2b2c904bb1cbc51c113183f1988480de_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2b2c904bb1cbc51c113183f1988480de_JaffaCakes118
Size

3.2MB
MD5

2b2c904bb1cbc51c113183f1988480de
SHA1

95ae75493bdec5b55b595e221389a620259ff9f4
SHA256

91016984262cedda07af646847e832fc0f961d70c22a0fc79a400f253aae9cd7
SHA512

c8256af0a53ad8b9ca9a5d5e3c46826fc578eb090e3c46cfb5997c5e562f9b5e30619fad589b10e631fe7ebeeed31fd1ab1b8e6cd33bdef76af118b644b45ee5
SSDEEP

98304:0/ZAhwUQTPmjRs4fH6HjCqNVmbvATPiKkAWiHds:OZOUPm1ssvbuPiKzHm

Score

3^/10

Malware Config

Signatures

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
2b2c904bb1cbc51c113183f1988480de_JaffaCakes118
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/Codecs/RealMediaSplitter.ax.new
unpack001/Codecs/asfsplliter.ax.new
unpack001/Codecs/atrc.dll.new
unpack001/Codecs/cook.dll.new
unpack001/Codecs/drvc.dll.new
unpack001/Codecs/raac.dll.new
unpack001/Tip/QvodTips.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Baidu-ASBar.exe	nsis_installer_1
static1/unpack001/Baidu-Toolbar-utf8kb_cb.exe	nsis_installer_1

Files

2b2c904bb1cbc51c113183f1988480de_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
GlobalAlloc
lstrcmpA
lstrlenA
GetModuleHandleA
MulDiv
lstrcpyA
GetACP

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 290B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/QvodInit.exe
.exe windows:4 windows x86 arch:x86

47ca16f9ccfa1108a6da24b0442ee949

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7
Signer

Actual PE Digest

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
MoveFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetSystemTime
GetSystemTime
FlushFileBuffers
GetStringTypeW
GetStringTypeA
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA

user32

FindWindowA
PostMessageA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/io.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/left.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/qvod1.ini
$PLUGINSDIR/qvod2.ini
$PLUGINSDIR/sobar.bmp
$PLUGINSDIR/t5_toolbar.bmp
360Inst-qvod001.exe
.exe windows:4 windows x86 arch:x86

d0ffc56a0ec5bc8e7bdca94f37037f44

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

22-10-2008 00:00

Not After

23-11-2010 23:59

Subject

CN=Qizhi Software (beijing) Co. Ltd,OU=SECURE APPLICATION DEVELOPMENT,O=Qizhi Software (beijing) Co. Ltd,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
lstrcpyW
FlushInstructionCache
GetCurrentProcess
DebugBreak
OutputDebugStringW
lstrlenA
GetLastError
CreateMutexW
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
GetProcAddress
GetModuleHandleW
GetVersionExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ReadFile
GetFileSizeEx
GetPrivateProfileIntW
GetPrivateProfileStringW
GetExitCodeProcess
GetFileSize
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetTickCount
OpenProcess
LoadLibraryW
FreeLibrary
WideCharToMultiByte
GetVersion
MulDiv
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleFileNameW
GetLongPathNameW
GetSystemTimeAsFileTime
GetExitCodeThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
CloseHandle
lstrlenW
InterlockedIncrement
TryEnterCriticalSection
CreateEventA
GetSystemDirectoryA
LocalAlloc
QueryPerformanceCounter
SetEnvironmentVariableA
GetOEMCP
GetACP
GetLocaleInfoW
SetEndOfFile
FindClose
LoadLibraryA
SetStdHandle
IsBadCodePtr
GetStringTypeW
GetTempPathW
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
SetUnhandledExceptionFilter
GetStartupInfoA
GetStdHandle
SetHandleCount
GetCommandLineA
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
UnhandledExceptionFilter
HeapSize
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
RaiseException
ExitProcess
GetStartupInfoW
GetModuleHandleA
IsBadReadPtr
HeapAlloc
HeapReAlloc
HeapFree
RtlUnwind
ExitThread
CreateThread
GetTimeZoneInformation
OpenThread
GetEnvironmentVariableW
SetEnvironmentVariableW
TlsFree
FormatMessageW
GetSystemTime
GetFileType
InterlockedExchange
LocalFree
GetFileTime
FlushFileBuffers
CopyFileW
MoveFileExW
FindFirstFileW
GetFullPathNameW
SetLastError
FindNextFileW
FindResourceW
SizeofResource
LoadResource
CreateFileW
LockResource
WriteFile
ResumeThread
Sleep
GetCurrentProcessId
GetTempFileNameW
RemoveDirectoryW
DeleteFileW
TlsAlloc
TlsGetValue
TlsSetValue
CreateDirectoryW
GetLocalTime
ResetEvent
GetFileAttributesExW
MoveFileW
ReleaseMutex
CreateFileA
GetFileAttributesW
SetFilePointer
SetProcessWorkingSetSize
CreateEventW
WaitForSingleObject
SetEvent
GetStringTypeA
InterlockedDecrement

user32

PostMessageW
GetActiveWindow
DialogBoxParamW
SendMessageW
PeekMessageW
MessageBoxW
SetWindowLongW
wvsprintfW
CharNextW
DestroyWindow
DefWindowProcW
EndDialog
GetMessageW
TranslateMessage
ShowWindow
LoadStringW
UpdateWindow
SetForegroundWindow
DispatchMessageW
BeginPaint
EndPaint
SetCursor
GetSysColor
GetDC
ReleaseDC
GetWindowTextW
InflateRect
GetScrollInfo
MoveWindow
GetScrollRange
GetScrollPos
SetScrollPos
SetFocus
SetScrollInfo
ShowScrollBar
GetCursorPos
ScreenToClient
DrawTextW
GetSystemMenu
EnableMenuItem
DestroyMenu
BringWindowToTop
LoadIconW
IsIconic
PostQuitMessage
IsDialogMessageW
IsWindow
KillTimer
SetTimer
CreateWindowExW
CallWindowProcW
IsWindowVisible
InvalidateRect
RedrawWindow
GetClassInfoExW
LoadCursorW
wsprintfW
RegisterClassExW
ExitWindowsEx
EnableWindow
OffsetRect
GetDlgItem
PtInRect
CopyRect
CharLowerW
SetDlgItemTextW
CharUpperW
GetSystemMetrics
LoadImageW
SetWindowTextW
GetParent
GetWindowLongW
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos

gdi32

BitBlt
GetDeviceCaps
SetBkColor
ExtTextOutW
CreateCompatibleDC
DeleteDC
SetBkMode
SelectObject
SetTextColor
CreateFontIndirectW
DeleteObject
CreateCompatibleBitmap

advapi32

RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegQueryValueExW
RegOpenKeyW

shell32

SHBrowseForFolderW
SHGetSpecialFolderPathW
Shell_NotifyIconW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
ord165
SHCreateDirectoryExW

ole32

CoTaskMemFree
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
CLSIDFromString
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
OleLoadPicture
VariantClear
SysAllocString

