2dfac95287b269d112b6600216a8e531_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2dfac95287b269d112b6600216a8e531_JaffaCakes118
Size

2.0MB
MD5

2dfac95287b269d112b6600216a8e531
SHA1

1b95c015f41e30b0d40c3a46d89f14a745fc76f0
SHA256

9608a8855ce3e5a484f0090e12ecb7684c8e0a25cac94f8814e007bf0317e348
SHA512

ad9f5134ee5a107cce8013a8387d015e18b347d0ccfbdaa28c851ff8c9cee6844605fe18a12158620e8587151c4f2afbc5eca2cbf656562ebf61db64a5a52574
SSDEEP

49152:uU3bW2cPZR2pL6Zgg5vT7C3Fme4hsxYNLEld4pWmSS0UUK:R39cPZRzZ3IFmLhsxY6T4Z3UK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack004/beikescan.exe	upx
static1/unpack004/beikescan.exe.new	upx

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/Antiarp2Setup.exe
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsDialogs.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/UserInfo.dll
unpack004/$PLUGINSDIR/nsDialogs.dll
unpack005/out.upx
unpack006/out.upx
unpack003/uninstall.exe
unpack007/$PLUGINSDIR/System.dll
unpack007/$PLUGINSDIR/UserInfo.dll
unpack007/$PLUGINSDIR/nsDialogs.dll

NSIS installer 8 IoCs

installer

resource	yara_rule
static1/unpack001/AntiarpSetup.exe	nsis_installer_1
static1/unpack001/AntiarpSetup.exe	nsis_installer_2
static1/unpack002/Antiarp2Setup.exe	nsis_installer_1
static1/unpack002/Antiarp2Setup.exe	nsis_installer_2
static1/unpack003/BeikeSetup_antiarp.exe	nsis_installer_1
static1/unpack003/BeikeSetup_antiarp.exe	nsis_installer_2
static1/unpack003/uninstall.exe	nsis_installer_1
static1/unpack003/uninstall.exe	nsis_installer_2

Files

2dfac95287b269d112b6600216a8e531_JaffaCakes118
.rar
AntiarpSetup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

69:f3:4e:8e:b8:c3:4e:99:40:c8:66:6a:01:72:95:be:a3:c8:7b:f7
Signer

Actual PE Digest

69:f3:4e:8e:b8:c3:4e:99:40:c8:66:6a:01:72:95:be:a3:c8:7b:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Antiarp2Setup.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_64_
.exe windows:4 windows x86 arch:x86

e8d590fb639c47cc570db634485dac8d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65
Signer

Actual PE Digest

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\installext.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetSystemDirectoryW
RaiseException
DeleteFileW
GetCurrentProcess
SetLastError
FreeLibrary
Sleep
LoadLibraryW
CreateProcessW
OpenProcess
GetLastError
WaitForSingleObject
TerminateProcess
SizeofResource
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCommandLineW
ExitProcess
lstrcmpiW
lstrlenW
FindResourceW
GetTickCount
HeapAlloc
SystemTimeToFileTime
GetProcAddress
CreateThread
GetLocalTime
Process32NextW
GetShortPathNameW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
HeapDestroy
GetStartupInfoW
GetModuleHandleA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree

user32

UnregisterClassA
ExitWindowsEx
CharLowerBuffW
CharNextW
MessageBoxW
GetActiveWindow
FindWindowW
GetWindow
wvsprintfW
FindWindowExW
SendMessageW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
DeleteService
OpenServiceW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrCmpNW
StrChrW
StrRChrW
StrToIntW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
BeikeSetup_antiarp.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c6:1b:c2:07:f8:6c:b5:de:8e:e4:49:2f:ae:f5:60:e9:97:2d:35:58
Signer

Actual PE Digest

c6:1b:c2:07:f8:6c:b5:de:8e:e4:49:2f:ae:f5:60:e9:97:2d:35:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikescan.exe
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:6d:0c:0f:71:fe:c1:9e:b1:16:41:92:84:2f:96:69:2c:6b:9d:74
Signer

Actual PE Digest

16:6d:0c:0f:71:fe:c1:9e:b1:16:41:92:84:2f:96:69:2c:6b:9d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 484KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 824KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
beikescan.exe.new
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

16:6d:0c:0f:71:fe:c1:9e:b1:16:41:92:84:2f:96:69:2c:6b:9d:74
Signer

Actual PE Digest

16:6d:0c:0f:71:fe:c1:9e:b1:16:41:92:84:2f:96:69:2c:6b:9d:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 724KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 484KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 824KB - Virtual size: 821KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe.nsis
beikearp.sys
.sys windows:4 windows x86 arch:x86

c0524f5aba9b72728acda313d2d569e4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

66:99:a5:c7:6d:bd:db:3d:2d:aa:b0:1f:01:9b:d6:50:06:75:cc:c1
Signer

Actual PE Digest

66:99:a5:c7:6d:bd:db:3d:2d:aa:b0:1f:01:9b:d6:50:06:75:cc:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\Release\beikearp.pdb

