2d6ba450783e16d600a2254cb33de7a0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2d6ba450783e16d600a2254cb33de7a0_JaffaCakes118
Size

5.6MB
MD5

2d6ba450783e16d600a2254cb33de7a0
SHA1

caae068e0bfe818412eca92ebba3330333d0da71
SHA256

d53b9bbef8a95d7dc62a587a70d78cef1a5e9b02a8d1a95c6b4448b515909129
SHA512

a25835670fc2612fcf76cc2a73fc5e5c8e1c700161859d5fd2e0e8fe4d7d5f3bce98d1e6ffcec09a40620c871b74d7636a132d45d1f25bb531e32d1475d0ddc0
SSDEEP

98304:Ag6nOWm9YyzIZyYyzHogSNYiF+uc5LKc39xEZq3YMPiuiDttVHXS0NTqyG0LZA20:AgSOFY4HoJN9kuc5LKc3rwqktGyG0pDm

Score

3^/10

Malware Config

Signatures

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack002/$PLUGINSDIR/Time.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/NSISdl.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/YTVersion.dll
unpack004/$PLUGINSDIR/doit.exe
unpack005/$PLUGINSDIR/GetModuleVersion.dll
unpack005/$PLUGINSDIR/InstallOptions.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/YTVersion.dll
unpack005/$PLUGINSDIR/inetcJP.dll
unpack006/$PLUGINSDIR/InstallOptions.dll
unpack006/$PLUGINSDIR/System.dll
unpack006/$TEMP/doit.exe
unpack007/$PLUGINSDIR/GetModuleVersion.dll
unpack007/$PLUGINSDIR/InstallOptions.dll
unpack007/$PLUGINSDIR/System.dll
unpack007/$PLUGINSDIR/YTVersion.dll
unpack007/$PLUGINSDIR/inetc.dll

NSIS installer 14 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/WoopieAssist_desktop.exe	nsis_installer_1
static1/unpack001/$TEMP/WoopieAssist_desktop.exe	nsis_installer_2
static1/unpack001/Woopie_install.exe	nsis_installer_1
static1/unpack001/Woopie_install.exe	nsis_installer_2
static1/unpack001/yt7j_psac01.exe	nsis_installer_1
static1/unpack001/yt7j_psac01.exe	nsis_installer_2
static1/unpack004/$PLUGINSDIR/yt7j_inst.exe	nsis_installer_1
static1/unpack004/$PLUGINSDIR/yt7j_inst.exe	nsis_installer_2
static1/unpack005/uninst.exe	nsis_installer_1
static1/unpack005/uninst.exe	nsis_installer_2
static1/unpack005/uninstall.exe	nsis_installer_1
static1/unpack005/uninstall.exe	nsis_installer_2

Files

2d6ba450783e16d600a2254cb33de7a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0d:62:ed:91:37:a0:1c:66:a7:c5:06:ca:67:e8:62:b2:61:5d:ee:0b
Signer

Actual PE Digest

0d:62:ed:91:37:a0:1c:66:a7:c5:06:ca:67:e8:62:b2:61:5d:ee:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

TranslateMessage
GetMessageA
IsDialogMessageA
PostMessageA
DispatchMessageA
GetWindowLongA
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
CallWindowProcA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 472B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/io.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/WoopieAssist_desktop.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f0:30:5b:d1:ea:23:ce:d1:59:bf:61:f4:ad:e4:e9:1d:f1:9e:53:a7
Signer

Actual PE Digest

f0:30:5b:d1:ea:23:ce:d1:59:bf:61:f4:ad:e4:e9:1d:f1:9e:53:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Time.dll
.dll windows:4 windows x86 arch:x86

2e3a4d1f132aea64d421c1e936bcc407

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
lstrcmpiA
lstrcpynA
GlobalFree
lstrcpyA
GlobalAlloc
GetSystemTime
GetLocalTime
SetSystemTime
SetLocalTime
FindClose
FindFirstFileA
CloseHandle
SetFileTime
CreateFileA
lstrcatA

user32

SendMessageA
wsprintfA

Exports

Exports

_GetFileTime
_GetFileTimeUTC
_GetLocalTime
_GetLocalTimeUTC
_MathTime
_SetFileTime
_SetFileTimeUTC
_SetLocalTime
_SetLocalTimeUTC
_TimeString
_Unload

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WoopieAssistant.dll
.dll regsvr32 windows:4 windows x86 arch:x86

26fceca169e54c7293806fb5ecbf6463

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

a0:cd:bc:c7:11:7f:02:0d:37:64:3f:ff:96:74:b6:94:fb:21:b7:c7
Signer

Actual PE Digest

a0:cd:bc:c7:11:7f:02:0d:37:64:3f:ff:96:74:b6:94:fb:21:b7:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetReadFile