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathCombineW
SHGetValueW
PathFindFileNameW
PathIsRootW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoW
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA

comctl32

InitCommonControlsEx

msimg32

TransparentBlt

ws2_32

inet_ntoa
gethostname
gethostbyname
closesocket
select
recvfrom
inet_addr
sendto
WSAGetLastError
ioctlsocket
setsockopt
htonl
accept
htons
bind
listen
WSAStartup
WSACloseEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSACreateEvent
__WSAFDIsSet
socket
ntohl
ntohs
send
connect
recv
WSAEventSelect
WSACleanup

setupapi

SetupIterateCabinetW

psapi

GetModuleFileNameExW
EnumProcessModules

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Baidu-ASBar.exe
.exe windows:4 windows x86 arch:x86

73b73e00f465fa1a2a3bf6377a40219b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/AddressBar/AddressBar_Tmp/AddressBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f26310f763adac58c38a743c8545c7b7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

shlwapi

StrCmpNW
StrCpyNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
SHDeleteKeyW
SHDeleteValueW
PathFileExistsW
StrStrIW
StrDupW
SHGetValueW
SHSetValueW

winmm

timeGetTime

iphlpapi

GetNetworkParams
GetAdaptersInfo

wininet

InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetStatusCallbackW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetCrackUrlW
GetUrlCacheEntryInfoW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmGetCompositionStringW
ImmGetDefaultIMEWnd
ImmGetContext
ImmGetCompositionWindow
ImmGetOpenStatus
ImmReleaseContext

kernel32

GetCurrentDirectoryA
GetConsoleMode
GetConsoleCP
LCMapStringA
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
lstrlenA
GlobalUnlock
GlobalLock
DebugBreak
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
LCMapStringW
CreateDirectoryW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
TryEnterCriticalSection
GetLocalTime
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
MoveFileExW
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
RemoveDirectoryW
FindNextFileW
FindClose
FindFirstFileW
VirtualProtect
VirtualQuery
GetFileInformationByHandle
TerminateThread
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FreeResource
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
CreateThread
FileTimeToLocalFileTime
GetStringTypeW
GetDriveTypeW
GetDriveTypeA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
GetTimeZoneInformation
GetLocaleInfoA
SetStdHandle
WriteConsoleA
ExitThread
IsDebuggerPresent
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnhandledExceptionFilter
CopyFileW
SetUnhandledExceptionFilter

user32

CharUpperBuffW
CharUpperW
LoadImageW
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
KillTimer
SetTimer
GetWindowLongA
RemovePropW
SetPropW
IsWindowUnicode
SetWindowLongA
GetPropW
CallWindowProcA
GetWindow
MapWindowPoints
SetWindowPos
MessageBoxW
GetDlgItem
EndDialog
SetFocus
GetActiveWindow
DialogBoxParamW
CharLowerW
FindWindowW
SetWindowTextW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetCursorPos
IsWindowVisible
GetDesktopWindow
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ReleaseCapture
OffsetRect
ScreenToClient
SetCursor
SetCapture
BeginPaint
ShowWindow
PostMessageW
GetClientRect
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
CallWindowProcW
SetWindowLongW
CharNextW
LoadIconW
GetSysColor
LoadStringW
InflateRect
CopyRect
DrawTextW
DrawFocusRect
SendMessageW
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
DrawIconEx
SetScrollPos
SetRect
GetSystemMetrics
RegisterClassW
DestroyIcon
MonitorFromRect
GetMonitorInfoW
GetScrollInfo
SetScrollInfo
ShowScrollBar
MoveWindow
GetWindowDC
UpdateLayeredWindow
EnumChildWindows
PeekMessageW
UnregisterClassA
GetWindowLongW

gdi32

DeleteDC
GetTextExtentPoint32W
CreateFontIndirectW
GetPixel
SelectObject
DeleteObject
SetBkColor
ExtTextOutW
SetTextColor
TextOutW
SetBkMode
GetDIBits
CreateDIBSection
CreateCompatibleBitmap
GetTextExtentPointW
BitBlt
CreateFontW
MoveToEx
LineTo
CreatePen
CreateCompatibleDC
GetCurrentObject
GetObjectW
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCreateKeyW
CryptEncrypt
RegOpenKeyW
RegQueryValueExW
CryptDestroyKey

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
ExtractIconW
ShellExecuteExW
DragQueryFileA
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
SysAllocStringLen
SysFreeString
VariantClear
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
SysStringLen
VariantInit

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 662KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Baidu-Toolbar-utf8kb_cb.exe
.exe windows:4 windows x86 arch:x86

73b73e00f465fa1a2a3bf6377a40219b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
GetCurrentProcess
CopyFileA
ExitProcess
lstrcpynA
CloseHandle
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpiA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
MulDiv
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCommandLineA

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
LoadCursorA
SetCursor
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfA
SendMessageTimeoutA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
FindWindowExA

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 32KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAM_FILES/Baidu/Toolbar/BaiduBarX_Tmp/BaiduBarX.dll
.dll regsvr32 windows:4 windows x86 arch:x86

78760b90e51e152ef6c8a33a5e909edc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31-07-2009 00:00

Not After

30-07-2012 23:59

Subject

CN=Baidu Online Network Technology (Beijing) Co.\, Ltd.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Baidu Online Network Technology (Beijing) Co.\, Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\zhonghua_169623_win32\app\gensoft\bar\toolbar\chinese_unicode_release\BaiduBarX.pdb

Imports

setupapi

SetupIterateCabinetW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmReleaseContext
ImmGetContext
ImmGetCompositionStringW

shlwapi

PathFindFileNameW
SHDeleteKeyW
SHSetValueW
SHGetValueW
PathRemoveExtensionW
PathFileExistsW
SHDeleteValueW
UrlCombineW
StrCpyW
PathIsDirectoryA
PathRemoveFileSpecA
StrCmpIW
StrStrIW
UrlUnescapeA
StrRetToStrW
StrRetToStrA
UrlEscapeW
UrlCanonicalizeW
SHCopyKeyW
UrlUnescapeW
PathIsDirectoryW
PathRemoveFileSpecW

wininet

InternetQueryDataAvailable
InternetQueryOptionW
InternetCrackUrlW
FindFirstUrlCacheGroup
DeleteUrlCacheGroup
FindNextUrlCacheGroup
FindCloseUrlCache
FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
InternetOpenUrlW
InternetGetCookieW
HttpSendRequestExW
HttpEndRequestW
InternetGetConnectedState
InternetOpenA
InternetSetCookieW
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
DeleteUrlCacheEntryW
HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
GetUrlCacheEntryInfoW
InternetCanonicalizeUrlW
InternetSetOptionA