Imports

ndis.sys

NdisTerminateWrapper
NdisIMAssociateMiniport
NdisRegisterProtocol
NdisMRegisterUnloadHandler
NdisIMRegisterLayeredMiniport
NdisInitializeWrapper
NdisFreeMemory
NdisAllocateMemoryWithTag
NdisFreePacket
NdisIMCopySendCompletePerPacketInfo
NdisIMCopySendPerPacketInfo
NdisAllocatePacket
NdisUnchainBufferAtFront
NdisDprFreePacket
NdisAllocateBuffer
NdisAllocateMemory
NdisReturnPackets
NdisMSetMiniportSecondary
NdisMPromoteMiniport
NdisFreeBufferPool
NdisIMDeregisterLayeredMiniport
NdisWaitEvent
NdisCloseAdapter
NdisResetEvent
NdisMSetAttributesEx
NdisIMGetDeviceContext
NdisCloseConfiguration
NdisIMInitializeDeviceInstanceEx
NdisOpenAdapter
NdisAllocateBufferPool
NdisAllocatePacketPoolEx
NdisInitializeEvent
NdisReadConfiguration
NdisOpenProtocolConfiguration
NdisSetEvent
NdisDeregisterProtocol
NdisDprAllocatePacket
NdisGetReceivedPacket
NdisReEnumerateProtocolBindings
NdisPacketPoolUsage
NdisIMDeInitializeDeviceInstance
NdisMDeregisterDevice
NdisMRegisterDevice
NdisFreePacketPool
NdisMSleep

ntoskrnl.exe

strncmp
IoGetCurrentProcess
strncpy
memset
_strnicmp
KeSetEvent
DbgPrint
RtlInitUnicodeString
RtlAssert
KeInitializeSpinLock
ObReferenceObjectByHandle
IofCompleteRequest
InterlockedIncrement
IoFreeMdl
MmMapLockedPagesSpecifyCache
memmove
RtlEqualUnicodeString
RtlCopyUnicodeString
memcpy
sprintf
InterlockedExchange
PsGetCurrentProcessId

hal

KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikearpdevc.dll
.dll windows:4 windows x86 arch:x86

7764bf1d1d9ca721072869326d07dd1c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

28:ac:b2:07:b8:1c:7b:3a:72:da:60:56:cb:ac:fe:c9:51:97:22:68
Signer

Actual PE Digest

28:ac:b2:07:b8:1c:7b:3a:72:da:60:56:cb:ac:fe:c9:51:97:22:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikearpdevc.pdb

Imports

ws2_32

WSACleanup
gethostbyaddr
WSAStartup

shlwapi

StrCmpNW
StrChrW
PathRemoveFileSpecW
StrCmpNIW
PathAppendW
StrRChrW

iphlpapi

SendARP

kernel32

QueryPerformanceCounter
GetCurrentProcessId
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
DebugBreak
GetCurrentThreadId
GetSystemTimeAsFileTime
InterlockedDecrement
CreateProcessW
WaitForSingleObject
CloseHandle
GetModuleFileNameW
InterlockedIncrement
DeviceIoControl
lstrlenW
RaiseException
IsDebuggerPresent
FindResourceW
GetLastError
LockResource
LoadResource
CreateFileW
SizeofResource
SuspendThread
CreateEventW
CreateThread
SetEvent
TerminateThread
FreeLibrary
LeaveCriticalSection
GetProcAddress
Sleep
WaitForMultipleObjects
ExitThread
GetTickCount
ResetEvent
RtlUnwind
TerminateProcess
FindResourceExW
LoadLibraryW
EnterCriticalSection
GetProcessHeap
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapDestroy
HeapAlloc
HeapFree
GetCurrentProcess

advapi32

OpenServiceW
OpenSCManagerW
QueryServiceStatus

user32

UnregisterClassA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
InstallDriver
IsDriverInstalled
UninstallDriver

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikearpmain.exe
.exe windows:4 windows x86 arch:x86

d3bce774de1e8178af2dfcdb8c6a6147

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

25:3d:b5:f6:11:28:5f:a6:90:77:f0:2f:5c:73:a6:81:13:43:39:df
Signer

Actual PE Digest

25:3d:b5:f6:11:28:5f:a6:90:77:f0:2f:5c:73:a6:81:13:43:39:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikearpmain.pdb