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GetLastError
lstrcmpiW
CloseHandle
WaitForSingleObject
InterlockedExchangeAdd
WriteFile
CreateFileW
DeleteFileW
InterlockedDecrement
InterlockedIncrement
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetTempFileNameW
GetTempPathW
CreateThread
GetPrivateProfileStringW
GetVersion
CreateDirectoryW
WritePrivateProfileStringW
CopyFileW
MoveFileW
DisableThreadLibraryCalls
ResumeThread
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
GetThreadContext
SetThreadContext
SuspendThread
SetFilePointer
DeleteCriticalSection
GetProcAddress
LoadLibraryA
SetEndOfFile
CreateFileA
ReadFile
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetOEMCP
GetModuleFileNameA
GetStdHandle
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetCommandLineA
GetSystemInfo
GetModuleHandleA
IsDebuggerPresent
GetThreadLocale
InitializeCriticalSection
lstrlenW
GetCurrentProcessId
SetLastError
GetCurrentThreadId
Sleep
MultiByteToWideChar
GetCurrentProcess
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenA
GetCurrentThread
GetLocaleInfoA
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
LocalFree
HeapSize
HeapReAlloc
HeapDestroy
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
GetVersionExA
GetACP

user32

UnregisterClassA
MessageBoxA
SetWindowLongW
IsWindow
GetClassInfoExW
LoadCursorW
DestroyWindow
GetWindowThreadProcessId
EnumWindows
RegisterClassExW
CreateWindowExW
GetClientRect
GetWindowLongW
SetTimer
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
DestroyAcceleratorTable
SendMessageW
GetFocus
GetWindow
SetFocus
GetDesktopWindow
BeginPaint
EndPaint
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
SetWindowPos
MoveWindow
GetSysColor
CallWindowProcW
DefWindowProcW
PostMessageW
CharNextW
KillTimer

gdi32

GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemFree
StringFromGUID2
OleLockRunning
CoTaskMemRealloc
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoTaskMemAlloc
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoGetClassObject
OleRun

oleaut32

VariantChangeType
VariantClear
SysAllocString
VarBstrCat
SysStringLen
VariantInit
SysAllocStringLen
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
GetErrorInfo
SysFreeString

shlwapi

PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 176KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WoopieAssistant.exe
.exe windows:4 windows x86 arch:x86

b9006dedb703a73268c10a4eab70cb65

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f0:c8:59:4f:b8:3b:fd:07:31:07:6a:b5:6e:30:fe:1d:ac:e7:61:ad
Signer

Actual PE Digest

f0:c8:59:4f:b8:3b:fd:07:31:07:6a:b5:6e:30:fe:1d:ac:e7:61:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathIsUNCA
PathStripToRootA
PathRemoveFileSpecA
PathAddBackslashA
PathFileExistsA

kernel32

LeaveCriticalSection
LocalAlloc
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetFullPathNameA
GetShortPathNameA
CreateFileA
GetModuleFileNameW
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetFileAttributesA
GetFileTime
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
HeapReAlloc
GetSystemInfo
GetCommandLineA
GetProcessHeap
ExitProcess
HeapSize
SetStdHandle
GetFileType
GetACP
GetStringTypeA
GetStringTypeW
GetStdHandle
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetHandleCount
HeapDestroy
HeapCreate
VirtualFree
Sleep
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetModuleHandleA
SetFilePointer
GetFileSize
WriteFile
SetLastError
SuspendThread
GetThreadContext
SetThreadContext
GetCurrentProcess
FlushInstructionCache
GetCurrentThreadId
InterlockedCompareExchange
VirtualAlloc
VirtualProtect
VirtualQuery
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrcpyA
FindFirstFileA
FindClose
MoveFileA
GetVolumeInformationA
GetStartupInfoA
ReadFile
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
CompareStringW
CompareStringA
GetVersion
GetLastError
GetPrivateProfileStringA
GetCurrentThread
GetVersionExA
GetSystemDirectoryA
CopyFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
MultiByteToWideChar
ResumeThread
lstrcmpA
DeleteFileA
GetTempFileNameA
GetTempPathA
CreateDirectoryA
WaitForSingleObject
TerminateThread
CloseHandle
InterlockedIncrement
CreateThread
lstrlenA
GetTickCount
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
InterlockedDecrement
HeapAlloc

user32

UnregisterClassA
DestroyIcon
PostThreadMessageA
GetNextDlgGroupItem
MessageBeep
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
CreatePopupMenu
SetRectEmpty
BringWindowToTop
SetMenu
TranslateAcceleratorA
InvalidateRgn
SetRect
CopyAcceleratorTableA
DestroyMenu
GetMenuItemInfoA
InflateRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
ShowOwnedPopups
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
ClientToScreen
SetWindowRgn
FillRect
IsRectEmpty
FindWindowA
InvalidateRect
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
CharNextA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetDlgItem
GetTopWindow
RegisterWindowMessageA
PostMessageA
SendMessageA
GetDesktopWindow
EnableWindow
KillTimer
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
IsWindowVisible
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
IsWindow
OffsetRect
SetTimer
CloseWindow
CharUpperA
PostQuitMessage
MessageBoxA
DrawIcon
IsIconic
GetClientRect
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
GetWindow
GetWindowRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
SetWindowPos
SetWindowLongA
GetWindowLongA
CallWindowProcA
DefWindowProcA
GetDlgCtrlID
PtInRect
SetScrollInfo
GetScrollInfo
CopyRect
RegisterClassA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
DeferWindowPos

gdi32

CreateSolidBrush
CreateFontIndirectA
GetTextExtentPoint32A
CreateRectRgnIndirect
CreateCompatibleBitmap
GetMapMode
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
GetRgnBox
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
SetBkMode
RestoreDC
SaveDC
Ellipse
LPtoDP
CreateEllipticRgn
GetTextColor
GetBkColor
GetStockObject
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleWindowExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyA
RegSetValueA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA

shell32

ExtractIconA
DragQueryFileA
DragFinish

oledlg

ord8

ole32

OleRun
CoCreateInstance
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoRegisterClassObject
CoRevokeClassObject
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoInitialize
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