urlmon

URLDownloadToFileW
CoInternetGetSession

rpcrt4

UuidCreate

iphlpapi

GetNetworkParams
GetAdaptersInfo

ws2_32

gethostbyname
gethostname

kernel32

VirtualAlloc
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
FlushInstructionCache
GetCurrentProcess
InterlockedDecrement
lstrlenW
lstrlenA
DebugBreak
OutputDebugStringW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetCurrentThreadId
InterlockedIncrement
CreateProcessW
WideCharToMultiByte
CreateDirectoryW
GetTempPathW
CreateFileW
CloseHandle
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
FreeLibrary
lstrcmpiW
TryEnterCriticalSection
LoadLibraryExW
MultiByteToWideChar
DisableThreadLibraryCalls
ReleaseMutex
DeleteFileW
GetTempFileNameW
WaitForSingleObject
GetSystemTimeAsFileTime
CreateThread
GetVersionExW
LoadLibraryA
CopyFileW
DeviceIoControl
GetSystemDirectoryW
ResumeThread
SetThreadPriority
GetPrivateProfileStringW
GetTickCount
GetACP
CompareStringW
GetCurrentProcessId
GlobalUnlock
GlobalLock
GlobalAlloc
FindClose
FindNextFileW
FindFirstFileW
TerminateThread
GetExitCodeThread
OpenMutexW
GetFullPathNameW
GlobalFree
MulDiv
RemoveDirectoryW
Sleep
ReadFile
GetFileSize
Thread32Next
SuspendThread
OpenThread
Thread32First
VirtualFree
UnmapViewOfFile
SetUnhandledExceptionFilter
MapViewOfFile
CreateFileMappingW
TerminateProcess
OpenProcess
SwitchToThread
GetCommandLineW
ExpandEnvironmentStringsW
GetPrivateProfileIntW
WritePrivateProfileStringW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFileAttributesW
lstrcmpW
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableW
GlobalSize
MoveFileExW
SetErrorMode
GetShortPathNameW
InterlockedExchange
Process32NextW
Process32FirstW
ReadProcessMemory
SetFilePointer
lstrcatW
lstrcpyW
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetFileAttributesA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
GetStdHandle
GetModuleFileNameA
FatalAppExitA
HeapDestroy
HeapCreate
HeapSize
ExitProcess
GetConsoleCP
GetConsoleMode
GetCurrentDirectoryA
SetCurrentDirectoryA
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEndOfFile
GetDriveTypeA
GetFullPathNameA
CompareStringA
IsProcessorFeaturePresent
InterlockedCompareExchange
CreateToolhelp32Snapshot
GetVersionExA
SetEnvironmentVariableA
CreateMutexW

user32

GetSysColorBrush
SetScrollPos
SetScrollInfo
GetScrollInfo
SetWindowRgn
GetMenuItemRect
RemovePropW
GetPropW
SetPropW
GetForegroundWindow
SetWindowLongA
IsWindowUnicode
GetWindowLongA
SetMenuItemInfoW
DrawStateW
TrackPopupMenuEx
ModifyMenuW
MessageBeep
FrameRect
GetMessagePos
GetSystemMetrics
LoadBitmapW
PeekMessageW
GetSubMenu
MonitorFromRect
CharLowerBuffA
AttachThreadInput
SetForegroundWindow
WaitForInputIdle
CreateIconFromResourceEx
CharNextA
EqualRect
SetActiveWindow
SetClassLongW
ScrollWindow
EmptyClipboard
SetClipboardData
CloseClipboard
CharUpperW
CreateMenu
InsertMenuW
TrackPopupMenu
MonitorFromPoint
RemoveMenu
AppendMenuW
CreatePopupMenu
CopyRect
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetCapture
ReleaseCapture
GetSysColor
SetCursor
GetDlgCtrlID
SetFocus
SetCapture
IsWindowEnabled
UpdateWindow
DrawFocusRect
SetRectEmpty
InsertMenuItemW
EnableWindow
RedrawWindow
GetWindowTextLengthW
DrawTextW
DestroyIcon
FindWindowW
CharLowerBuffW
ScreenToClient
AdjustWindowRectEx
GetCursorPos
GetWindowThreadProcessId
GetGUIThreadInfo
GetClassNameW
PtInRect
MessageBoxW
MoveWindow
FillRect
GetFocus
ReleaseDC
TranslateMessage
DispatchMessageW
InvalidateRect
GetWindowTextW
GetActiveWindow
LoadIconW
IsWindowVisible
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SendMessageW
DialogBoxParamW
DestroyMenu
IsMenu
GetKeyState
CharLowerW
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
LoadCursorW
KillTimer
GetMenuItemInfoW
GetMenuItemCount
EnableMenuItem
SetRect
CharUpperBuffW
DrawIconEx
GetMessageW
IsIconic
PostThreadMessageW
FindWindowExW
GetClassLongW
GetClassLongA
CallWindowProcA
UnregisterClassA
EnumChildWindows
WindowFromPoint
InflateRect
SendMessageA
GetUpdateRect
ClientToScreen
DeleteMenu
GetTopWindow
MenuItemFromPoint
GetMenuItemID
RegisterWindowMessageW
IsRectEmpty
GetDlgItemTextW
AdjustWindowRect
GetWindowDC
CreateDialogParamW
SetDlgItemTextW
SetTimer
PostMessageW
CharNextW
EndPaint
BeginPaint
DefWindowProcW
LoadStringW
SetWindowPos
IsWindow
GetDlgItem
ShowWindow
GetDC
SetWindowTextW
GetWindowLongW
SetWindowLongW
CallWindowProcW
EndDialog
EnumWindows
IsChild
IsDialogMessageW
LoadImageW
OffsetRect
OpenClipboard
GetMonitorInfoW

gdi32

PatBlt
GetTextColor
Rectangle
CreateRoundRectRgn
GetObjectW
CreatePen
LineTo
MoveToEx
SelectObject
CreateRectRgn
CreateBitmap
ExcludeClipRect
GetDeviceCaps
DPtoLP
BitBlt
GetClipBox
CreateCompatibleBitmap
SetViewportOrgEx
CreateCompatibleDC
ExtTextOutW
RestoreDC
SaveDC
GetCurrentObject
CreateSolidBrush
CreateFontIndirectW
GetTextExtentPoint32W
FillRgn
TextOutW
GetPixel
SetTextColor
DeleteDC
SetBkMode
SetBkColor
GetStockObject
DeleteObject

advapi32

SetTokenInformation
GetSecurityDescriptorSacl
SetSecurityInfo
EqualSid
GetUserNameW
RegSetKeySecurity
RegEnumKeyW
AllocateAndInitializeSid
InitializeAcl
AddAce
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegQueryValueExW
RegEnumValueW
CreateProcessAsUserW
GetLengthSid
ConvertStringSidToSidW
DuplicateTokenEx
OpenProcessToken
RegOpenKeyW
RegCreateKeyW
CopySid
GetTokenInformation
RegGetKeySecurity
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ShellExecuteW
ExtractIconW
DuplicateIcon
SHGetSpecialFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetMalloc
SHGetFileInfoW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetFolderPathW
DragQueryFileA

ole32

OleInitialize
OleUninitialize
GetHGlobalFromStream
CreateStreamOnHGlobal
OleDraw
RegisterDragDrop
CLSIDFromProgID
RevokeDragDrop
CoCreateGuid
CoInitialize
CoUninitialize
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
ReleaseStgMedium

oleaut32

VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
SysFreeString
SysAllocStringLen
VarBstrCmp
VariantCopy
VarBstrCat
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
LoadRegTypeLi
SetErrorInfo
SysStringLen
VariantChangeType
GetErrorInfo
CreateErrorInfo

msimg32

AlphaBlend

Exports

Exports

ClearDefSearch
ClearHomePage
CloseIEUpdate
DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
RunOnceRemove
RunOnceUpdate
SVCUninstall
SetDefSearch
SetHomePageToBaidu
Uninstall
UpdateBaiduToolbar
UpdateBaiduToolbarWithUI

