryW

GetFileAttributesW

GetSystemDirectoryW

RaiseException

FreeLibrary

InterlockedExchange

InitializeCriticalSectionAndSpinCount

GetCommandLineA

GetVersionExA

RtlUnwind

HeapFree

HeapAlloc

GetModuleHandleA

ExitProcess

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

GetCurrentThreadId

SetHandleCount

GetStdHandle

GetFileType

GetStartupInfoA

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

GetEnvironmentStringsW

HeapDestroy

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

GetCPInfo

GetOEMCP

OutputDebugStringA

VirtualAlloc

HeapReAlloc

HeapSize

LoadLibraryA

GetModuleHandleW

LCMapStringA

MultiByteToWideChar

LCMapStringW

GetStringTypeA

GetStringTypeW

GetLocaleInfoA

SetFilePointer

GetConsoleCP

GetConsoleMode

VirtualProtect

GetSystemInfo

VirtualQuery

SetStdHandle

WriteConsoleA

GetConsoleOutputCP

WriteConsoleW

CreateFileA

FlushFileBuffers

setupapi

SetupDiGetClassDevsW

SetupDiDestroyDeviceInfoList

SetupDiEnumDeviceInterfaces

SetupDiGetDeviceInterfaceDetailW

Exports

??0AdbEndpointObject@@QAE@ABV0@@Z

??0AdbEndpointObject@@QAE@PAVAdbInterfaceObject@@EE@Z

??0AdbIOCompletion@@QAE@ABV0@@Z

??0AdbIOCompletion@@QAE@PAVAdbEndpointObject@@KPAX@Z

??0AdbInterfaceObject@@QAE@ABV0@@Z

??0AdbInterfaceObject@@QAE@PBG@Z

??0AdbObjectHandle@@QAE@ABV0@@Z

??0AdbObjectHandle@@QAE@W4AdbObjectType@@@Z

??1AdbEndpointObject@@MAE@XZ

??1AdbIOCompletion@@MAE@XZ

??1AdbInterfaceObject@@MAE@XZ

??1AdbObjectHandle@@MAE@XZ

??4AdbEndpointObject@@QAEAAV0@ABV0@@Z

??4AdbIOCompletion@@QAEAAV0@ABV0@@Z

??4AdbInterfaceObject@@QAEAAV0@ABV0@@Z

??4AdbObjectHandle@@QAEAAV0@ABV0@@Z

??_7AdbEndpointObject@@6B@

??_7AdbIOCompletion@@6B@

??_7AdbInterfaceObject@@6B@

??_7AdbObjectHandle@@6B@

?AddRef@AdbObjectHandle@@UAEJXZ

?AsyncRead@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z

?AsyncWrite@AdbEndpointObject@@UAEPAXPAXKPAK0K@Z

?CloseHandle@AdbObjectHandle@@UAE_NXZ

?CreateHandle@AdbObjectHandle@@UAEPAXXZ

?GetEndpointInformation@AdbEndpointObject@@UAE_NPAU_AdbEndpointInformation@@@Z

?GetInterfaceName@AdbInterfaceObject@@UAE_NPAXPAK_N@Z

?GetParentInterfaceHandle@AdbEndpointObject@@QBEPAXXZ

?GetParentObjectHandle@AdbIOCompletion@@QBEPAXXZ

?GetUsbConfigurationDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_CONFIGURATION_DESCRIPTOR@@@Z

?GetUsbDeviceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_DEVICE_DESCRIPTOR@@@Z

?GetUsbInterfaceDescriptor@AdbInterfaceObject@@UAE_NPAU_USB_INTERFACE_DESCRIPTOR@@@Z

?IsCompleted@AdbIOCompletion@@UAE_NXZ

?IsObjectOfType@AdbObjectHandle@@UBE_NW4AdbObjectType@@@Z

?IsOpened@AdbObjectHandle@@QBE_NXZ

?LastReferenceReleased@AdbObjectHandle@@MAEXXZ

?Lookup@AdbObjectHandle@@SGPAV1@PAX@Z

?Release@AdbObjectHandle@@UAEJXZ

?SyncRead@AdbEndpointObject@@UAE_NPAXKPAKK@Z

?SyncWrite@AdbEndpointObject@@UAE_NPAXKPAKK@Z

?Type@AdbEndpointObject@@SG?AW4AdbObjectType@@XZ

?Type@AdbIOCompletion@@SG?AW4AdbObjectType@@XZ

?Type@AdbInterfaceObject@@SG?AW4AdbObjectType@@XZ

?adb_handle@AdbObjectHandle@@QBEPAXXZ

?endpoint_id@AdbEndpointObject@@QBEEXZ

?endpoint_index@AdbEndpointObject@@QBEEXZ

?interface_name@AdbInterfaceObject@@QBEABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@XZ

?object_type@AdbObjectHandle@@QBE?AW4AdbObjectType@@XZ

?overlapped@AdbIOCompletion@@QAEPAU_OVERLAPPED@@XZ

?parent_interface@AdbEndpointObject@@QBEPAVAdbInterfaceObject@@XZ

?parent_io_object@AdbIOCompletion@@QBEPAVAdbEndpointObject@@XZ

?usb_config_descriptor@AdbInterfaceObject@@QBEPBU_USB_CONFIGURATION_DESCRIPTOR@@XZ