GetErrorInfo
LoadTypeLi
SysFreeString
SysStringLen
SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantCopy
VariantChangeType
SysAllocStringLen
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

ws2_32

WSAStartup
gethostbyname
WSACleanup

wininet

InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetQueryDataAvailable
HttpOpenRequestA
HttpQueryInfoA
InternetReadFile
InternetQueryOptionA
InternetCloseHandle
HttpSendRequestA

Sections

.text
Size: 408KB - Virtual size: 405KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe.nsis
Accelerators/IEAccelerators.exe
.exe windows:4 windows x86 arch:x86

fa858a8a9e299a1d171df575faad33d0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:0f:1d:a2:b3:0b:dd:d7:62:83:fe:8b:d3:3e:dc:7f:48:84:f5:ba
Signer

Actual PE Digest

1d:0f:1d:a2:b3:0b:dd:d7:62:83:fe:8b:d3:3e:dc:7f:48:84:f5:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathFindExtensionA
PathFileExistsA

kernel32

GetCurrentProcess
CreateFileA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
VirtualAlloc
GetProcessHeap
ExitProcess
HeapSize
GetACP
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetStringTypeW
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
CloseHandle
GlobalAddAtomA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetThreadLocale
GlobalGetAtomNameA
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
lstrcmpA
FreeLibrary
GlobalDeleteAtom
SetErrorMode
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
CompareStringA
GetLastError
MultiByteToWideChar
InterlockedExchange
GetPrivateProfileStringA
GetVersion
GetTempPathA
CreateDirectoryA
CopyFileA
lstrlenA
GetCommandLineA
GetModuleHandleA
GetModuleFileNameA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeA

user32

DestroyMenu
ShowWindow
UnregisterClassA
SetWindowTextA
SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
GetForegroundWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GetSystemMetrics
LoadCursorA
UnhookWindowsHookEx
MessageBoxA
EnableWindow
GetWindow
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
GetWindowThreadProcessId
SendMessageA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled

gdi32

CreateBitmap
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
GetDeviceCaps
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetFolderPathA

oleaut32

VariantInit
VariantClear
VariantChangeType

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Accelerators/conf.ini
Accelerators/image/Find_woopie.jp.ico
Accelerators/xml/Find_woopie.jp.xml
AutoUpdate.exe
.exe windows:4 windows x86 arch:x86

f33e1b2b8d09aa582424112d0dfd7ab3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:21:81:3c:a5:cf:77:63:4e:4c:32:c1:8b:50:89:3a:84:01:23:91
Signer

Actual PE Digest

8d:21:81:3c:a5:cf:77:63:4e:4c:32:c1:8b:50:89:3a:84:01:23:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
TerminateProcess
CloseHandle
WaitForSingleObject
OpenProcess
InterlockedIncrement
GetModuleFileNameA
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
LCMapStringW
LCMapStringA
IsBadCodePtr
GetLastError
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
HeapFree
WriteFile
HeapAlloc
HeapReAlloc
GetCurrentProcess
HeapSize
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetStringTypeA
GetStringTypeW
IsBadReadPtr

shell32

ShellExecuteA

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
SysFreeString
VariantClear

shlwapi

PathFileExistsA

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Convert.dll
.dll windows:4 windows x86 arch:x86

a8767649d18e9bd1cbe197cf1edf326b

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:6f:ed:f0:e6:89:70:42:02:d3:a1:a4:d3:65:24:ee:14:c8:c9:bc
Signer

Actual PE Digest

ff:6f:ed:f0:e6:89:70:42:02:d3:a1:a4:d3:65:24:ee:14:c8:c9:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsA

kernel32

lstrcatA
GetVersion
GlobalFlags
WritePrivateProfileStringA
SetLastError
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
GetFileAttributesA
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
ExitProcess
HeapFree
HeapAlloc
SetErrorMode
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
LocalAlloc
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
CreateFileA
GetCurrentProcess
DuplicateHandle
LocalFree
CreateEventA
SuspendThread
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateThread
WaitForMultipleObjects
WinExec
lstrcpyA
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CreatePipe
CloseHandle
GetStartupInfoA
CreateProcessA
GetLastError
ReadFile
WriteFile
TerminateProcess
CopyFileExA
DeleteFileA
CopyFileA
Sleep
GetModuleFileNameA
GetTempPathA
CreateDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ExitThread

user32

AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
LoadStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
PostQuitMessage
PostMessageA
SendMessageA
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
GetSystemMetrics
CharUpperA
wsprintfA
SetCursor
EnableWindow
MessageBoxA
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
PeekMessageA
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GrayStringA

gdi32

PtVisible
GetDeviceCaps
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteObject
RectVisible
CreateBitmap
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