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 276KB - Virtual size: 275KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Shared
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 622KB - Virtual size: 621KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/ColorFilter.ax.new
.dll regsvr32 windows:4 windows x86 arch:x86

d6358db2b2f2325d29c23c3433a0656f

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

59:35:f8:c6:6b:8f:ff:73:21:78:55:34:38:c4:3d:7f:45:58:10:6f
Signer

Actual PE Digest

59:35:f8:c6:6b:8f:ff:73:21:78:55:34:38:c4:3d:7f:45:58:10:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

__dllonexit
_adjust_fdiv
malloc
_initterm
??3@YAXPAX@Z
free
__CxxFrameHandler
wcslen
sscanf
strncmp
strncpy
_filelength
_read
_purecall
_open
_close
_CIpow
atoi
sprintf
strstr
fflush
fwrite
fclose
fopen
fseek
_ftol
??2@YAPAXI@Z
_onexit

winmm

timeSetEvent
timeGetTime

kernel32

GetCurrentThread
GetThreadPriority
SetThreadPriority
GetModuleHandleA
CreateThread
InterlockedExchange
SetErrorMode
lstrcmpiA
CreateEventA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetACP
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
SystemTimeToTzSpecificLocalTime
GetSystemTime
InterlockedIncrement
InterlockedDecrement
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
GetSystemInfo
VirtualAlloc
VirtualFree
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
GetTickCount

advapi32

RegOpenKeyExA
RegCreateKeyA
RegSetValueA
RegDeleteKeyA
RegCloseKey
RegEnumKeyExA
RegSetValueExA

user32

ShowWindow
DestroyWindow
DefWindowProcA
PeekMessageA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
RegisterWindowMessageA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
InvalidateRect
SetWindowLongA
GetWindowLongA
wsprintfA
DrawTextA
SetDlgItemInt
CheckRadioButton
GetParent
CreateWindowExA
GetDlgItem
SendMessageA
SetDlgItemTextA
GetDlgItemTextA
MoveWindow
GetDesktopWindow
CreateDialogParamA

gdi32

ExtTextOutA
SelectObject
GetTextExtentPoint32A
SetBkColor
SetTextColor
CreateDIBitmap
GetDIBits
CreateCompatibleDC
CreateFontIndirectA
DeleteObject
DeleteDC

comctl32

ord16
ord17

ole32

CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

comdlg32

GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/RealMediaSplitter.ax.new
.dll regsvr32 windows:4 windows x86 arch:x86

092c362fafa1e9277558c0e5612fdfba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\vcexample\guliverkli\guliverkli\trunk\guliverkli\src\filters\parser\realmediasplitter\Release\RealMediaSplitter.pdb

Imports

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameA
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
lstrcatA
SetErrorMode
GlobalFlags
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
GetCPInfo
GetOEMCP
RtlUnwind
VirtualQuery
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
TerminateProcess
SetStdHandle
GetFileType
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
FileTimeToLocalFileTime
FileTimeToSystemTime
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
DeleteFileA
Sleep
CreateFileA
GetVolumeInformationA
FindFirstFileA
FindClose
CreateThread
GetTickCount
GetCurrentThread
SetThreadPriority
GetModuleHandleA
VirtualAlloc
CreateSemaphoreA
GetCurrentThreadId
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
CloseHandle
InterlockedDecrement
InterlockedIncrement
DisableThreadLibraryCalls
RaiseException
LoadResource
LockResource
SizeofResource
FindResourceA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualProtect

user32

DestroyMenu
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
GetClassNameA
GetSystemMetrics
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
WinHelpA
EnableWindow
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
SetRect
DispatchMessageA
RegisterWindowMessageA
PeekMessageA
wsprintfA
UnregisterClassA
CharUpperA
SetWindowTextA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegQueryValueExA
RegDeleteKeyA
RegEnumKeyExA
RegSetValueExA
RegSetValueA
RegCreateKeyA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyExA
RegEnumKeyA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA
PathAddBackslashA
PathIsUNCA
PathStripToRootA

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString

oleaut32

VariantInit
VariantChangeType
SysAllocString
SysFreeString
VariantClear
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/asfsplliter.ax.new
.dll regsvr32 windows:4 windows x86 arch:x86

61540ae4d5f1fe29babe6b430f77a241

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wmvcore

WMCreateReader

advapi32

RegCloseKey
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyExA

user32

wsprintfA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
CoFreeUnusedLibraries
StringFromGUID2
CoUninitialize

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

msvcrt

free
??1type_info@@UAE@XZ
_CxxThrowException
_ftol
__CxxFrameHandler
??2@YAPAXI@Z
_adjust_fdiv
malloc
_initterm

kernel32

DisableThreadLibraryCalls
LocalFree
GetModuleFileNameA
lstrlenA
GetVersionExA
GetLastError
SetThreadPriority
MultiByteToWideChar
GetModuleHandleA
GetProcAddress
CreateThread
FreeLibrary
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
InterlockedIncrement
SetEvent
EnterCriticalSection
ResetEvent
LeaveCriticalSection
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
CloseHandle

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/atrc.dll.new
.dll windows:4 windows x86 arch:x86

5132cde9ac8899a69f40dfaacc320c4d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_ftol
??3@YAXPAX@Z
memmove
calloc
free
malloc
_CIpow
floor
??2@YAPAXI@Z
_assert
_except_handler3
_purecall
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/cook.dll.new
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/drvc.dll.new
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Codecs/f4v.swf.new
Codecs/raac.dll.new
.dll windows:4 windows x86 arch:x86

2569b16af6a5e82c06ef6aed87f5e148

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

??2@YAPAXI@Z
memmove
_CxxThrowException
calloc
free
malloc
exp
fputs
printf
pow
??3@YAXPAX@Z
__CxxFrameHandler
strncpy
log10
atan
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
?terminate@@YAXXZ
_iob
log
_purecall
_except_handler3

kernel32

DisableThreadLibraryCalls
IsBadReadPtr

Exports

Exports

RACloseCodec
RACreateDecoderInstance
RACreateEncoderInstance
RADecode
RAFlush
RAFreeDecoder
RAGetBackend
RAGetFlavorProperty
RAGetGUID
RAInitDecoder
RAOpenCodec2
RASetComMode

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NetAgent.dll.new
.dll windows:4 windows x86 arch:x86

f618d4cb4d41a461355f2eab6ae077ff

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92
Signer

Actual PE Digest

10:0a:b5:d6:6a:3b:83:25:44:3d:1c:58:79:b2:91:65:cf:37:18:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
closesocket
WSACloseEvent
recv
WSAGetLastError
send
socket
WSACreateEvent
connect
WSAEventSelect
htons
gethostbyname

kernel32

GetStdHandle
LCMapStringW
LCMapStringA
CreateEventA
WaitForSingleObject
SetEvent
RtlUnwind
GetLastError
MoveFileW
DeleteFileW
CreateDirectoryW
CloseHandle
GetFileType
CreateFileW
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
HeapFree
RaiseException
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
EnterCriticalSection
LeaveCriticalSection
FlushFileBuffers
WriteFile
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
SetFilePointer
HeapAlloc
SetStdHandle
SetHandleCount
GetStartupInfoA
SetEndOfFile
ReadFile
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA

Exports

Exports

CreateAndRunAgent
GetDownloadLen
GetFileLen
Seek
Terminate

Sections

.text
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodBand.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0e32a3b828b41920c248142fcbc590d3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8
Signer

Actual PE Digest

02:c7:4f:c2:b1:d8:13:17:21:31:17:2e:f8:ad:32:ff:12:0b:61:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetModuleFileNameA
CreateProcessA
GetTickCount
GetFileAttributesA
CloseHandle
Sleep
FlushFileBuffers
SetStdHandle
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
RaiseException
HeapAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA

user32

LoadStringA
InsertMenuItemA
LoadImageA
FindWindowA
SendMessageA

gdi32

DeleteObject

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

DragQueryFileA

ole32

CoTaskMemFree
StringFromIID
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodInit.exe
.exe windows:4 windows x86 arch:x86

47ca16f9ccfa1108a6da24b0442ee949

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7
Signer

Actual PE Digest

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessA
GetTickCount
MoveFileA
DeleteFileA
GetFileAttributesA
GetModuleHandleA
TerminateProcess
GetTempPathA
CopyFileA
GetLogicalDriveStringsA
SetSystemTime
GetSystemTime
FlushFileBuffers
GetStringTypeW
GetStringTypeA
CreateToolhelp32Snapshot
Process32First
OpenProcess
CloseHandle
Process32Next
GetDiskFreeSpaceExA
GetModuleFileNameA
Sleep
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetTempFileNameA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetLastError
RtlUnwind
GetFileType
CreateFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
SetFilePointer
ReadFile
SetStdHandle
SetHandleCount
GetStdHandle
SetEndOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA

user32

FindWindowA
PostMessageA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
DeleteService
CreateServiceA
ChangeServiceConfig2A
StartServiceA
QueryServiceStatus
CloseServiceHandle
OpenSCManagerA
OpenServiceA
ControlService

shell32

SHChangeNotify

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodInsert.dll.new
.dll regsvr32 windows:4 windows x86 arch:x86

512da446183fb702675cbe4761220c96

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

92:08:70:14:a9:3e:de:b2:9b:e4:6d:fe:d4:8d:38:4b:a3:79:3a:7f
Signer

Actual PE Digest

92:08:70:14:a9:3e:de:b2:9b:e4:6d:fe:d4:8d:38:4b:a3:79:3a:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
HeapDestroy
lstrcpyW
lstrcatW
LocalFree
SetEnvironmentVariableA
GetLocaleInfoW
SetConsoleCtrlHandler
SetEndOfFile
LoadLibraryA
GetOEMCP
GetACP
CreateFileW
IsBadCodePtr
IsBadReadPtr
CreateFileA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
FlushFileBuffers
GetModuleHandleW
LCMapStringW
LCMapStringA
CompareStringW
CompareStringA
UnhandledExceptionFilter
GetModuleHandleA
HeapSize
TerminateProcess
SetLastError
TlsFree
TlsAlloc
SetFilePointer
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ReadFile
FatalAppExitA
ExitProcess
RaiseException
GetVersion
GetCommandLineA
HeapAlloc
HeapReAlloc
HeapFree
GetTimeZoneInformation
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
RtlUnwind
GetCurrentThread
GetThreadPriority
SetThreadPriority
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
DuplicateHandle
GetShortPathNameW
GetSystemDirectoryW
GetDiskFreeSpaceExW
GetLocalTime
GetSystemDefaultLangID
OpenMutexW
OpenSemaphoreW
GetSystemTime
CreateProcessW
GetFileAttributesW
CreateDirectoryW
SetEnvironmentVariableW
CopyFileW
GetTickCount
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
DeleteFileW
FindNextFileW
GetLastError
WaitForSingleObject
ResetEvent
FindFirstFileW
FindClose
Sleep
DeleteCriticalSection
CloseHandle
CreateEventW
SetEvent
InitializeCriticalSection
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
OutputDebugStringW
DebugBreak
InterlockedIncrement
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryW
GetVersionExW
GetProcAddress
InterlockedDecrement
lstrlenW
GetUserDefaultLangID
WriteFile

user32

LoadStringW
GetClientRect
FillRect
GetDC
ReleaseDC
SendMessageW
IsWindow
SetCapture
CharNextW
SetWindowPos
CreateWindowExW
DefWindowProcW
SetWindowLongW
GetWindowLongW
CallWindowProcW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
ReleaseCapture
wvsprintfW
GetActiveWindow
DrawTextW
DialogBoxParamW
ClientToScreen
FindWindowW
CreateMenu
GetSubMenu
CharLowerW
UnionRect
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
GetQueueStatus
DispatchMessageW
DestroyWindow
SetTimer
SetRectEmpty
MoveWindow
InvalidateRect
ShowWindow
FindWindowExW
PostMessageW
SetWindowTextW
BringWindowToTop
ShowCursor
GetDesktopWindow
GetCursorPos
ScreenToClient
PtInRect
GetWindowRect
SetSysColors
GetSysColor
EnumChildWindows
LoadImageW
GetClassNameW
LoadBitmapW
GetParent
GetKeyState
MessageBoxW
SetDlgItemInt
GetDlgItemTextW
CheckRadioButton
SetDlgItemTextW
GetDlgCtrlID
EndDialog
CopyRect
SetRect
GetSystemMetrics
SystemParametersInfoW
SetParent
EnumDisplayDevicesW
EnumDisplaySettingsW
RegisterHotKey
UnregisterHotKey
KillTimer
TrackPopupMenu
EnableWindow
CreateDialogParamW
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
GetDlgItem
InvalidateRgn
CreateAcceleratorTableW
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
wsprintfW
GetWindowTextLengthW
GetWindowTextW
GetWindow
RegisterWindowMessageW
GetClassInfoExW
RegisterClassExW
SetCursor
LoadCursorW

gdi32

TextOutW
GetStockObject
GetDeviceCaps
GetObjectW
StretchBlt
CreateCompatibleBitmap
CreateCompatibleDC
SetTextAlign
CreateSolidBrush
BitBlt
DeleteDC
CreateFontIndirectW
DeleteObject
SetDIBits
CreatePatternBrush
Rectangle
SetBkMode
GetDIBits
SetTextColor
StretchDIBits
SetStretchBltMode
CreateDIBSection
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
SetWindowExtEx
SelectObject
CreateDCW
CreateMetaFileW

comdlg32

ChooseColorW
GetOpenFileNameW
ChooseFontA
GetSaveFileNameW

advapi32

RegQueryInfoKeyW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegCreateKeyW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW

ole32

CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemRealloc
CoInitializeEx
OleLockRunning
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance
OleRegGetMiscStatus
WriteClassStm
CoUninitialize
CoFreeUnusedLibraries
OleSaveToStream
CreateDataAdviseHolder
OleLoadFromStream

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
VariantChangeType
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
SysStringLen
LoadRegTypeLi
OleCreatePropertyFrame
SysStringByteLen
SysAllocStringByteLen
VariantInit
SafeArrayCreate
SafeArrayPutElement
VariantCopy
VariantClear
SysAllocString
SysFreeString

ws2_32

WSAStartup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
htonl
connect
recv
inet_addr
htons
send
WSAEventSelect
setsockopt
closesocket
socket
WSAGetLastError
ntohs
ntohl
gethostbyname
inet_ntoa

winmm

timeGetTime
timeSetEvent

quartz

AMGetErrorTextW

comctl32

ImageList_LoadImageW
_TrackMouseEvent
InitCommonControlsEx
ImageList_Destroy
ord16

msimg32

AlphaBlend
TransparentBlt

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QvodPlayer.exe
.exe windows:4 windows x86 arch:x86