?usb_device_descriptor@AdbInterfaceObject@@QBEPBU_USB_DEVICE_DESCRIPTOR@@XZ

?usb_interface_descriptor@AdbInterfaceObject@@QBEPBU_USB_INTERFACE_DESCRIPTOR@@XZ

AdbCloseHandle

AdbCreateInterface

AdbCreateInterfaceByName

AdbEnumInterfaces

AdbGetDefaultBulkReadEndpointInformation

AdbGetDefaultBulkWriteEndpointInformation

AdbGetEndpointInformation

AdbGetEndpointInterface

AdbGetInterfaceName

AdbGetOvelappedIoResult

AdbGetSerialNumber

AdbGetUsbConfigurationDescriptor

AdbGetUsbDeviceDescriptor

AdbGetUsbInterfaceDescriptor

AdbHasOvelappedIoComplated

AdbNextInterface

AdbOpenDefaultBulkReadEndpoint

AdbOpenDefaultBulkWriteEndpoint

AdbOpenEndpoint

AdbQueryInformationEndpoint

AdbReadEndpointAsync

AdbReadEndpointSync

AdbResetInterfaceEnum

AdbWriteEndpointAsync

AdbWriteEndpointSync

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CKuwoPlayer.dll

.dll windows:5 windows x86 arch:x86

8e4880f7ceeb969715f545f8789e05e6

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:47:4a:8e:36:9b:fe:12:30:f9:53:79:a1:4e:59:59:c3:3d:d3:1b
Signer

Actual PE Digest

59:47:4a:8e:36:9b:fe:12:30:f9:53:79:a1:4e:59:59:c3:3d:d3:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\CKuwoPlayer.pdb

Imports

winmm

timeEndPeriod

timeGetDevCaps

timeBeginPeriod

mfc90

ord266

ord1062

ord798

ord1144

ord265

ord1607

ord310

ord601

ord800

ord5997

ord605

ord1278

ord321

ord1243

ord1241

ord1268

ord1180

ord1233

ord2084

ord391

ord1152

ord1277

ord1275

ord1145

ord1075

ord1137

ord322

ord801

ord1087

msvcr90

__clean_type_info_names_internal

_except_handler4_common

_purecall

__CxxFrameHandler3

??0exception@std@@QAE@ABQBD@Z

?what@exception@std@@UBEPBDXZ

??1exception@std@@UAE@XZ

??0exception@std@@QAE@XZ

_invalid_parameter_noinfo

_CxxThrowException

??0exception@std@@QAE@ABV01@@Z

atoi

atof

strncpy

iswspace

sprintf

_crt_debugger_hook

memset

_msize

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

_CIcos

_CIsin

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

_vscprintf

vsprintf

tolower

strncmp

fprintf

fopen

fread

fclose

strrchr

_stat64

strstr

_mbsrchr

toupper

memcpy

_snprintf

memmove_s

_CIsqrt

_CIlog10

_stricmp

kernel32

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

InterlockedExchange

LocalAlloc

LocalFree

GetFileAttributesA

CreateProcessA

lstrcpynA

FindNextFileA

FindClose

GetModuleFileNameA

GetTickCount

QueryPerformanceCounter

WaitForSingleObject

TerminateThread

CloseHandle

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

Sleep

GetLastError

GetCurrentThreadId

GetWindowsDirectoryA

LoadLibraryA

GetProcAddress

FreeLibrary

DeleteCriticalSection

GetSystemTimeAsFileTime

CreateThread

FindFirstFileA

GetCurrentProcessId

user32

CreateWindowExA

GetMessageA

PostMessageA

RegisterClassA

IsChild

TranslateMessage

DispatchMessageA

PostQuitMessage

DefWindowProcA

MessageBoxA

CopyRect

DestroyWindow

GetParent

gdi32

GetStockObject

shlwapi

PathFileExistsA

ole32

CoUninitialize

msvcp90

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?good@ios_base@std@@QBE_NXZ

?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ

?uncaught_exception@std@@YA_NXZ

??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ

?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JH@Z

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z

?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z

?push_back@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXD@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z

?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?width@ios_base@std@@QAEHH@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z