comctl32

ord17

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen

Exports

Exports

??0CMediaConvert@@QAE@ABV0@@Z
??0CMediaConvert@@QAE@XZ
??0CMediaJoin@@QAE@ABV0@@Z
??0CMediaJoin@@QAE@XZ
??1CMediaConvert@@UAE@XZ
??1CMediaJoin@@UAE@XZ
??4CMediaConvert@@QAEAAV0@ABV0@@Z
??4CMediaJoin@@QAEAAV0@ABV0@@Z
??_7CMediaConvert@@6B@
??_7CMediaJoin@@6B@
?AddMediaFileName@CMediaJoin@@QAEHPBD@Z
?Convert@CMediaConvert@@AAEXXZ
?Convert@CMediaConvert@@IAEHVCString@@@Z
?Convert@CMediaJoin@@AAEHIVCString@@@Z
?Convert@CMediaJoin@@AAEHVCString@@@Z
?Convert@CMediaJoin@@AAEXXZ
?ConvertThread@CMediaJoin@@CGKPAX@Z
?EndAllConvert@CMediaConvert@@SAXXZ
?EndConvert@CMediaConvert@@QAEXXZ
?EndConvert@CMediaJoin@@QAEXXZ
?GetCurPos@CMediaJoin@@AAEIXZ
?Init@CMediaJoin@@QAEXXZ
?IsFinishConvert@CMediaConvert@@QAEHXZ
?IsFinishJoin@CMediaJoin@@QAEHXZ
?OnEachMeidaFileFinishRate@CMediaJoin@@MAEXIM@Z
?OnFinishRate@CMediaConvert@@UAEXM@Z
?OnFinishRate@CMediaJoin@@MAEXM@Z
?OnFinishResult@CMediaConvert@@MAEXW4MEDIA_CONVERT_RESULT@@@Z
?OnFinishResult@CMediaJoin@@MAEXIW4MEDIA_CONVERT_RESULT@@@Z
?OnFinishResult@CMediaJoin@@MAEXW4MEDIA_CONVERT_RESULT@@@Z
?SetAdvanceConvet@CMediaConvert@@QAEXPBD0@Z
?StartConvert@CMediaConvert@@QAEHABUFILEINFO@@@Z
?StartConvertThread@CMediaConvert@@CAIPAX@Z
?StartConvertThread@CMediaJoin@@CAIPAX@Z
?StartMediaJoin@CMediaJoin@@QAEHUJOINOUT_FILEINFO@@@Z

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReadMe.txt
Transcoding.ini
VideoConvertor.exe
.exe windows:4 windows x86 arch:x86

f215c47ad8ce1113dfe77c169dfa0793

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:9a:65:9f:43:8a:3a:d3:81:e4:c1:ba:9a:91:f2:ff:2e:ed:69:f7
Signer

Actual PE Digest

65:9a:65:9f:43:8a:3a:d3:81:e4:c1:ba:9a:91:f2:ff:2e:ed:69:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\360le\360le2008-6-13\jabber\VPlayer\build_jp\VideoConvertor.pdb

Imports

convert

?StartConvert@CMediaConvert@@QAEHABUFILEINFO@@@Z
?SetAdvanceConvet@CMediaConvert@@QAEXPBD0@Z
??0CMediaConvert@@QAE@XZ
?EndConvert@CMediaConvert@@QAEXXZ
??1CMediaConvert@@UAE@XZ

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
GetACP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
Sleep
HeapDestroy
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetFileType
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleFileNameA
lstrcatA
WideCharToMultiByte
VirtualAlloc
VirtualFree
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetLastError
CompareStringA
GetVersion
InterlockedDecrement
InterlockedIncrement
GetVolumeInformationA
GetTickCount
DeleteFileA
GetShortPathNameA
lstrcpyA
CreateDirectoryA
MulDiv
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
SetLastError
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
FileTimeToSystemTime
GetOEMCP
GetCPInfo
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CloseHandle
lstrcmpA
GlobalAlloc
FormatMessageA
LocalFree
GetModuleFileNameW
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GetVersionExA
GetModuleHandleA
GetProcAddress

user32

UnregisterClassA
GetSysColorBrush
GetWindowThreadProcessId
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatA
PostQuitMessage
WindowFromPoint
GetMessageA
TranslateMessage
ValidateRect
GetMenuStringA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
TrackPopupMenu
GetKeyState
UpdateWindow
GetMenu
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DefWindowProcA
CallWindowProcA
GetWindowPlacement
GetWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
LoadIconA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadBitmapA
DestroyWindow
GetWindowLongA
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
GetDC
ReleaseDC
FillRect
GetDlgCtrlID
IsWindowVisible
SetWindowPos
GetDlgItem
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
EnumChildWindows
IsZoomed
SetWindowLongA
SetRect
CopyAcceleratorTableA
CharNextA
PostThreadMessageA
ReleaseCapture
GetTopWindow
SetCapture
PostMessageA
SetTimer
GetCursorPos
GetWindowRect
PtInRect
KillTimer
SendMessageA
LoadMenuA
GetSubMenu
CheckMenuItem
EnableMenuItem
GetMenuState
GetMenuItemID
AppendMenuA
GetMenuItemCount
CreatePopupMenu
SetForegroundWindow
InvalidateRect
EnableWindow
SystemParametersInfoA
CopyRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IntersectRect
IsRectEmpty
OffsetRect
CopyIcon
LoadCursorA
SetCursor
IsWindow
CharUpperA
SetWindowRgn
SetWindowsHookExA

gdi32

DeleteDC
DeleteObject
GetDIBits
SelectObject
BitBlt
CreateCompatibleBitmap
GetDeviceCaps
Polyline
GetStockObject
SetDIBitsToDevice
CombineRgn
CreateRectRgn
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SetMapMode
GetClipBox
CreateICA
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetRgnBox
GetTextExtentPoint32A
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkMode
GetCurrentObject
CreateFontIndirectA
StretchDIBits
SetStretchBltMode
StretchBlt
GetObjectA
CreateCompatibleDC
CreateSolidBrush