Imports

kernel32

CreateDirectoryW
SetEvent
SetFilePointer
GetTempFileNameW
MoveFileW
DeleteFileW
Sleep
LocalFree
CreateThread
SystemTimeToFileTime
GetLongPathNameW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InterlockedCompareExchange
HeapFree
GetFullPathNameW
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
DeviceIoControl
GetFileAttributesW
ExpandEnvironmentStringsW
GetStringTypeExW
CreateProcessW
HeapDestroy
HeapReAlloc
HeapSize
DebugBreak
GetModuleHandleA
GetStartupInfoW
ExitProcess
GetCommandLineW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
WaitForSingleObject
GetFileTime
FileTimeToSystemTime
SetUnhandledExceptionFilter
lstrlenA
GetCurrentThread
GetTempPathW
GetLocalTime
WriteFile
SetEndOfFile
CreateFileW
GetFileSize
ReadFile
GetVersionExW
VirtualQuery
LoadLibraryExW
MultiByteToWideChar
FreeResource
MulDiv
lstrcmpW
GetModuleFileNameW
GlobalHandle
GlobalFree
GetVersion
GlobalLock
GlobalUnlock
InterlockedDecrement
InterlockedIncrement
GetCurrentThreadId
UnmapViewOfFile
CreateFileMappingW
MapViewOfFileEx
lstrcmpA
WideCharToMultiByte
CloseHandle
CreateEventW
SetLastError
lstrlenW
lstrcmpiW
GetTickCount
GlobalAlloc
LoadLibraryW
FreeLibrary
GetCurrentProcess
FlushInstructionCache
GetModuleHandleW
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLastError
GetProcessHeap
RaiseException

user32

LoadImageW
DrawFrameControl
EqualRect
InflateRect
SetRect
LoadIconW
DestroyIcon
LoadBitmapW
CreateAcceleratorTableW
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
FillRect
GetClassNameW
IsChild
InvalidateRgn
InvalidateRect
ScreenToClient
ClientToScreen
SetWindowPos
GetSysColor
MoveWindow
GetSystemMetrics
ReleaseCapture
PtInRect
CopyRect
DrawTextW
GetDlgItem
GetDlgCtrlID
DrawIconEx
SetMenuDefaultItem
RedrawWindow
GetClientRect
SetCursor
GetWindowRect
EnumChildWindows
SetWindowContextHelpId
SetWindowRgn
MapDialogRect
CharLowerBuffA
CreateDialogIndirectParamW
CreateWindowExW
RegisterClassExW
CallWindowProcW
LoadCursorW
wsprintfW
GetClassInfoExW
IsWindowEnabled
SendMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CharNextW
GetDC
ReleaseDC
DeleteMenu
GetSubMenu
LoadMenuW
PostQuitMessage
FrameRect
DialogBoxParamW
EndDialog
PostThreadMessageW
GetActiveWindow
BringWindowToTop
SetActiveWindow
SetDlgItemTextW
GetMenu
SetTimer
AdjustWindowRectEx
MapWindowPoints
SystemParametersInfoW
DestroyMenu
TrackPopupMenu
GetParent
GetCursorPos
DefWindowProcW
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
EnableWindow
GetKeyState
MonitorFromWindow
IsWindowVisible
IsIconic
PostMessageW
SetForegroundWindow
SetFocus
wvsprintfA
DestroyWindow
OffsetRect
wvsprintfW
IsWindow
ShowWindow
GetMonitorInfoW
AnimateWindow
SetCapture
KillTimer
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
MessageBoxW
UnregisterClassA

gdi32

SetWindowOrgEx
TextOutW
OffsetRgn
CombineRgn
LineTo
MoveToEx
GetClipRgn
CreateRectRgn
CreateRectRgnIndirect
SelectClipRgn
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
SetTextColor
SetBkMode
GetTextMetricsW
CreateDIBSection
ExtTextOutW
CreateFontIndirectW
GetStockObject
GetObjectW
StretchBlt
CreateCompatibleDC
BitBlt
DeleteDC
SelectObject
CreatePen
DeleteObject
Rectangle
SetBkColor
RoundRect

advapi32

OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
GetNamedSecurityInfoW
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
IsValidSid
GetLengthSid
SetNamedSecurityInfoW
InitializeAcl
AddAce
ControlService
StartServiceW
OpenServiceW
QueryServiceStatusEx
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

Shell_NotifyIconW
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysFreeString
LoadTypeLi
OleCreateFontIndirect
SysStringByteLen
SysStringLen
LoadRegTypeLi
DispCallFunc
VariantClear
VariantInit
VarUI4FromStr
SysAllocString

shlwapi

StrToIntA
StrCpyNW
StrCmpNW
StrCmpIW
StrChrW
StrToIntW
StrCmpNIW
StrRChrW

comctl32

ImageList_Create
ImageList_Destroy
_TrackMouseEvent
InitCommonControlsEx

msimg32

GradientFill
TransparentBlt

wininet

HttpQueryInfoW
InternetReadFile
InternetCrackUrlW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle

psapi

GetModuleInformation
GetModuleBaseNameW
EnumProcessModules

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

mpr

WNetGetResourceInformationW

Sections

.text
Size: 220KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
beikearpsvc.exe
.exe windows:4 windows x86 arch:x86

f8b4501f492987b2b9a1cfd87b960ed5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