?eof@?$char_traits@D@std@@SAHXZ

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?flags@ios_base@std@@QBEHXZ

??7ios_base@std@@QBE_NXZ

?width@ios_base@std@@QBEHXZ

?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwdatadef

??0SONG_INFO@@QAE@XZ

?Init@SONG_INFO@@QAEXXZ

??1SONG_INFO@@QAE@XZ

kwmodconfig

AfxGetConfigManager

Exports

CreateKuwoPlayer

GetKuwoPlayerMediaPluginConfig

GetMeidaPluginManagerFactory

ReleaseKuwoPlayer

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CWmpPlayer.dll

.dll windows:5 windows x86 arch:x86

ffa030b08ed1f9b091f130d76d941a26

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

83:09:24:c1:d0:4e:77:b8:59:ac:8d:6f:33:34:1b:71:be:43:68:61
Signer

Actual PE Digest

83:09:24:c1:d0:4e:77:b8:59:ac:8d:6f:33:34:1b:71:be:43:68:61

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\CWmpPlayer.pdb

Imports

mfc90

ord3346

ord796

ord1728

ord2069

ord744

ord3732

ord524

ord4513

ord4529

ord4030

ord2795

ord5139

ord4688

ord1729

ord6446

ord5668

ord5666

ord958

ord963

ord967

ord965

ord969

ord2610

ord2630

ord2614

ord2620

ord2618

ord2616

ord2633

ord2628

ord2612

ord2635

ord2623

ord2605

ord2607

ord6391

ord2375

ord2368

ord1644

ord6784

ord4160

ord6782

ord3671

ord5389

ord6356

ord3218

ord1446

ord5608

ord2139

ord1792

ord1791

ord5633

ord2766

ord2978

ord3107

ord4714

ord2961

ord3135

ord2769

ord2888

ord2759

ord3277

ord4066

ord4067

ord4057

ord2886

ord4334

ord4895

ord4667

ord595

ord3940

ord4281

ord1755

ord1752

ord4331

ord1497

ord4650

ord5585

ord2074

ord5497

ord4589

ord6780

ord2625

ord5647

ord1746

ord3949

ord2592

ord798

ord2470

ord800

msvcr90

_stricmp

__clean_type_info_names_internal

_except_handler4_common

_crt_debugger_hook

?_type_info_dtor_internal_method@type_info@@QAEXXZ

?terminate@@YAXXZ

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

strrchr

memset

_mbsicmp

_mbsstr

_mbsnbcpy

memmove_s

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

_invalid_parameter_noinfo

_purecall

__CxxFrameHandler3

??0exception@std@@QAE@XZ

??1exception@std@@UAE@XZ

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBD@Z

_strnicmp

kernel32

GetCurrentProcess

GetLastError

lstrlenW

MultiByteToWideChar

WaitForSingleObject

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

DisableThreadLibraryCalls

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

WideCharToMultiByte

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

GetWindowsDirectoryA

CreateFileA

CloseHandle

lstrcpyA

lstrcatA

CreateProcessA

user32

ShowWindow

IsWindow

EnableWindow

GetParent

KillTimer

SetTimer

GetClientRect

GetWindowRect

CopyRect

oleaut32

SysFreeString

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Exports

?CreateMediaAudioPlayer@@YAPAVIMediaAudioPlayer@@XZ

?CreateMediaVideoPlayer@@YAPAVIMediaVideoPlayer@@XZ

?ReleaseMediaAudioPlayer@@YAXPAVIMediaAudioPlayer@@@Z

?ReleaseMediaVideoPlayer@@YAXPAVIMediaVideoPlayer@@@Z

CreateWmpPlayer

ReleaseWmpPlayer

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/CoreAVC0.ax

.dll regsvr32 windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4
Signer

Actual PE Digest

92:c8:5c:3a:53:e1:48:67:69:9a:2c:04:95:b0:a0:31:37:1d:57:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

Exports

Configure

DllCanUnloadNow

DllGetClassObject

DllRegisterServer

DllUnregisterServer

Sections

.
Size: - Virtual size: 788KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

bin/DshowPlayer.dll

.dll windows:5 windows x86 arch:x86

c2fc6c65c65dee68f090be73650dc20a

Code Sign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

00:1a:0f:68:5f:73:08:e2:35:6e:5c:5f:4a:af:b7:58:38:fb:31:c9
Signer

Actual PE Digest

00:1a:0f:68:5f:73:08:e2:35:6e:5c:5f:4a:af:b7:58:38:fb:31:c9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\DshowPlayer.pdb