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
DragAcceptFiles
SHBrowseForFolderA
DragQueryFileA
ShellExecuteA

comctl32

InitCommonControlsEx
_TrackMouseEvent

shlwapi

PathAddBackslashA
PathFileExistsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
PathIsUNCA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRevokeClassObject
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoTaskMemAlloc
OleFlushClipboard
CoTaskMemFree
OleRun
CoCreateInstance
CoUninitialize
CoInitialize
StgOpenStorageOnILockBytes
CoRegisterMessageFilter
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal

oleaut32

SysStringLen
SysAllocString
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysFreeString

Sections

.text
Size: 372KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 956KB - Virtual size: 953KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WoopieMenuPlugin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b2f5efd3bc9ea9d4b63614cd982b25eb

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:48:22:86:6a:ee:bb:2b:ba:f5:a1:11:b2:51:a1:67:a0:dd:23:7b
Signer

Actual PE Digest

8b:48:22:86:6a:ee:bb:2b:ba:f5:a1:11:b2:51:a1:67:a0:dd:23:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\project\360le\360le2008-6-13\jabber\VPlayer\build\360LeMenuPlugin.pdb

Imports

kernel32

InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
MapViewOfFile
CreateFileMappingW
InterlockedIncrement
UnmapViewOfFile
OpenFileMappingW
lstrlenA
Sleep
WinExec
GetVersion
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CloseHandle
lstrlenW
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LoadLibraryA
HeapSize
SetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
WideCharToMultiByte
LocalFree
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
VirtualFree
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

IsWindow
UnregisterClassA
CharNextW

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExW

ole32

CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

LoadTypeLi
SysStringLen
SysFreeString
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VariantClear
VarUI4FromStr

shlwapi

PathFileExistsW

ws2_32

sendto
socket
closesocket
WSACleanup
WSAStartup
inet_addr
htons

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WoopieVideoDeskTop.exe
.exe windows:4 windows x86 arch:x86

e5606963dfea5f661795e9bc896ab024

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

6a:76:76:b0:88:5a:32:3a:4f:2f:86:89:ac:66:e2:31:ff:84:91:13
Signer

Actual PE Digest

6a:76:76:b0:88:5a:32:3a:4f:2f:86:89:ac:66:e2:31:ff:84:91:13

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\project\360le\360le2008-6-13\jabber\VPlayer\build_jp\WoopieVideoDeskTop.pdb

Imports

convert

?StartConvert@CMediaConvert@@QAEHABUFILEINFO@@@Z
?EndConvert@CMediaConvert@@QAEXXZ
?OnEachMeidaFileFinishRate@CMediaJoin@@MAEXIM@Z
?EndConvert@CMediaJoin@@QAEXXZ
?StartMediaJoin@CMediaJoin@@QAEHUJOINOUT_FILEINFO@@@Z
?AddMediaFileName@CMediaJoin@@QAEHPBD@Z
?Init@CMediaJoin@@QAEXXZ
??1CMediaJoin@@UAE@XZ
?OnFinishResult@CMediaJoin@@MAEXIW4MEDIA_CONVERT_RESULT@@@Z
??0CMediaJoin@@QAE@XZ

kernel32

ConvertDefaultLocale
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
SetErrorMode
GetFileTime
GetCurrentDirectoryA
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetSystemInfo
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RtlUnwind
ExitThread
RaiseException
ExitProcess
HeapSize
SetStdHandle
GetFileType
HeapDestroy
HeapCreate
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetHandleCount
EnumResourceLanguagesA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetLocaleInfoW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
lstrlenA
FindResourceA
LoadResource
SizeofResource
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
LockResource
GetLastError
WideCharToMultiByte
CreateDirectoryA
GetModuleFileNameA
lstrcmpA
DeleteFileA
GetFileAttributesExA
GetShortPathNameA
lstrcpyA
GetTempPathA
GetTempFileNameA
InterlockedExchange
CreateThread
GetPrivateProfileStringA
WritePrivateProfileStringA
GetTickCount
WaitForSingleObject
TerminateThread
CloseHandle
ResumeThread
GetVersionExA
GetPrivateProfileIntA
CopyFileA
VirtualAlloc
VirtualFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentThread
GetVersion
MulDiv
lstrcpynA
FormatMessageA
GetVolumeInformationA
GetLocaleInfoA
GetModuleFileNameW
GetProfileIntA
FindNextFileA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalFree
GlobalAlloc
CreateEventA
SetEvent
GlobalSize
GetModuleHandleA
WriteFile
SetFilePointer
GetFileSize
SetLastError
SuspendThread
GetCurrentThreadId
VirtualProtect
FlushInstructionCache
InterlockedCompareExchange
VirtualQuery
SetThreadContext
GetThreadContext
MoveFileA
GetFileAttributesA
SetFileAttributesA
GlobalUnlock
GlobalLock
SetThreadPriority
Sleep
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetCurrentProcess
SetProcessWorkingSetSize
GetCurrentProcessId
LocalFree
CompareStringA
lstrlenW
CompareStringW
GetTimeZoneInformation