98:ed:f4:bc:d9:d6:63:df:b6:93:d0:f3:cb:fc:48:32:35:22:21:56
Signer

Actual PE Digest

98:ed:f4:bc:d9:d6:63:df:b6:93:d0:f3:cb:fc:48:32:35:22:21:56

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikearpsvc.pdb

Imports

shell32

SHGetFolderPathW

kernel32

ReadFile
LoadLibraryW
GetProcAddress
Sleep
GetCommandLineW
ResumeThread
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetCurrentThread
GetTempPathW
GetLocalTime
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SystemTimeToFileTime
GetFileAttributesExW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
GetTickCount
CreateProcessW
ExpandEnvironmentStringsW
WaitForMultipleObjects
GetModuleHandleW
SetEvent
SetEndOfFile
WriteFile
WideCharToMultiByte
lstrlenW
WaitForSingleObject
GetModuleFileNameW
CloseHandle
CreateEventW
GetCurrentProcess
SetProcessWorkingSetSize
DeleteFileW
SetFileAttributesW
GetFileSize
SetLastError
FreeLibrary
FindResourceExW
LoadResource
LocalFree
LockResource
SizeofResource
GetVersionExW
FindResourceW
CreateDirectoryW
GetFileAttributesW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
CreateFileA
SetFilePointer
LoadLibraryA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
FlushFileBuffers
MultiByteToWideChar
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
CreateFileW
GetLastError
VirtualQuery
GetStringTypeW
GetStringTypeA
GetCPInfo
InterlockedDecrement
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement

advapi32

RegCreateKeyExW
RegSetValueExW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
CloseServiceHandle
CreateServiceW
DeleteService
StartServiceCtrlDispatcherW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
SetServiceStatus
RegisterServiceCtrlHandlerW
GetNamedSecurityInfoW
IsValidSid
GetLengthSid
CopySid
GetAce
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
GetAclInformation
SetNamedSecurityInfoW
AddAce
InitializeAcl

ole32

CoCreateInstance
CoUninitialize
CoInitialize

shlwapi

PathIsDirectoryW
PathFileExistsW
StrToIntW
PathRemoveFileSpecW
StrCpyNW
StrCmpNW
StrChrW
StrRChrW
StrCmpNIW
PathAppendW

wininet

HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetCloseHandle
InternetSetOptionW
InternetOpenW
InternetConnectW

psapi

GetModuleInformation
EnumProcessModules
GetModuleBaseNameW

iphlpapi

GetAdaptersInfo
GetIpNetTable

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

UnregisterClassA

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
beikearpupd.exe
.exe windows:4 windows x86 arch:x86

9d71c3e06732331b2ecb629813922a19

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:96:1b:b6:03:c4:c5:de:cc:a0:11:c9:a5:2e:0c:09:41:8e:7d:36
Signer

Actual PE Digest

ca:96:1b:b6:03:c4:c5:de:cc:a0:11:c9:a5:2e:0c:09:41:8e:7d:36

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikearpupd.pdb

Imports

kernel32

GetSystemDirectoryW
CopyFileW
TerminateProcess
MoveFileExW
InterlockedDecrement
LocalFree
SetFileAttributesW
GetFileAttributesW
MoveFileW
DeleteFileW
CreateDirectoryW
SetFilePointer
InterlockedIncrement
SetLastError
OpenProcess
CreateProcessW
WaitForSingleObject
LoadLibraryW
CloseHandle
GetVersionExW
FreeLibrary
CreateFileW
WideCharToMultiByte
FindResourceW
FindResourceExW
CreateMutexW
GetModuleFileNameW
SetEndOfFile
ReadFile
GetCurrentProcess
GetProcAddress
VirtualQuery
lstrlenW
GetLocalTime
GetFileSize
GetSystemInfo
VirtualProtect
GetThreadLocale
GetCurrentThread
GetLastError
GetModuleHandleW
SetUnhandledExceptionFilter
SizeofResource
Sleep
LockResource
LoadResource
OutputDebugStringW
SetEvent
WaitForMultipleObjects
lstrlenA
FlushFileBuffers
CreateFileA
GetTempPathW
WriteFile
WriteConsoleW
GetConsoleOutputCP
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCommandLineA
GetStartupInfoA
UnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
InterlockedExchange
LoadLibraryA
SetStdHandle
WriteConsoleA

advapi32

RegQueryValueExW
RegOpenKeyExW
DuplicateTokenEx
ConvertStringSidToSidW
SetTokenInformation
GetTokenInformation
SetThreadToken
OpenThreadToken
RegCreateKeyExW
RegSetValueExW
SetNamedSecurityInfoW
InitializeSid
GetLengthSid
GetSidLengthRequired
CopySid
InitializeAcl
GetSidSubAuthority
GetAclInformation
IsValidSid
GetNamedSecurityInfoW
GetAce
AddAce
CreateProcessAsUserW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetUserNameW
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoCreateGuid

shlwapi

StrCmpNW
StrStrIA
StrRChrW
StrToIntW
StrCmpNIW
StrChrW

wininet

InternetSetOptionW
HttpSendRequestW
InternetConnectW
InternetOpenW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW
HttpQueryInfoW
InternetReadFile
HttpAddRequestHeadersW

psapi

GetModuleInformation
EnumProcessModules
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

userenv

UnloadUserProfile

iphlpapi

GetAdaptersInfo

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

user32

UnregisterClassA

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
beikearpver.dat
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:42:3f:24:31:50:0b:2c:3b:74:6d:10:79:d4:e2:ed:8b:39:9f:84
Signer

Actual PE Digest

26:42:3f:24:31:50:0b:2c:3b:74:6d:10:79:d4:e2:ed:8b:39:9f:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikearpver.dat.new
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:42:3f:24:31:50:0b:2c:3b:74:6d:10:79:d4:e2:ed:8b:39:9f:84
Signer

Actual PE Digest

26:42:3f:24:31:50:0b:2c:3b:74:6d:10:79:d4:e2:ed:8b:39:9f:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikecmm.dll
.dll windows:4 windows x86 arch:x86

e917b225ec5b0e5bd4549c6aba936fb8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:6c:30:42:0c:c2:fc:3d:b1:a0:55:6b:97:26:41:62:ce:61:4d:04
Signer

Actual PE Digest

6a:6c:30:42:0c:c2:fc:3d:b1:a0:55:6b:97:26:41:62:ce:61:4d:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikecmm.pdb

Imports

kernel32

CreateFileW
ResetEvent
SetEvent
EnterCriticalSection
LeaveCriticalSection
Sleep
ConnectNamedPipe
GetOverlappedResult
FreeLibrary
LoadLibraryW
FindResourceW
CreateMutexW
CreateNamedPipeW
DisconnectNamedPipe
GetModuleFileNameW
ResumeThread
WaitForSingleObject
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
GetLastError
CreateSemaphoreW
CreateEventW
FindResourceExW
LoadResource
LockResource
SizeofResource
WriteFile
ReadFile
WaitForMultipleObjects
ReleaseSemaphore
TerminateThread
InterlockedDecrement
GetProcAddress
InterlockedIncrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetVersionExA
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetModuleFileNameA
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapCreate
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
MultiByteToWideChar
GetLocaleInfoA

advapi32

GetLengthSid
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorLength
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeSelfRelativeSD
GetSidLengthRequired
InitializeSid
MakeAbsoluteSD
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetAclInformation
InitializeAcl
AddAce
SetSecurityDescriptorDacl
IsValidSid
CopySid

shlwapi

StrCmpNIW
StrChrW
StrCmpNW
StrRChrW

user32

UnregisterClassA

Exports

Exports

GetInterface

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
beikenetcfg.dll
.dll windows:4 windows x86 arch:x86

971735054f3e7e760d2908ca172127bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1a:28:b6:a0:57:c3:15:ed:ab:a7:8c:4f:ce:53:54:e9:8a:89:f8:01
Signer

Actual PE Digest

1a:28:b6:a0:57:c3:15:ed:ab:a7:8c:4f:ce:53:54:e9:8a:89:f8:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\beikenetcfg.pdb

Imports

iphlpapi

SetIpNetEntry
GetBestInterface
CreateIpNetEntry
FlushIpNetTable
NotifyAddrChange
GetIpNetTable
GetAdaptersInfo

ws2_32

WSAGetLastError
WSACreateEvent
WSAStartup
WSACleanup

kernel32

CreateFileA
WriteConsoleW
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
CreateThread
CloseHandle
CreateEventW
WaitForSingleObject
SetEvent
WaitForMultipleObjects
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetLastError
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
ReadFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
SetStdHandle
WriteConsoleA

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bkndis.inf
bkndis_m.inf
installext.exe
.exe windows:4 windows x86 arch:x86

e8d590fb639c47cc570db634485dac8d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65
Signer

Actual PE Digest

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\installext.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetSystemDirectoryW
RaiseException
DeleteFileW
GetCurrentProcess
SetLastError
FreeLibrary
Sleep
LoadLibraryW
CreateProcessW
OpenProcess
GetLastError
WaitForSingleObject
TerminateProcess
SizeofResource
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCommandLineW
ExitProcess
lstrcmpiW
lstrlenW
FindResourceW
GetTickCount
HeapAlloc
SystemTimeToFileTime
GetProcAddress
CreateThread
GetLocalTime
Process32NextW
GetShortPathNameW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
HeapDestroy
GetStartupInfoW
GetModuleHandleA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree

user32

UnregisterClassA
ExitWindowsEx
CharLowerBuffW
CharNextW
MessageBoxW
GetActiveWindow
FindWindowW
GetWindow
wvsprintfW
FindWindowExW
SendMessageW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
DeleteService
OpenServiceW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrCmpNW
StrChrW
StrRChrW
StrToIntW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
installext.inst.exe
.exe windows:4 windows x86 arch:x86

e8d590fb639c47cc570db634485dac8d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65
Signer