Imports

mfc90

ord4199

ord2087

ord3209

ord5657

ord5659

ord800

ord2447

ord4333

ord4981

ord5663

ord5646

ord6001

ord2766

ord2978

ord3107

ord4714

ord2961

ord5813

ord4197

ord2888

ord944

ord4066

ord4067

ord4057

ord2886

ord4334

ord4890

ord4667

ord3659

ord589

ord4029

ord310

ord2480

ord820

ord5963

ord4392

ord6721

ord5533

ord1046

ord4165

ord6018

ord2206

ord2251

ord4733

ord6781

ord4159

ord6783

ord4409

ord4434

ord3110

ord793

ord817

ord945

ord2769

ord1087

ord801

ord316

ord4477

ord5997

ord2759

ord3213

ord305

ord6613

ord3178

ord910

ord1611

ord601

ord798

ord1603

ord605

ord1278

ord321

ord1243

ord1241

ord1268

ord1180

ord1233

ord2084

ord391

ord1152

ord1277

ord1275

ord1145

ord1075

ord1137

ord322

msvcr90

__clean_type_info_names_internal

_crt_debugger_hook

?terminate@@YAXXZ

__CppXcptFilter

_adjust_fdiv

_amsg_exit

_initterm_e

_initterm

_encoded_null

free

_malloc_crt

_except_handler4_common

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

_CIlog10

strstr

memset

__CxxFrameHandler3

_purecall

?_type_info_dtor_internal_method@type_info@@QAEXXZ

kernel32

Sleep

FreeLibrary

GetProcAddress

CloseHandle

WaitForSingleObject

CreateProcessA

MultiByteToWideChar

LoadLibraryA

UnhandledExceptionFilter

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

GetVersionExA

GetCurrentProcess

TerminateProcess

InterlockedCompareExchange

InterlockedExchange

LocalAlloc

LocalFree

GetLastError

GetModuleFileNameA

GetWindowsDirectoryA

user32

CreateWindowExA

GetMessageA

TranslateMessage

DispatchMessageA

PostQuitMessage

DefWindowProcA

GetParent

SendMessageA

CallWindowProcA

SetWindowLongA

GetClientRect

GetDC

ReleaseDC

RegisterClassA

gdi32

GetStockObject

shlwapi

PathFileExistsA

ole32

CoUninitialize

CoInitialize

CoCreateInstance

oleaut32

VariantInit

VariantClear

msvcp90

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwlib

?IsIE9OrHigher@utility@KwLib@@YAHXZ

kwmodconfig

AfxGetConfigManager

Exports

GetDshowPlayer

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/Encode.exe

.exe windows:5 windows x86 arch:x86

da51d131c2d14a263ced57385b829735

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

a7:9f:1c:81:96:85:4d:6e:17:22:b4:d3:79:a5:91:52:37:e5:18:29
Signer

Actual PE Digest

a7:9f:1c:81:96:85:4d:6e:17:22:b4:d3:79:a5:91:52:37:e5:18:29

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\MusicBoxV5\Main\KwResource\bin\release\pdb\Encode.pdb

Imports

kernel32

FreeLibrary

GetProcAddress

LoadLibraryA

FlushFileBuffers

CloseHandle

CreateFileA

WriteConsoleW

GetConsoleOutputCP

RaiseException

RtlUnwind

GetCommandLineA

HeapAlloc

GetLastError

HeapFree

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

GetCurrentThreadId

InterlockedDecrement

Sleep

HeapSize

ExitProcess

WriteFile

GetStdHandle

GetModuleFileNameA

FreeEnvironmentStringsA

GetEnvironmentStrings

FreeEnvironmentStringsW

WideCharToMultiByte

GetEnvironmentStringsW

SetHandleCount

GetFileType

GetStartupInfoA

DeleteCriticalSection

HeapCreate

VirtualFree

QueryPerformanceCounter

GetTickCount

GetCurrentProcessId

GetSystemTimeAsFileTime

LeaveCriticalSection

EnterCriticalSection

VirtualAlloc

HeapReAlloc

GetCPInfo

GetACP

GetOEMCP

IsValidCodePage

SetFilePointer

GetConsoleCP

GetConsoleMode

InitializeCriticalSectionAndSpinCount

GetLocaleInfoA

GetStringTypeA

MultiByteToWideChar

GetStringTypeW

LCMapStringA

LCMapStringW

SetStdHandle

WriteConsoleA

kwlog

?YL_Log@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H0PBDZZ

kwlib

?GetKwPath@Dir@KwLib@@YAHW4Path_Type@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?GetUserID@UserId@KwLib@@YA_NQADH@Z

?GetInstallSRC@UserId@KwLib@@YA_NQADH@Z

?Base64Encode@Base64@KwLib@@YAHPADPBDH1@Z

kwmodconfig

AfxGetConfigManager

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

bin/KuwoDaemon.apk

.apk android

cn.kuwo.service

Permissions

android.permission.INTERNET

android.permission.RECEIVE_BOOT_COMPLETED

Receivers

StartupReceiver

cn.kuwo.action.START_SYNC_SERVICE

cn.kuwo.action.STOP_SYNC_SERVICE

android.intent.action.BOOT_COMPLETED

Services

bin/KuwoSyncMobile.dll

.dll windows:5 windows x86 arch:x86

f5715e27935fa8d26da66f735b304257

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

49:13:9f:14:c1:e1:d9:16:ac:85:8c:a2:01:3c:10:f1:3a:5b:6e:ca
Signer

Actual PE Digest

49:13:9f:14:c1:e1:d9:16:ac:85:8c:a2:01:3c:10:f1:3a:5b:6e:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\KuwoSyncMobile.pdb

Imports

kernel32

CreateProcessA

DuplicateHandle

CreatePipe

GetCurrentProcess

ReadFile

Process32Next

Process32First

CreateToolhelp32Snapshot

WideCharToMultiByte

CloseHandle

GetSystemTimeAsFileTime

GetCurrentProcessId

GetCurrentThreadId

GetTickCount

QueryPerformanceCounter

IsDebuggerPresent

SetUnhandledExceptionFilter

UnhandledExceptionFilter

TerminateProcess

InterlockedCompareExchange

Sleep

InterlockedExchange

MultiByteToWideChar

WaitForSingleObject

user32

WaitForInputIdle

ws2_32

inet_addr

connect

closesocket

socket

htons

htonl

send

ntohl

recv

msvcr90

_encoded_null

_initterm

_initterm_e

_amsg_exit

_adjust_fdiv

free

_crt_debugger_hook

?terminate@@YAXXZ

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_except_handler4_common

__clean_type_info_names_internal

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

printf

??_U@YAPAXI@Z

??_V@YAXPAX@Z

isspace

??2@YAPAXI@Z

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

_invalid_parameter_noinfo

??0exception@std@@QAE@XZ

??3@YAXPAX@Z

strstr

strrchr

??1exception@std@@UAE@XZ

strchr

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBD@Z

_access

fopen

fseek

ftell

fclose

fread

feof

ferror

memcpy

_snprintf

__CppXcptFilter

__CxxFrameHandler3

memset

_unlock

_stricmp

msvcp90

??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z

??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z

?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ

??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z

??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ

?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z

?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z

?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z

?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

?uncaught_exception@std@@YA_NXZ

?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ

?_Unlock@_Mutex@std@@QAEXXZ

?_Lock@_Mutex@std@@QAEXXZ

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB

?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

kwlib

?GetKwPath@Dir@KwLib@@YAHW4Path_Type@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