user32

UnregisterClassA
GetNextDlgGroupItem
MessageBeep
PostThreadMessageA
DrawIcon
FindWindowA
CharNextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetWindowThreadProcessId
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsWindowEnabled
MoveWindow
IsDlgButtonChecked
SetDlgItemTextA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
MessageBoxA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
DefWindowProcA
GetWindowPlacement
GetWindow
GetMenuStringA
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
PeekMessageA
ValidateRect
AnimateWindow
CallWindowProcA
DrawFocusRect
GetKeyState
GetMenuItemInfoA
IsMenu
UnregisterHotKey
RegisterHotKey
TranslateAcceleratorA
LoadAcceleratorsA
mouse_event
SetCursorPos
SetCursor
GetCursor
GetCursorPos
GetCapture
ClipCursor
LoadIconA
LoadCursorA
ReleaseCapture
GetFocus
SetCapture
SetActiveWindow
ShowWindow
BringWindowToTop
IsIconic
CreateWindowExA
SendMessageA
EnableWindow
InvalidateRgn
RegisterWindowMessageA
PostMessageA
RegisterClassA
GetMenuItemCount
SetForegroundWindow
CreatePopupMenu
GetSubMenu
GetMenuItemID
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowLongA
CharUpperA
SetWindowPos
IsWindowVisible
PostQuitMessage
SetRect
CopyAcceleratorTableA
GetSysColorBrush
IsClipboardFormatAvailable
ShowOwnedPopups
RegisterClipboardFormatA
SetWindowContextHelpId
MapDialogRect
UnpackDDElParam
ReuseDDElParam
GetForegroundWindow
GetMessageA
TranslateMessage
InsertMenuItemA
SetMenu
WaitMessage
DestroyMenu
InflateRect
WindowFromPoint
EndPaint
BeginPaint
GetWindowDC
DeferWindowPos
SetTimer
KillTimer
IsWindow
GetDesktopWindow
OffsetRect
GetClientRect
ClientToScreen
ScreenToClient
PtInRect
GetDC
ReleaseDC
InvalidateRect
GetDlgItem
SetWindowTextA
SystemParametersInfoA
GetWindowRect
GetParent
SetRectEmpty
UnionRect
FrameRect
GetSystemMetrics
IntersectRect
IsRectEmpty
AppendMenuA
CreateMenu
SetWindowLongA
IsZoomed
SetWindowRgn
FillRect
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
EnumChildWindows
CopyRect
SetLayeredWindowAttributes
LoadMenuA
DeleteMenu
GetClassNameA
DispatchMessageA
IsDialogMessageA

gdi32

TextOutA
RectVisible
PtVisible
GetTextExtentPoint32A
CreateICA
Polyline
PatBlt
CreateSolidBrush
CopyMetaFileA
GetClipBox
SetTextColor
SetBkColor
CreateBitmap
GetStockObject
GetBkColor
CreateEllipticRgn
LPtoDP
Ellipse
CreateRectRgnIndirect
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExtTextOutA
GetViewportExtEx
GetWindowExtEx
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
GetMapMode
GetRgnBox
Escape
CreateRectRgn
CombineRgn
GetDIBits
StretchDIBits
SetStretchBltMode
SetDIBitsToDevice
GetTextColor
GetBkMode
GetCurrentObject
GetObjectA
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
SelectObject
CreateFontIndirectA
GetDeviceCaps
GetPixel

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteKeyA
RegFlushKey
RegOpenKeyA
RegEnumKeyA
RegQueryValueA
RegQueryValueExA

shell32

SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteA
DragAcceptFiles
DragQueryFileA
DragFinish

comctl32

_TrackMouseEvent
InitCommonControlsEx

shlwapi

PathAddBackslashA
PathRemoveFileSpecA
PathFileExistsA
PathIsRootA
PathStripToRootA
PathIsUNCA
UrlUnescapeA
PathFindExtensionA
PathFindFileNameA

oledlg

ord8

ole32

CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleRun
CoInitialize
CoUninitialize
CoTaskMemFree
ReleaseStgMedium
CoTaskMemAlloc
OleDuplicateData
CoRegisterMessageFilter
CoLockObjectExternal
RevokeDragDrop
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
OleGetClipboard
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
RegisterDragDrop

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
OleCreateFontIndirect
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
GetErrorInfo
SysAllocStringLen

ws2_32

WSAGetLastError
listen
WSAStartup
recv
send
WSAAsyncSelect
recvfrom
sendto
connect
WSASetLastError
setsockopt
bind
inet_addr
htons
htonl
select
socket
accept
closesocket
WSACleanup
inet_ntoa
ntohs
gethostbyname

wininet

InternetCrackUrlA
InternetOpenA
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetSetOptionExA
InternetCanonicalizeUrlA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
DeleteUrlCacheEntry
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetQueryDataAvailable
InternetReadFile
InternetQueryOptionA
HttpQueryInfoA
InternetOpenUrlA
InternetCloseHandle

rpcrt4

UuidCreate

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Woopie_install.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:30:ba:8c:40:fe:a6:90:24:49:e2:c5:53:84:a3:18:e0:7b:c0:16
Signer

Actual PE Digest

ee:30:ba:8c:40:fe:a6:90:24:49:e2:c5:53:84:a3:18:e0:7b:c0:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/io1.ini
$TEMP/Checkkis/antivirus.dat
$TEMP/Checkkis/kasearch.dll
.dll windows:4 windows x86 arch:x86

5b16675194018df1063cd44ee228c386

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:c4:68:0d:da
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2009, 01:54

Not After

29/08/2010, 01:54

Subject

CN=KINGSOFT JAPAN INC.,O=KINGSOFT JAPAN INC.,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:96:54:0d:8d:fd:9e:a1:ce:f4:f5:ec:c9:d0:5d:4b:62:77:a7:5f
Signer

Actual PE Digest

3a:96:54:0d:8d:fd:9e:a1:ce:f4:f5:ec:c9:d0:5d:4b:62:77:a7:5f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\KINGSOFT_DUBA\Build\Build_Src\KIS\KIS\product\win32\dbginfo\kasearch.pdb