Actual PE Digest

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\installext.pdb

Imports

kernel32

LockResource
LoadResource
FindResourceExW
GetModuleFileNameW
GetSystemDirectoryW
RaiseException
DeleteFileW
GetCurrentProcess
SetLastError
FreeLibrary
Sleep
LoadLibraryW
CreateProcessW
OpenProcess
GetLastError
WaitForSingleObject
TerminateProcess
SizeofResource
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetCommandLineW
ExitProcess
lstrcmpiW
lstrlenW
FindResourceW
GetTickCount
HeapAlloc
SystemTimeToFileTime
GetProcAddress
CreateThread
GetLocalTime
Process32NextW
GetShortPathNameW
Process32FirstW
CreateToolhelp32Snapshot
CloseHandle
HeapDestroy
GetStartupInfoW
GetModuleHandleA
GetVersionExA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree

user32

UnregisterClassA
ExitWindowsEx
CharLowerBuffW
CharNextW
MessageBoxW
GetActiveWindow
FindWindowW
GetWindow
wvsprintfW
FindWindowExW
SendMessageW

advapi32

OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
QueryServiceStatus
RegDeleteValueW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
DeleteService
OpenServiceW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW

shlwapi

PathAppendW
PathFileExistsW
PathRemoveFileSpecW
StrCmpNIW
StrCmpNW
StrChrW
StrRChrW
StrToIntW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.rtf
.rtf
skylarkd.dll
.dll windows:4 windows x86 arch:x86

cea9e55a99ca69296b2d8722e1dff667

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:e5:7a:2e:75:f8:02:96:b1:0c:68:6b:23:67:ca:c6:bf:d2:c1:71
Signer

Actual PE Digest

4b:e5:7a:2e:75:f8:02:96:b1:0c:68:6b:23:67:ca:c6:bf:d2:c1:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\daily_build\svn2\v2-skylark\trunk\src\skylarkd\ReleaseMT\skylarkd.pdb

Imports

kernel32

InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
LoadLibraryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
GetTimeZoneInformation
InterlockedExchange
FreeEnvironmentStringsA
GetModuleFileNameA
DeleteCriticalSection
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
Sleep
GetCurrentThread
InterlockedDecrement
GetLastError
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetProcAddress
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcessHeap
HeapAlloc
RaiseException
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
lstrlenW
ResumeThread
CreateEventW
SetEvent
CloseHandle
WaitForSingleObject
OutputDebugStringW
WaitForMultipleObjects
GetModuleFileNameW
GetPrivateProfileIntW
GetSystemTime
GetThreadPriority
SetThreadPriority
GetPrivateProfileStringW
GetSystemDirectoryW
GetVersionExW
lstrlenA
GetFileSize
CreateFileW
FindFirstFileW
FindClose
LocalFree
GetFileAttributesW
CreateDirectoryW
GetSystemInfo
LockFile
ReadFile
GetFullPathNameW
GetFullPathNameA
FormatMessageA
FlushFileBuffers
GetTempPathW
CreateFileA
SetFilePointer
LoadLibraryW
DeleteFileW
SetEndOfFile
LockFileEx
GetDiskFreeSpaceW
GetTempPathA
AreFileApisANSI
DeleteFileA
GetFileAttributesA
GetDiskFreeSpaceA
UnlockFile
GetFileSizeEx
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
GetTempFileNameW
GetThreadTimes
GetWindowsDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
DeviceIoControl
ExpandEnvironmentStringsW
GetLongPathNameW
lstrcmpA
FindNextFileW
GetEnvironmentVariableW
GetDriveTypeW
SetErrorMode
GetVersion
LoadLibraryExW
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SetFileTime
GetCurrentDirectoryW
GlobalMemoryStatus
ExitThread
CreateThread
VirtualProtect
VirtualQuery
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetThreadLocale
GetVersionExA
HeapFree
GetCommandLineA
GetCurrentThreadId

shlwapi

PathRemoveFileSpecW
PathAppendW
PathAddBackslashW
StrCpyNW
StrToIntW
StrStrIA
PathFindFileNameW
StrCmpNW
StrCmpIW
StrRChrW
StrChrW
StrCmpNIW
PathIsFileSpecW
StrPBrkW

iphlpapi

GetAdaptersInfo

wininet

InternetOpenW
HttpAddRequestHeadersW
HttpEndRequestW
HttpSendRequestExW
InternetWriteFile
HttpOpenRequestW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetReadFile
HttpSendRequestW

userenv

UnloadUserProfile

psapi

EnumProcesses
GetModuleFileNameExW
EnumProcessModules

imagehlp

ImageGetCertificateHeader

mpr

WNetGetResourceInformationW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

user32

GetDesktopWindow
MessageBoxA
UnregisterClassA
GetProcessWindowStation
GetUserObjectInformationW
wsprintfW

advapi32

RegCreateKeyExW
RegEnumValueW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegDeleteValueW
RegOpenKeyW
RegEnumKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetThreadToken
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenThreadToken
RegSetValueExW
InitializeAcl
AddAce
GetAclInformation
GetAce
GetSidLengthRequired
InitializeSid
GetSidSubAuthority
CopySid
GetNamedSecurityInfoW
GetLengthSid
SetNamedSecurityInfoW
IsValidSid
OpenProcessToken