Exports

CopyFileToMobile

DownloadDriver

ExitAdbSafely

GetKwTTInfoFromMobile

IndentifyMobileDevice

InstallDriver

InstallKwServicePackage

InstallKwTTPackage

IsMobileExtracted

QuerySongFileExists

ScanMobileDevices

StartAdbService

UpdateKwTTPackage

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/KwAni.dll

.dll windows:5 windows x86 arch:x86

da76944fe7c41bfb041ed1007ab49887

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:fb:a9:d9:cd:b8:27:c5:7c:1b:ba:e3:cb:74:27:7f:57:8f:c6:15
Signer

Actual PE Digest

76:fb:a9:d9:cd:b8:27:c5:7c:1b:ba:e3:cb:74:27:7f:57:8f:c6:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\KwAni.pdb

Imports

kernel32

CompareStringA

SetEndOfFile

WriteConsoleW

GetConsoleOutputCP

WriteConsoleA

CreateFileA

FlushFileBuffers

SetStdHandle

InitializeCriticalSectionAndSpinCount

GetConsoleMode

GetConsoleCP

GetLocaleInfoA

CompareStringW

VirtualAlloc

GetSystemTimeAsFileTime

GetTickCount

QueryPerformanceCounter

VirtualFree

HeapCreate

GetEnvironmentStringsW

FreeEnvironmentStringsW

GetEnvironmentStrings

FreeEnvironmentStringsA

GetStringTypeW

GetStringTypeA

GetStartupInfoA

GetFileType

SetHandleCount

SetEnvironmentVariableA

VirtualProtectEx

WriteProcessMemory

VirtualQueryEx

lstrcmpiW

lstrcmpiA

GetCurrentProcessId

CreateToolhelp32Snapshot

Thread32First

Thread32Next

lstrlenA

lstrcpyA

WideCharToMultiByte

FindResourceExA

FindResourceA

LoadResource

SizeofResource

FreeResource

LockResource

IsBadCodePtr

GetModuleHandleA

GetProcAddress

IsBadReadPtr

GlobalLock

GlobalUnlock

SetFilePointer

CloseHandle

ReadFile

ExitProcess

Sleep

LCMapStringW

MultiByteToWideChar

LCMapStringA

IsValidCodePage

GlobalAlloc

GetOEMCP

GetACP

GetCPInfo

GetModuleFileNameA

GetStdHandle

GlobalFree

LoadLibraryA

WriteFile

HeapDestroy

HeapAlloc

HeapFree

HeapReAlloc

HeapSize

GetProcessHeap

RaiseException

EnterCriticalSection

LeaveCriticalSection

InitializeCriticalSection

DeleteCriticalSection

TerminateProcess

GetCurrentProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

RtlUnwind

GetCurrentThreadId

GetCommandLineA

GetLastError

GetModuleHandleW

TlsGetValue

TlsAlloc

TlsSetValue

TlsFree

InterlockedIncrement

SetLastError

InterlockedDecrement

user32

GetCursorPos

EqualRect

GetLayeredWindowAttributes

SetRect

GetWindowLongA

DefWindowProcA

ValidateRect

MoveWindow

WindowFromPoint

GetActiveWindow

ShowWindow

UpdateLayeredWindow

BeginPaint

EndPaint

GetParent

SetLayeredWindowAttributes

DestroyWindow

ScreenToClient

IsWindowEnabled

SetPropA

SetWindowRgn

SetWindowPos

GetWindowTextA

SetWindowTextA

MonitorFromWindow

GetMonitorInfoA

GetPropA

RemovePropA

WindowFromDC

IntersectRect

OffsetRect

GetDesktopWindow

GetDC

ReleaseDC

IsWindowVisible

PtInRect

GetClassLongA

CreateWindowExA

SetTimer

RegisterClassExA

SetWindowLongA

PostMessageA

TrackMouseEvent

InvalidateRect

LoadCursorA

SetClassLongA

CallWindowProcA

IsWindow

GetWindowRect

SendMessageA

ClientToScreen

GetWindow

GetWindowThreadProcessId

EnumWindows

GetClientRect

CopyRect

ReleaseCapture

SetCapture

gdi32

GetTextExtentExPointA

GetBkMode

SetTextColor

GetTextExtentPoint32A

CreatePen

MoveToEx

LineTo

SetBkMode

TextOutA

CreateFontIndirectA

CreateSolidBrush

CreateRectRgn

CombineRgn

StretchBlt

GetCurrentObject

GetObjectA

SetDIBitsToDevice

GetClipBox

SetBkColor

CreateRectRgnIndirect

ExtSelectClipRgn

SetStretchBltMode

RealizePalette

GetDIBits

ExtTextOutA

BitBlt

CreateCompatibleDC

CreateDIBSection

SelectObject

DeleteObject

DeleteDC

shell32

ShellExecuteA

SHCreateDirectoryExA

ole32

CreateStreamOnHGlobal

oleaut32

OleLoadPicture

shlwapi

PathFileExistsA

msimg32

TransparentBlt

AlphaBlend

winmm

timeSetEvent

timeKillEvent

comctl32

InitCommonControlsEx

dbghelp

ImageDirectoryEntryToData

Exports

GetKwAni

Sections

.text
Size: 452KB - Virtual size: 452KB

IMAGE_SCN_CNT_CODE

IMAGE_SCN_MEM_EXECUTE

IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA

IMAGE_SCN_MEM_DISCARDABLE

IMAGE_SCN_MEM_READ

bin/KwCommonUI.dll

.dll windows:5 windows x86 arch:x86

b706ef542dd837f2c838a02a865914a5

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

KeyUsageContentCommitment

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign

KeyUsageCRLSign

27:44:c0:b5:76:7c:8e:59:14:a9:ec:be:07:49:c7:02
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-12-2009 00:00

Not After

02-12-2011 23:59

Subject

CN=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=BEIJING KUWO TECHNOLOGY CO.\,LTD.\ ,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fd:10:3f:a2:7e:13:ec:a0:30:d1:c7:94:05:f1:77:c7:46:42:9e:d9
Signer

Actual PE Digest

fd:10:3f:a2:7e:13:ec:a0:30:d1:c7:94:05:f1:77:c7:46:42:9e:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE

IMAGE_FILE_32BIT_MACHINE

IMAGE_FILE_DLL

PDB Paths

e:\正式发布打包(勿动)\521_金秋版\金秋版_全面替换_1012\KwResource\bin\release\pdb\KwCommonUI.pdb

Imports

mfc90

ord6057

ord6474

ord6675

ord3965

ord2449

ord321

ord2452

ord2451

ord1303

ord1258

ord6682

ord6676

ord2505

ord6494

ord6153

ord781

ord580

ord1265

ord3676

ord4617

ord3796

ord3506

ord491

ord3126

ord5965

ord4807

ord4792

ord729

ord3049

ord3076

ord2154

ord1368

ord1259

ord4281

ord4977

ord3674

ord3675

ord6473

ord1222

ord6464

ord6788

ord2692

ord5482

ord2356

ord5152

ord1220

ord4502

ord6646

ord3940

ord3996

ord799

ord1098

ord1746

ord2795

ord721

ord1867

ord1866

ord1751

ord5745

ord1401

ord1391

ord2342

ord6290

ord6289

ord2359

ord4383

ord6583

ord6556

ord4528

ord6252

ord2895

ord4114

ord6558

ord4515

ord4512

ord2965

ord3728

ord6006

ord6430

ord3418

ord4279

ord6433

ord4282

ord2246

ord2125

ord1744

ord1745

ord3227

ord4890

ord3485

ord474

ord801

ord4296

ord1764

ord1763

ord6597

ord5574

ord5593

ord1879

ord1739

ord4865

ord2638

ord2639

ord2642

ord2641

ord2640

ord5639

ord683

ord4536

ord2194

ord1380

ord4535

ord5382

ord4918

ord5367

ord5064

ord5386

ord5476

ord5224

ord4771

ord5127

ord5215

ord5385

ord4784

ord4783

ord4693

ord5213

ord5369

ord4604

ord4927

ord5393

ord4889

ord4940

ord5392

ord5264

ord4912

ord4775

ord4846

ord5472

ord4972

ord5341

ord4931

ord4930

ord5334

ord4095

ord4851

ord4850

ord5209

ord4608

ord5199

ord4796

ord5403

ord4575

ord4582

ord5001

ord5194

ord4793

ord4808

ord4806

ord4788

ord4791

ord4786

ord5281

ord5278

ord4364

ord3345

ord6390

ord5584

ord3670

ord1444

ord5599

ord2964

ord4679

ord430

ord3819

ord3757

ord1868

ord1869

ord1536

ord1152

ord391

ord1241

ord3987

ord4993

ord1490

ord4507

ord5997

ord5615

ord5309

ord2208

ord1810

ord1809

ord1678

ord3344

ord6388

ord1496

ord5636

ord4668

ord374

ord639

ord2364

ord3783

ord2896

ord6670

ord2360

ord1720

ord3643

ord4384

ord2283

ord4646

ord777

ord3920

ord2274

ord1668

ord4638

ord3480

ord611

ord405

ord2209

ord2691

ord664

ord3351

ord3352

ord3213

ord305

ord6613

ord1611

ord404

ord5520

ord3179

ord5753

ord1555

ord5835

ord663

ord2523

ord452

ord3657

ord5926

ord2954

ord2948

ord3636

ord400

ord2084

ord1069

ord5771

ord3856

ord306

ord6802

ord5761

ord3143

ord301

ord6148

ord4477

ord2481

ord945

ord942

ord941

ord2327

ord5963

ord4506

ord2480

ord4392

ord5876

ord4337

ord6791

ord5750

ord1247

ord3579

ord3223

ord2263

ord6077

ord585

ord1724

ord1588

ord2700

ord787

ord6554

ord4437

ord2591

ord1361

ord2130

ord4498

ord2282

ord3568

ord1144

ord6152

ord6493

ord4236

ord1329

ord1108

ord1178

ord3845

ord757

ord3620

ord553

ord4026

ord4386

ord3153

ord4157

ord3151

ord3159

ord6329

ord2590

ord790

ord4757

ord3931

ord586

ord789

ord820

ord1045

ord6760

ord2097

ord4513

ord5063

ord3997

ord333

ord525

ord6078

ord4396

ord5179

ord3678

ord4248

ord3730

ord6291

ord6333

ord3157

ord3148

ord3731

ord1699

ord3056

ord1681

ord5808

ord2753

ord6046

ord6552

ord6043

ord6546

ord4565

ord6549

ord6352

ord6166

ord6084

ord5957

ord6023

ord5846

ord5833

ord6398

ord6157

ord3504

ord693

ord2280

ord4644

ord3244

ord3554

ord654

ord3519

ord4527

ord3612

ord1603

ord3831

ord6079

ord6527

ord6616

ord677

ord2278

ord1771

ord1685

ord4642

ord3277

ord265

ord3815

ord1254

ord300

ord4030

ord3665

ord367

ord2141

ord2469

ord6507

ord636

ord6559

ord2100

ord1691

ord595

ord310

ord436

ord6557

ord337

ord613

ord6584