Imports

kernel32

CreateFileMappingA
CreateFileA
GetPrivateProfileSectionNamesA
DeleteFileA
GetTempFileNameA
GetTempPathA
CloseHandle
GetPrivateProfileIntA
GetLastError
GetPrivateProfileStringA
InterlockedDecrement
lstrlenW
lstrlenA
MapViewOfFile
GetFileSize
GetModuleFileNameA
UnmapViewOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
InterlockedExchange
FreeLibrary
InitializeCriticalSection
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThread
WriteFile
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetTimeZoneInformation
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
ExitProcess
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
FatalAppExitA
VirtualAlloc
HeapReAlloc
HeapSize
SetConsoleCtrlHandler
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetFileAttributesA

user32

wsprintfA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CoSetProxyBlanket

oleaut32

CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantCopy
VariantInit

shlwapi

StrStrIA
PathFileExistsA
StrTrimA
PathRemoveFileSpecA
PathAppendA

Exports

Exports

CloseSearchComponent
CreateKASearchComponent
CreateKASearchComponent2
CreateSearchComponent
ExecuteKASearch
ExecuteKASearch2
ExecuteSearchComponent
GetSearchComponentResultCount
GetSearchComponentResultInfoByIndex

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Checkkis/ks.exe
.exe windows:4 windows x86 arch:x86

24577e51cf1ab700b51ae0616a41efec

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:22:c4:68:0d:da
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

29/07/2009, 01:54

Not After

29/08/2010, 01:54

Subject

CN=KINGSOFT JAPAN INC.,O=KINGSOFT JAPAN INC.,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:9b:5e:08:a4:b9:cc:3c:21:eb:5d:d5:e0:d1:b1:ef:1a:04:21:02
Signer

Actual PE Digest

78:9b:5e:08:a4:b9:cc:3c:21:eb:5d:d5:e0:d1:b1:ef:1a:04:21:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\MyTempPro\release\t.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
coder.exe
.exe windows:4 windows x86 arch:x86

dc11fc51128bdf85424353ee77744a89

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

18/12/2009, 00:00

Not After

18/12/2010, 23:59

Subject

CN=Beijing AJ Technology Co.\, Ltd,O=Beijing AJ Technology Co.\, Ltd,L=beijing,ST=beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:7c:da:f7:98:16:3f:a7:24:a6:36:a7:ce:25:61:6c:b9:01:27:9a
Signer

Actual PE Digest

dd:7c:da:f7:98:16:3f:a7:24:a6:36:a7:ce:25:61:6c:b9:01:27:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateMutexA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
InitializeCriticalSection
InterlockedExchange
LeaveCriticalSection
ReleaseMutex
ResetEvent
SetEvent
SetUnhandledExceptionFilter
Sleep
WaitForSingleObject

msvcrt

_close
_getch
_kbhit
_open
_read
_setmode
_strdup
_tempnam
_unlink
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_errno
_filbuf
_iob
_isctype
_lseeki64
_onexit
_pctype
_setjmp
_setmode
_stricmp
abort
acos
asin
atan
atexit
atof
atoi
calloc
ceil
cos
cosh
exit
exp
fclose
fflush
fgetc
floor
fopen
fprintf
fputc
fputs
fread
free
frexp
fscanf
fseek
ftell
fwrite
gmtime
ldexp
localtime
log
log10
longjmp
malloc
memchr
memcpy
memmove
memset
mktime
perror
pow
printf
putchar
puts
qsort
rand
realloc
rename
signal
sin
sinh
sprintf
sqrt
srand
sscanf
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strstr
strtod
strtol
tan
tanh
time
tolower
toupper
vfprintf
vsprintf