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoCreateGuid

oleaut32

SysAllocStringLen
SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy

Exports

Exports

SkylarkCreateDatabase3
SkylarkFeedAudit
SkylarkFeedDebugLog
SkylarkInitializeEx
SkylarkRenewFeedVer
SkylarkRunAutorunScanTaskEx
SkylarkRunSimpleScanTaskEx
SkylarkScanSecurityEnviromentEx
SkylarkScanSoftwareEx
SkylarkUninitializeEx

Sections

.text
Size: 812KB - Virtual size: 809KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
snetcfg.exe
.exe windows:4 windows x86 arch:x86

700ff806405c4155c93f401da17d8733

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:b8:57:d5:71:5d:ff:aa:45:39:c2:d5:84:dd:8f:fe:db:44:bf:ea
Signer

Actual PE Digest

c2:b8:57:d5:71:5d:ff:aa:45:39:c2:d5:84:dd:8f:fe:db:44:bf:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\snetcfg.pdb

Imports

ole32

CoTaskMemFree
CoCreateInstance
CoInitializeEx
CoUninitialize

setupapi

SetupCopyOEMInfW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

kernel32

DeleteCriticalSection
CloseHandle
CreateFileA
SetStdHandle
SetFilePointer
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
RtlUnwind
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
WriteFile
GetStdHandle
GetModuleFileNameA
LoadLibraryA
InitializeCriticalSection
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 100KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
lstrcpynA
GetCurrentProcess
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 741B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 190B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
installext.exe
.exe windows:4 windows x86 arch:x86

4a21e23b98171d1ef86de21e35792f44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

91:ec:d1:07:28:f0:16:4c:a5:41:c7:1b:34:40:f4:41:9e:27:f7:33
Signer

Actual PE Digest

91:ec:d1:07:28:f0:16:4c:a5:41:c7:1b:34:40:f4:41:9e:27:f7:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\build\svn\client\trunk\groups\antiarp\src\InstallExt\Release\installext.pdb

Imports

shell32

SHGetFolderPathW

kernel32

DeleteCriticalSection
CreateEventW
CreateThread
Sleep
CloseHandle
GetModuleFileNameW
lstrcmpiW
SetEvent
GetShortPathNameW
WaitForSingleObject
SuspendThread
CreateMutexW
TerminateThread
CreateProcessW
lstrlenW
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
WritePrivateProfileStringW
SetLastError
RaiseException
GetLastError
FindResourceW
SizeofResource
LockResource
QueryPerformanceCounter
GetCommandLineW
ExitProcess
GetStartupInfoW
GetModuleHandleA
GetSystemTimeAsFileTime
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
GetPrivateProfileStringW
CreateDirectoryW
FindResourceExW
InitializeCriticalSection
LoadResource
GetCurrentProcessId
GetTickCount
RtlUnwind
IsDebuggerPresent
HeapAlloc
HeapDestroy
GetVersionExA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentThreadId

user32

wvsprintfW
CharLowerBuffW
UnhookWindowsHookEx
SendMessageW
FindWindowW
GetActiveWindow
MessageBoxW
CharNextW
CharUpperW
UnregisterClassA

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryValueExW
RegEnumKeyExW

ole32

CoCreateGuid

shlwapi

PathRemoveFileSpecW
PathAppendW

wininet

InternetCloseHandle
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW
InternetOpenW

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
supgrade2.exe
.exe windows:4 windows x86 arch:x86

84b26e14d431702a9c7634d640a59c53

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

15/05/2009, 00:00

Not After

15/05/2010, 23:59

Subject

CN=Beike Internet Security Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beike Internet Security Technology Co.\,Ltd,L=BEIJING,ST=BEIJING,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

26:76:3e:12:af:5e:c0:1a:50:66:0f:db:d9:98:1b:1e:11:68:17:8d
Signer

Actual PE Digest

26:76:3e:12:af:5e:c0:1a:50:66:0f:db:d9:98:1b:1e:11:68:17:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\daily_build\svn2\antiarp\trunk\bin\release\supgrade2.pdb