ord1116

ord2143

ord4116

ord4311

ord6170

ord6048

ord2431

ord2470

ord6071

ord3346

ord6391

ord1755

ord1752

ord4331

ord1497

ord4650

ord2074

ord5497

ord6780

ord4589

ord5647

ord3732

ord5139

ord4688

ord1729

ord6446

ord5668

ord5666

ord958

ord963

ord967

ord965

ord969

ord2610

ord2630

ord2614

ord2620

ord2618

ord2616

ord2633

ord2628

ord2612

ord2635

ord2623

ord2605

ord2607

ord2625

ord2375

ord2368

ord1644

ord6784

ord4160

ord6782

ord3671

ord5389

ord6356

ord3218

ord1446

ord5608

ord2139

ord1792

ord1791

ord1728

ord5633

ord2766

ord2978

ord3107

ord4714

ord2961

ord3135

ord2769

ord2888

ord2759

ord4066

ord4067

ord4057

ord2886

ord4334

ord4895

ord4667

ord3663

ord686

ord796

ord2592

ord4529

ord3178

ord6074

ord1357

ord3627

ord3477

ord2588

ord3528

ord1358

ord3479

ord2106

ord316

ord2539

ord910

ord1183

ord601

ord3534

ord1137

ord1061

ord1252

ord1087

ord3726

ord798

ord5585

ord4760

ord2587

msvcr90

__CxxFrameHandler3

__CppXcptFilter

_amsg_exit

_initterm_e

_initterm

?_type_info_dtor_internal_method@type_info@@QAEXXZ

_crt_debugger_hook

_encoded_null

_malloc_crt

_decode_pointer

_onexit

_lock

_encode_pointer

__dllonexit

_unlock

_except_handler4_common

?terminate@@YAXXZ

_stricmp

_time64

_snprintf_s

_vswprintf_c_l

_beginthreadex

_CIsin

_mbsicmp

fopen

fseek

ftell

fclose

fread

_snprintf

atoi

_mbsstr

strncat_s

ldiv

_makepath_s

_splitpath_s

strcpy_s

_mbsinc

__RTDynamicCast

malloc

free

_CIcos

memcpy

memmove_s

?what@exception@std@@UBEPBDXZ

??0exception@std@@QAE@ABQBD@Z

memcpy_s

_invalid_parameter_noinfo

??0exception@std@@QAE@ABV01@@Z

_CxxThrowException

??0exception@std@@QAE@XZ

??1exception@std@@UAE@XZ

_purecall

strncpy_s

memset

__clean_type_info_names_internal

_adjust_fdiv

kernel32

LockResource

LoadResource

FindResourceA

lstrcmpiA

lstrlenA

MultiByteToWideChar

WideCharToMultiByte

GetCPInfo

GlobalFree

GlobalUnlock

GlobalLock

GlobalAlloc

MapViewOfFile

CreateFileMappingA

CreateFileA

GetTickCount

FreeLibrary

GetWindowsDirectoryA

lstrcpyA

WinExec

lstrcatA

Sleep

OutputDebugStringA

HeapFree

GetProcessHeap

HeapAlloc

MulDiv

GlobalReAlloc

GetCurrentDirectoryA

LocalFree

FormatMessageA

GetModuleFileNameA

CloseHandle

FlushFileBuffers

WriteFile

SizeofResource

WaitForSingleObject

ResetEvent

SetEvent

ResumeThread

CreateEventA

VirtualProtect

InterlockedExchange

InterlockedCompareExchange

TerminateProcess

UnhandledExceptionFilter

SetUnhandledExceptionFilter

IsDebuggerPresent

GetVersion

GetCurrentThreadId

GetLastError

SetLastError

LoadLibraryA

GetCurrentProcess

QueryPerformanceCounter

GetCurrentProcessId

GetSystemTimeAsFileTime

FreeResource

FlushInstructionCache

GetModuleHandleA

GetProcAddress

GetVersionExA

user32

TabbedTextOutA

GetParent

GetFocus

GetUpdateRect

ScreenToClient

FillRect

DestroyIcon

GetDC

ReleaseDC

DrawIconEx

GetIconInfo

GetSysColor

GetCursorPos

CallNextHookEx

InflateRect

EqualRect

SetWindowsHookExA

ReleaseCapture

LoadCursorA

GetSysColorBrush

RegisterClassExA

EnableWindow

SetCapture

GetCapture

KillTimer

SetTimer

RedrawWindow

InvalidateRect

GetClientRect

SetWindowRgn

PostMessageA

SendMessageA

DrawFrameControl

CopyRect

SetRectEmpty

PtInRect

IsRectEmpty

UnhookWindowsHookEx

ClientToScreen

OffsetRect

IntersectRect

SystemParametersInfoA

IsIconic

GetWindowPlacement

GetWindowRect

GetSystemMetrics

GetMenuItemID

GetMenuState

GetSubMenu

DrawTextA

ModifyMenuA

RemoveMenu

GetDesktopWindow

GetMenuItemInfoA

LoadImageA

MessageBoxA