355dee5b1674aca2dd7968a22943adc3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:d6:b9:d7:db:f0:58:02:7e:20:8d:f1:89:a0:4c:fe:45:6a:34:5b
Signer

Actual PE Digest

5f:d6:b9:d7:db:f0:58:02:7e:20:8d:f1:89:a0:4c:fe:45:6a:34:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstChangeNotificationW
GlobalSize
CreateProcessW
OpenSemaphoreW
GetDiskFreeSpaceExW
SystemTimeToTzSpecificLocalTime
RemoveDirectoryW
FileTimeToSystemTime
GetWindowsDirectoryA
CompareFileTime
SystemTimeToFileTime
MoveFileW
GetTickCount
GetTempPathW
CreateMutexW
OpenMutexW
HeapDestroy
LocalFree
SetEnvironmentVariableA
GetOEMCP
GetACP
LoadLibraryA
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
FlushFileBuffers
SetEndOfFile
GetStartupInfoA
GetStdHandle
SetHandleCount
FindNextChangeNotification
CompareStringW
CompareStringA
IsBadWritePtr
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
LCMapStringW
LCMapStringA
SetFilePointer
ReadFile
UnhandledExceptionFilter
HeapSize
TerminateProcess
WriteFile
SetLastError
TlsAlloc
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapReAlloc
CreateFileA
GetFileType
GetFileAttributesA
ExitThread
TlsGetValue
TlsSetValue
ResumeThread
GetTimeZoneInformation
RtlUnwind
CreateThread
InterlockedExchange
VirtualFree
VirtualAlloc
GetSystemInfo
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
FindCloseChangeNotification
GetLocaleInfoW
GetLogicalDriveStringsW
GetModuleHandleW
GetDriveTypeW
GetVolumeInformationW
SetSystemPowerState
SetThreadExecutionState
lstrcpynA
lstrcpynW
SetEnvironmentVariableW
GetSystemDirectoryW
CopyFileW
GetSystemTime
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
CreateFileW
DeviceIoControl
GetProcessHeap
HeapAlloc
HeapFree
lstrcpyW
lstrcmpW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
WaitForSingleObject
ResetEvent
Sleep
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetLastError
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindFirstFileW
GetFileAttributesW
FindNextFileW
FindClose
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetModuleFileNameW
CreateDirectoryW
SetFileAttributesW
GetLocalTime
DeleteFileW
InterlockedIncrement
GetUserDefaultLangID
lstrlenW
GetProcAddress
InterlockedDecrement
GetVersionExW
FreeLibrary
LoadLibraryW
SetStdHandle
RaiseException

user32

GetDlgCtrlID
CheckRadioButton
SetDlgItemTextW
GetDlgItemTextW
EndDialog
DialogBoxParamW
ClientToScreen
EnumDisplayDevicesW
EnumDisplaySettingsW
SetParent
GetMenuItemInfoW
SetMenuItemInfoW
DeleteMenu
EnableWindow
ExitWindowsEx
SetDlgItemInt
GetActiveWindow
DrawTextW
IsMenu
CloseClipboard
GetClipboardData
OpenClipboard
GetDlgItemInt
GetDlgItemTextA
OffsetRect
UpdateWindow
SetForegroundWindow
MoveWindow
ShowWindow
PostMessageW
DestroyAcceleratorTable
CallNextHookEx
GetWindowRect
GetDesktopWindow
MessageBoxW
LoadStringW
CharNextW
CopyAcceleratorTableW
LoadAcceleratorsW
CreateMenu
MessageBeep
PeekMessageW
RemoveMenu
WindowFromPoint
GetKeyState
DestroyIcon
UnionRect
DispatchMessageW
TranslateMessage
GetMessageW
GetScrollInfo
GetMenuStringW
ModifyMenuW
GetMenuItemID
DefWindowProcW
GetClientRect
ReleaseDC
FillRect
GetDC
SendMessageW
wsprintfW
IsWindow
SetCapture
ReleaseCapture
SetWindowPos
CreateWindowExW
SetWindowLongW
GetWindowLongW
CallWindowProcW
DestroyWindow
SetRectEmpty
LoadCursorW
SetTimer
RegisterClassExW
GetClassInfoExW
InvalidateRect
FindWindowExW
ShowCursor
CharLowerW
LoadMenuW
SetRect
RegisterWindowMessageW
GetWindow
GetSystemMetrics
GetSystemMenu
TrackPopupMenu
SystemParametersInfoW
CopyRect
IsZoomed
IsIconic
UnregisterHotKey
FindWindowW
LoadIconW
CheckMenuItem
CheckMenuRadioItem
EnableMenuItem
CreateDialogParamW
GetSubMenu
RegisterHotKey
TranslateAcceleratorW
UnhookWindowsHookEx
SetWindowsHookExW
CreateAcceleratorTableW
SetWindowTextW
GetWindowTextW
GetKeyboardState
MapWindowPoints
TrackPopupMenuEx
IsWindowVisible
PostQuitMessage
LoadStringA
CreatePopupMenu
AppendMenuW
DestroyMenu
GetMenuItemCount
InsertMenuW
InvalidateRgn
RedrawWindow
GetFocus
IsChild
SetFocus
BeginPaint
EndPaint
GetDlgItem
SetWindowRgn
LoadBitmapW
GetClassNameW
LoadImageW
EnumChildWindows
GetSysColor
SetSysColors
GetParent
SetCursor
GetCursorPos
ScreenToClient
PtInRect
BringWindowToTop
KillTimer
GetWindowTextLengthW

gdi32

SetViewportOrgEx
Rectangle
CreatePatternBrush
GetTextExtentPoint32W
SetDIBits
SetBkColor
ExtTextOutW
GetCurrentObject
GetPixel
CreatePen
MoveToEx
LineTo
CreateDIBSection
SetStretchBltMode
StretchDIBits
SetTextColor
GetDIBits
SetBkMode
CreateFontIndirectW
GetStockObject
GetDeviceCaps
CreateRectRgn
CombineRgn
GetObjectW
StretchBlt
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
BitBlt
DeleteDC
RoundRect
CreateCompatibleDC
DeleteObject

comdlg32

ChooseColorW
ChooseFontA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW

shell32

SHFileOperationW
Shell_NotifyIconW
SHChangeNotify
SHAppBarMessage
ExtractIconW
DragFinish
DragAcceptFiles
ShellExecuteW
SHBrowseForFolderW
DragQueryFileW
SHGetPathFromIDListW

ole32

CLSIDFromProgID
CoTaskMemFree
OleUninitialize
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
StringFromCLSID
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
CoFreeUnusedLibraries
CoUninitialize
CoInitializeSecurity
OleInitialize

oleaut32

SysFreeString
OleCreateFontIndirect
SysAllocStringLen
DispCallFunc
LoadRegTypeLi
SysStringLen
OleCreatePropertyFrame
VariantInit
VariantCopy
VariantClear
SysAllocString
GetErrorInfo

ws2_32

gethostbyname
inet_ntoa
ntohl
WSACleanup
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
WSAEventSelect
gethostname
htonl
inet_addr
htons
recv
send
WSAGetLastError
socket
setsockopt
connect
closesocket
ntohs
WSAStartup

winmm

mciSendStringW
timeGetTime

quartz

AMGetErrorTextW

iphlpapi

GetAdaptersInfo

comctl32

_TrackMouseEvent
ord16
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_DragMove
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_BeginDrag
ImageList_LoadImageW
InitCommonControlsEx

msimg32

AlphaBlend
TransparentBlt

urlmon

CoInternetGetSession

Sections

.text
Size: 996KB - Virtual size: 992KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
QvodTerminal.exe
.exe windows:4 windows x86 arch:x86

ab3720bea80ad42dc7af1b82fad3592a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ae:bb:f2:fa:ef:51:1d:a4:f8:d2:3b:57:77:0e:66:e0:50:61:54:77
Signer