Imports

kernel32

lstrcmpW
GlobalUnlock
RaiseException
GlobalLock
InterlockedIncrement
CopyFileW
GlobalAlloc
GetVersion
GetModuleHandleW
GetPrivateProfileIntW
WriteFile
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
InterlockedDecrement
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapCreate
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetVersionExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
CreateProcessW
ExpandEnvironmentStringsW
LeaveCriticalSection
CreateThread
EnterCriticalSection
SetLastError
GetCurrentThreadId
GetSystemDirectoryW
WideCharToMultiByte
lstrlenW
DeleteCriticalSection
SetEvent
FindFirstFileW
FreeResource
MultiByteToWideChar
GetTickCount
lstrlenA
FlushInstructionCache
InitializeCriticalSection
MulDiv
WaitForSingleObject
ResetEvent
CreateEventW
GetProcAddress
GetModuleFileNameW
GetLastError
CreateMutexW
Sleep
TerminateProcess
FindResourceExW
OpenProcess
Process32NextW
Process32FirstW
LoadResource
CreateToolhelp32Snapshot
LockResource
CloseHandle
SizeofResource
GetCurrentProcess
FindResourceW
RemoveDirectoryW
MoveFileExW
DeleteFileW
FindClose
FindNextFileW
GetCurrentProcessId

user32

DrawTextW
SetCapture
GetParent
DestroyAcceleratorTable
CallWindowProcW
GetClassInfoExW
ReleaseDC
ScreenToClient
SetWindowTextW
GetWindowTextW
OffsetRect
RegisterClassExW
ReleaseCapture
CreateWindowExW
CharLowerBuffA
AnimateWindow
SetCursor
LoadCursorW
GetDC
GetClassNameW
LoadImageW
EndPaint
SystemParametersInfoW
GetKeyState
DispatchMessageW
MessageBoxW
TranslateMessage
GetClientRect
IsWindowEnabled
GetMessageW
BeginPaint
InvalidateRect
IsWindow
GetWindowRect
GetDesktopWindow
CopyRect
PeekMessageW
IsWindowVisible
CharNextW
GetDlgItem
GetMonitorInfoW
InvalidateRgn
ShowWindow
LoadBitmapW
MonitorFromWindow
SetWindowPos
IsChild
SendMessageW
MoveWindow
ClientToScreen
GetFocus
GetDlgCtrlID
EqualRect
GetWindowLongW
EnumChildWindows
SetFocus
SetWindowRgn
GetWindow
DefWindowProcW
DestroyWindow
RegisterWindowMessageW
KillTimer
InflateRect
SetWindowLongW
DrawIconEx
LoadIconW
RedrawWindow
CreateAcceleratorTableW
SetRect
GetWindowTextLengthW
SetTimer
DestroyIcon
PtInRect
GetSysColor
DrawFrameControl
FillRect
UnregisterClassA

gdi32

DeleteObject
LineTo
MoveToEx
OffsetRgn
SetTextColor
CreateCompatibleBitmap
CreateDIBSection
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateSolidBrush
StretchBlt
RoundRect
Rectangle
BitBlt
SelectClipRgn
GetClipRgn
CreateFontIndirectW
CreatePen
DeleteDC
GetStockObject
ExtTextOutW
GetObjectW
CreateCompatibleDC
SelectObject
SetBkColor
SetBkMode
GetDeviceCaps

advapi32

DeleteService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CreateStreamOnHGlobal
OleLockRunning
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoGetClassObject
CoCreateInstance

oleaut32

SysAllocStringLen
SysStringLen
VariantInit
LoadTypeLi
VariantClear
LoadRegTypeLi
SysAllocString
OleCreateFontIndirect
SysStringByteLen
SysFreeString

shlwapi

PathIsDirectoryW
PathFileExistsW
StrToIntA
StrToIntW
PathAppendW
PathRemoveFileSpecW

comctl32

_TrackMouseEvent

msimg32

TransparentBlt

psapi

GetModuleBaseNameW

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32Certificate

Extended Key Usages

Key Usages

69:f3:4e:8e:b8:c3:4e:99:40:c8:66:6a:01:72:95:be:a3:c8:7b:f7Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 52KB

.rsrc Size: 25KB - Virtual size: 25KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

afa8e526425f3585465337467d0b5909

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 741B

.rdata Size: 1024B - Virtual size: 673B

.data Size: 512B - Virtual size: 88B

.reloc Size: 512B - Virtual size: 190B

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

69:f3:4e:8e:b8:c3:4e:99:40:c8:66:6a:01:72:95:be:a3:c8:7b:f7
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 52KB

.rsrc
Size: 25KB - Virtual size: 25KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 100KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 1024B - Virtual size: 741B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 88B

.reloc
Size: 512B - Virtual size: 190B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

13:27:c6:49:f4:1d:2e:2d:8d:89:2f:1e:b1:df:4a:32
Certificate

39:30:8a:ec:43:0c:32:09:02:a7:12:0e:4f:9a:58:ef:77:84:87:65
Signer