WindowFromPoint

GetNextDlgGroupItem

DrawFocusRect

IsWindowVisible

SetLayeredWindowAttributes

CopyIcon

UpdateWindow

GetMessagePos

MessageBeep

CopyImage

DefWindowProcA

CallWindowProcA

GetWindow

GetClassNameA

GetDlgCtrlID

MoveWindow

AdjustWindowRectEx

EndPaint

BeginPaint

CheckMenuItem

EnableMenuItem

GetWindowDC

EnableScrollBar

GetScrollInfo

GetScrollPos

GetScrollRange

SetScrollInfo

SetScrollPos

SetScrollRange

ShowScrollBar

GetPropA

SetWindowPos

RemovePropA

CreateWindowExA

SetPropA

FrameRect

WindowFromDC

MapWindowPoints

GetKeyState

ChildWindowFromPoint

DestroyWindow

ShowWindow

RegisterClassA

DrawTextExA

GrayStringA

IsWindow

SetCursor

SetWindowLongA

GetAsyncKeyState

GetWindowLongA

SetRect

LoadBitmapA

DrawEdge

CreateMenu

CreatePopupMenu

DeleteMenu

AppendMenuA

InsertMenuA

GetMenuItemCount

gdi32

SaveDC

SetStretchBltMode

RestoreDC

Polygon

IntersectClipRect

SetWindowOrgEx

PlayEnhMetaFile

CreatePatternBrush

SetBrushOrgEx

CreateBitmap

UnrealizeObject

CreateFontW

GetTextMetricsA

SetBkColor

GetCurrentObject

RoundRect

GetTextColor

GetTextExtentPointA

CreateICA

ExtCreateRegion

GetDIBits

CreateDIBitmap

CreateHalftonePalette

StretchDIBits

SelectPalette

RealizePalette

CreatePalette

GetTextExtentPoint32W

SetPixel

PatBlt

Rectangle

Ellipse

GetBkMode

GetDeviceCaps

CreateHatchBrush

CreatePen

SetBkMode

SetTextColor

SelectClipRgn

DeleteDC

GetPixel

SelectObject

Escape

ExtTextOutA

GetDCOrgEx

GetClipBox

GetStockObject

CreateSolidBrush

CreateFontIndirectA

GetObjectA

CreateCompatibleBitmap

CreateRectRgn

CreatePolygonRgn

CombineRgn

EqualRgn

OffsetRgn

CreateCompatibleDC

FrameRgn

StretchBlt

GetTextExtentPoint32A

DeleteObject

CreateFontA

BitBlt

CreateDIBSection

PtVisible

RectVisible

TextOutA

msimg32

TransparentBlt

advapi32

RegQueryValueExA

RegOpenKeyExA

RegQueryValueA

RegCloseKey

shell32

SHBrowseForFolderA

SHGetPathFromIDListA

SHGetMalloc

ShellExecuteA

DragQueryFileA

comctl32

_TrackMouseEvent

InitCommonControlsEx

ImageList_GetIconSize

ole32

CreateStreamOnHGlobal

CoCreateInstance

oleaut32

SysStringByteLen

SysAllocStringByteLen

SysAllocStringLen

VariantCopy

VariantClear

SysFreeString

VariantInit

OleLoadPicture

kwlib

?EndWith@StringUtility@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z

?GetKwPath@Dir@KwLib@@YAHW4Path_Type@12@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

??1_MUSICINFO@KwLib@@QAE@XZ

?GetFileSize@Dir@KwLib@@YAHV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAN@Z

?GetFileExtension@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

?GetFileNameWithoutExtension@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV34@@Z

?QueryMIInfo@MIQuerier@KwLib@@SAKPBDPAU_MUSICINFO@2@@Z

??0_MUSICINFO@KwLib@@QAE@XZ

?Str2Lower@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

?WString2String@Charset@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@4@@Z

?UTF8ToUnicode@Charset@KwLib@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@@Z

?FindAllFiles@Dir@KwLib@@YAHAAV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@4@1H@Z

?Format@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ

?IsDirectory@Dir@KwLib@@YAHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

?ToFileTime@DateTime@Time@KwLib@@QBE_KXZ

??0DateTime@Time@KwLib@@QAE@XZ

?ReadString@REG@KwLib@@YA_NPAUHKEY__@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@1AAV45@@Z

?Trim@StringUtility@KwLib@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z

msvcp90

??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z