Actual PE Digest

ae:bb:f2:fa:ef:51:1d:a4:f8:d2:3b:57:77:0e:66:e0:50:61:54:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

__WSAFDIsSet
inet_addr
recvfrom
getpeername
inet_ntoa
ntohs
gethostbyname
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
accept
htonl
connect
select
setsockopt
socket
htons
bind
listen
WSACreateEvent
WSAEventSelect
ntohl
send
WSAJoinLeaf
WSASocketA
ioctlsocket
gethostname
recv
WSAStartup
WSAGetLastError
WSACloseEvent
sendto
closesocket

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

iphlpapi

GetAdaptersInfo

ole32

CoCreateInstance
CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

VariantClear
SysAllocString
SysStringLen
SysFreeString

kernel32

InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetLocaleInfoW
GetOEMCP
GetACP
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
GetCPInfo
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetStdHandle
SetHandleCount
SetEndOfFile
SetStdHandle
SetLastError
TlsAlloc
GetCurrentThreadId
GetVersion
GetCommandLineA
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MoveFileExA
Sleep
MultiByteToWideChar
CreateEventA
CloseHandle
SetEvent
GetTickCount
WaitForSingleObject
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
InterlockedDecrement
QueryPerformanceCounter
GetSystemTime
InterlockedIncrement
CopyFileA
CreateSemaphoreA
OpenSemaphoreA
HeapFree
HeapAlloc
GetProcessHeap
MoveFileA
LocalFree
LocalAlloc
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetLocalTime
WideCharToMultiByte
FindClose
FindNextFileA
FindFirstFileA
GetTempPathA
CreateProcessA
GetDiskFreeSpaceExA
GetLastError
TerminateProcess
ReadFile
PeekNamedPipe
GetWindowsDirectoryA
GetStartupInfoA
CreatePipe
GetProcAddress
LoadLibraryA
lstrlenA
lstrlenW
CreateThread
RtlUnwind
GetFileType
CreateFileA
CreateDirectoryA
DeleteFileA
FlushFileBuffers
WriteFile
SetFilePointer
ResumeThread
TlsSetValue
TlsGetValue
ExitThread
CreateDirectoryW
CreateFileW
GetTimeZoneInformation
GetSystemTimeAsFileTime
RaiseException
ExitProcess
GetCurrentProcess

user32

CreateWindowExA
LoadIconA
DefWindowProcA
BeginPaint
GetClientRect
DrawTextA
EndPaint
LoadCursorA
RegisterClassExA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
PostQuitMessage

advapi32

RegOpenKeyA
RegCloseKey

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ShareModule.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4d31033905b7f9799eebc95dce22db30

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f6:1c:2a:76:28:e8:f5:f2:8b:66:2d:3b:b5:1d:16:15:75:9f:39:d4
Signer

Actual PE Digest

f6:1c:2a:76:28:e8:f5:f2:8b:66:2d:3b:b5:1d:16:15:75:9f:39:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
GetFileAttributesW
OpenMutexW
DebugBreak
OutputDebugStringW
GetModuleFileNameW
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
CreateFileW
GetShortPathNameW
GetModuleHandleW
FreeLibrary
SizeofResource
LoadResource
WaitForSingleObject
GetLastError
LoadLibraryExW
lstrcmpiW
lstrcpynW
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyW
lstrcatW
GetProcAddress
LoadLibraryW
SetEnvironmentVariableA
LoadLibraryA
GetOEMCP
ResetEvent
CloseHandle
CreateEventW
SetEvent
lstrlenW
MultiByteToWideChar
lstrlenA
Sleep
InterlockedIncrement
InterlockedDecrement
GetPrivateProfileIntW
FindResourceW
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
FlushFileBuffers
WriteFile
RaiseException
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
CompareStringW
CompareStringA
UnhandledExceptionFilter
GetFileType
CreateFileA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
ResumeThread
CreateThread
TlsSetValue
TlsGetValue
ExitThread
HeapReAlloc
GetCommandLineA
GetVersion
ReadFile
SetFilePointer
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
HeapSize
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError

user32

LoadStringW
CharNextW
wvsprintfW
CharLowerW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
RegEnumValueW

shell32

ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoInitializeEx

oleaut32

RegisterTypeLi
SysFreeString
SysAllocString
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen

ws2_32

setsockopt
socket
htons
ntohs
closesocket
WSAStartup
ntohl
WSAGetLastError
recv
send
htonl
inet_addr
connect

iphlpapi

GetAdaptersInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Skin/Logo.bmp
Skin/MiNi/Thumbs.db
Skin/MiNi/back.bmp
Skin/MiNi/info.bmp
Skin/MiNi/mute.bmp
Skin/MiNi/mute2.bmp
Skin/MiNi/next.bmp
Skin/MiNi/open.bmp
Skin/MiNi/pause.bmp
Skin/MiNi/play.bmp
Skin/MiNi/pre.bmp
Skin/MiNi/processp.bmp
Skin/MiNi/progress.bmp
Skin/MiNi/progress_thumb.bmp
Skin/MiNi/progressd.bmp
Skin/MiNi/volume.bmp
Skin/MiNi/volumeb.bmp
Skin/MiNi/volumep.bmp
Skin/Mini.xml
Skin/new_ccch.xml
.xml
Skin/new_ccch/bottom.bmp
Skin/new_ccch/bottomleft.bmp
Skin/new_ccch/bottomright.bmp
Skin/new_ccch/c_back.bmp
Skin/new_ccch/caption.bmp
Skin/new_ccch/close.bmp
Skin/new_ccch/full.bmp
Skin/new_ccch/ie_full.bmp
Skin/new_ccch/info.bmp
Skin/new_ccch/info_ie.bmp
Skin/new_ccch/infofull.bmp
Skin/new_ccch/left.bmp
Skin/new_ccch/left_bottom.bmp
Skin/new_ccch/left_top.bmp
Skin/new_ccch/listbutton.bmp
Skin/new_ccch/listbutton2.bmp
Skin/new_ccch/listicon.bmp
Skin/new_ccch/logo.bmp
Skin/new_ccch/max.bmp
Skin/new_ccch/media_files.bmp
Skin/new_ccch/media_files_2.bmp
Skin/new_ccch/media_info.bmp
Skin/new_ccch/media_search.bmp
Skin/new_ccch/media_sham.bmp
Skin/new_ccch/media_sham_2.bmp
Skin/new_ccch/mediaback.bmp
Skin/new_ccch/mediaeditdel.bmp
Skin/new_ccch/mediare.bmp
Skin/new_ccch/mediatolist.bmp
Skin/new_ccch/mediatree.bmp
Skin/new_ccch/menu.bmp
Skin/new_ccch/min.bmp
Skin/new_ccch/mtk.bmp
Skin/new_ccch/mute.bmp
Skin/new_ccch/mute2.bmp
Skin/new_ccch/next.bmp
Skin/new_ccch/nowplay.bmp
Skin/new_ccch/open.bmp
Skin/new_ccch/pause.bmp
Skin/new_ccch/play.bmp
Skin/new_ccch/playlist_toolbar.bmp
Skin/new_ccch/pre.bmp
Skin/new_ccch/process_right.bmp
Skin/new_ccch/processp.bmp
Skin/new_ccch/processp_left.bmp
Skin/new_ccch/progress.bmp
Skin/new_ccch/progress_point_a.bmp
Skin/new_ccch/progress_point_b.bmp
Skin/new_ccch/progress_thumb.bmp
Skin/new_ccch/reold.bmp
Skin/new_ccch/right.bmp
Skin/new_ccch/right_bottom.bmp
Skin/new_ccch/right_top.bmp
Skin/new_ccch/scroll_back.bmp
Skin/new_ccch/scroll_back_h.bmp
Skin/new_ccch/scroll_down.bmp
Skin/new_ccch/scroll_left.bmp
Skin/new_ccch/scroll_limit.bmp
Skin/new_ccch/scroll_limit_h.bmp
Skin/new_ccch/scroll_right.bmp
Skin/new_ccch/scroll_up.bmp
Skin/new_ccch/search_botton.bmp
Skin/new_ccch/search_icon_2.bmp
Skin/new_ccch/stop.bmp
Skin/new_ccch/tab.bmp
Skin/new_ccch/tab1.bmp
Skin/new_ccch/tableft.bmp
Skin/new_ccch/tabright.bmp
Skin/new_ccch/tabs_left.bmp
Skin/new_ccch/tabs_mid.bmp
Skin/new_ccch/tabs_right.bmp
Skin/new_ccch/tabs_seach_2.bmp
Skin/new_ccch/tabs_search_left.bmp
Skin/new_ccch/top.bmp
Skin/new_ccch/topleft.bmp
Skin/new_ccch/topright.bmp
Skin/new_ccch/volume.bmp
Skin/new_ccch/volumeb.bmp
Skin/new_ccch/volumep.bmp
Tip/QvodTip.exe
.exe windows:4 windows x86 arch:x86

3d812c4c97128ca0e08c8dab57ae38e0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21-05-2009 00:00

Not After

20-05-2019 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02-06-2009 00:00

Not After

02-06-2011 23:59

Subject

CN=Shenzhen QVOD Technology Co.\,Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Shenzhen QVOD Technology Co.\,Ltd,L=Shenzhen,ST=Shenzhen,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff
Signer

Actual PE Digest

3b:cf:5e:dc:89:3a:2c:bc:a9:16:7f:c7:1a:66:57:0f:4e:0c:f5:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetFilePointer
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetModuleFileNameA
HeapAlloc
RaiseException
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA
HeapFree
RtlUnwind
LocalFree
WideCharToMultiByte
GetLastError
GetProcAddress
LoadLibraryA
SetStdHandle
FlushFileBuffers
ReadFile
CloseHandle
LoadLibraryW
DeleteCriticalSection
lstrcmpW
GlobalAlloc
GlobalLock
GlobalUnlock
InitializeCriticalSection
lstrcpynA
lstrcpynW
GetVersionExW
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
lstrlenA
DeleteFileW
GetModuleFileNameW
lstrlenW
Sleep
InterlockedIncrement
TerminateProcess
InterlockedDecrement

user32

GetSysColor
GetDlgItem
FillRect
IsChild
GetClassNameW
GetParent
RedrawWindow
GetDesktopWindow
PostQuitMessage
DestroyWindow
UpdateLayeredWindow
GetClientRect
ReleaseDC
GetDC
EqualRect
GetWindowRect
CreateWindowExW
RegisterClassExW
DefWindowProcW
EndPaint
CreateAcceleratorTableW
ReleaseCapture
SetCapture
InvalidateRgn
DrawTextW
SetRectEmpty
MoveWindow
SetCursor
GetFocus
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
GetWindow
RegisterWindowMessageW
CallWindowProcW
RemoveMenu
PeekMessageW
PtInRect
CreatePopupMenu
GetMenuItemCount
AppendMenuW
GetMenuItemInfoW
DestroyMenu
MessageBeep
IsWindowVisible
SetFocus
LoadStringA
KillTimer
SetLayeredWindowAttributes
InvalidateRect
SetTimer
SendMessageW
MapWindowPoints
IsWindow
TrackPopupMenuEx
GetClassInfoExW
LoadCursorW
wsprintfW
LoadImageW
SystemParametersInfoW
FindWindowW
SetWindowPos
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
LoadStringW
SetWindowLongW
GetWindowLongW
BeginPaint

gdi32

GetTextExtentPoint32W
StretchBlt
SetBkMode
SetTextColor
GetStockObject
GetObjectW
DeleteObject
DeleteDC
SelectObject
CreateDIBSection
CreateCompatibleDC
CreateFontIndirectW
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
CreateSolidBrush

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW

ole32

OleLockRunning
CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal
CoInitialize
OleInitialize
CoUninitialize
OleUninitialize
OleCreate
OleSetContainedObject
OleDraw
CoCreateInstance

oleaut32

LoadRegTypeLi
OleCreateFontIndirect
SysStringLen
SysAllocStringLen
VariantCopy
VariantClear
SysAllocString
SysFreeString
GetErrorInfo

comctl32

InitCommonControlsEx
_TrackMouseEvent
ord17

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tip/QvodTips.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 152KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 42KB - Virtual size: 42KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

d23fbd09100caad5e10f17163f511668

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 290B

47ca16f9ccfa1108a6da24b0442ee949

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36Certificate

Extended Key Usages

Key Usages

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

version

psapi

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 42KB - Virtual size: 42KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 290B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

69:d1:ad:9b:16:f2:f2:1b:66:64:ab:8b:27:1f:d5:36
Certificate

39:a2:98:8a:4c:3f:8e:b2:d5:60:94:2a:c1:68:b7:f1:f9:82:ec:d7
Signer

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 36KB - Virtual size: 34KB

01
Certificate

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

21:d9:1d:91:5f:64:fe:5a:ea:a1:6d:d9:b4:6f:06:dd
Certificate

.text
Size: 408KB - Virtual size: 406KB

.rdata
Size: 48KB - Virtual size: 44KB

.data
Size: 36KB - Virtual size: 48KB

.rsrc
Size: 60KB - Virtual size: 58KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

65:16:5e:50:24:9f:f6:ad:03:9d:77:06:ec:59:bf:8d
Certificate

.text
Size: 22KB - Virtual size: 22KB