user32

DestroyWindow
GetWindowLongA
SendMessageA
SetWindowLongA

avicap32

capCreateCaptureWindowA

Sections

.text
Size: 4.9MB - Virtual size: 4.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rodata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1.6MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
geturl1.htm
.js
geturl2.htm
.js
geturl3.htm
.js
home.url
login.ini
player.ico
skin/Video/bk.bmp
skin/Video/clearall.bmp
skin/Video/out_folder.bmp
skin/Video/removefile.bmp
skin/Video/start.bmp
skin/Video/stop.bmp
skin/Video/type_advance.bmp
skin/VideoConvertor/addfile.bmp
skin/VideoConvertor/bk.bmp
skin/VideoConvertor/bk1.bmp
skin/VideoConvertor/but_close.bmp
skin/VideoConvertor/but_min.bmp
skin/VideoConvertor/clearall.bmp
skin/VideoConvertor/out_folder.bmp
skin/VideoConvertor/removefile.bmp
skin/VideoConvertor/skin.xml
skin/VideoConvertor/start.bmp
skin/VideoConvertor/stop.bmp
skin/VideoConvertor/type_advance.bmp
skin/VideoConvertor/type_audio.bmp
skin/VideoConvertor/type_itune.bmp
skin/VideoConvertor/type_mobile.bmp
skin/VideoConvertor/type_pc.bmp
skin/VideoConvertor/type_psp.bmp
skin/favorite/folderskin.xml
.xml
skin/favorite/skin.xml
.xml
skin/float/active_wnd.bmp
skin/float/back.bmp
skin/float/bottom.html
.js
skin/float/images/add_button_1.jpg
.jpg
skin/float/images/add_button_2.jpg
.jpg
skin/float/images/add_list_button_1.jpg
.jpg
skin/float/images/add_list_button_2.jpg
.jpg
skin/float/images/add_list_button_3.jpg
.jpg
skin/float/images/bank.gif
.gif
skin/float/images/close_button2_1.gif
.gif
skin/float/images/close_button2_1.jpg
.jpg
skin/float/images/close_button2_2.gif
.gif
skin/float/images/close_button2_2.jpg
.jpg
skin/float/images/close_button2_3.gif
.gif
skin/float/images/close_button_1.gif
.gif
skin/float/images/close_button_2.gif
.gif
skin/float/images/close_button_3.gif
.gif
skin/float/images/download_bar_bg.jpg
.jpg
skin/float/images/jiantou_xia.jpg
.jpg
skin/float/images/list1_top_bg.jpg
.jpg
skin/float/images/play_button_1.gif
.gif
skin/float/images/play_button_2.gif
.gif
skin/float/images/play_button_3.gif
.gif
skin/float/miniskin.xml
.xml
skin/float/skin.xml
skin/float/switch.bmp
skin/float/top.html
.html .js polyglot
skin/hotpop/skin.xml
.xml
skin/key/back.bmp
skin/key/images/ReadMe.txt
skin/key/images/s_bg.jpg
.jpg
skin/key/images/s_bg2.jpg
.jpg
skin/key/monitorindex.html
.js
skin/key/skin.xml
.xml
skin/login/css/base.css
skin/login/css/dialog.css
skin/login/default.html
.html
skin/login/images/dialog/btn_bg.jpg
.jpg
skin/login/images/dialog/cancell.gif
.gif
skin/login/images/dialog/dialog_head_bg.jpg
.jpg
skin/login/images/dialog/icon_1.jpg
.jpg
skin/login/images/dialog/login.gif
.gif
skin/login/images/dialog/ok.gif
.gif
skin/login/images/dialog/titile_local_add.jpg
.jpg
skin/login/images/dialog/title_add.jpg
.jpg
skin/login/images/dialog/title_change.jpg
.jpg
skin/login/images/dialog/title_login.jpg
.jpg
skin/login/images/dialog/title_move.jpg
.jpg
skin/login/images/dialog/title_name_change.jpg
.jpg
skin/login/images/line_x.jpg
.jpg
skin/login/images/loading.gif
.gif
skin/login/js/cookie.js
.js
skin/login/js/prototype.js
.js
skin/login/login.html
.js
skin/login/skin.xml
skin/main/add_group.bmp
skin/main/always_top.bmp
skin/main/band_button_list_clear.bmp
skin/main/band_button_list_delete.bmp
skin/main/band_button_more_result.bmp
skin/main/base.css
skin/main/bk_button_band.bmp
skin/main/bk_ctrl_volume.bmp
skin/main/bk_input_left.bmp
skin/main/bk_input_left_main.bmp
skin/main/bk_input_mid.bmp
skin/main/bk_input_mid_main.bmp
skin/main/bk_input_right.bmp
skin/main/bk_input_right_main.bmp
skin/main/bk_list_title.bmp
skin/main/bk_play_slider.bmp
skin/main/bk_play_time.bmp
skin/main/bk_tab_toolbar.bmp
skin/main/bottom_left.bmp
skin/main/bottom_mid.bmp
skin/main/bottom_right.bmp
skin/main/but_always_top.bmp
skin/main/but_autoplay.bmp
skin/main/but_back_web.bmp
skin/main/but_close.bmp
skin/main/but_combine.bmp
skin/main/but_front_web.bmp
skin/main/but_go_web.bmp
skin/main/but_index_web.bmp
skin/main/but_max.bmp
skin/main/but_menu.bmp
skin/main/but_mid.bmp
skin/main/but_min.bmp
skin/main/but_mini_mode.bmp
skin/main/but_new_web.bmp
skin/main/but_refresh_web.bmp
skin/main/but_search.bmp
skin/main/but_stop_web.bmp
skin/main/check_bk.bmp
skin/main/check_select.bmp
skin/main/close_button.bmp
skin/main/colsearchstyle.html
.js
skin/main/ctrl_bk.bmp
skin/main/ctrl_capture.bmp
skin/main/ctrl_fullscreen.bmp
skin/main/ctrl_light.bmp
skin/main/ctrl_mini_mode.bmp
skin/main/ctrl_minimode.bmp
skin/main/ctrl_panel_bk.bmp
skin/main/ctrl_pause.bmp
skin/main/ctrl_savefile.bmp
skin/main/ctrl_start.bmp
skin/main/ctrl_stop.bmp
skin/main/ctrl_widescreen.bmp
skin/main/delete.bmp
skin/main/delete_all.bmp
skin/main/delete_video.bmp
skin/main/favorite.bmp
skin/main/feedback.bmp
skin/main/gamecenter_btn.bmp
skin/main/images/bg_key.jpg
.jpg
skin/main/images/bg_pop.jpg
.jpg
skin/main/images/bg_search.jpg
.jpg
skin/main/images/btn_more.jpg
.jpg
skin/main/images/button_add_list.jpg
.jpg
skin/main/images/button_all.jpg
.jpg
skin/main/images/button_change_image.jpg
.jpg
skin/main/images/button_change_text.jpg
.jpg
skin/main/images/button_play.jpg
.jpg
skin/main/images/button_prev.jpg
.jpg
skin/main/images/connecting.swf
skin/main/images/default.jpg
.jpg
skin/main/images/icon_eye.gif
.gif
skin/main/images/large-loading.gif
.gif
skin/main/images/large-loading2.gif
.gif
skin/main/images/large-loading3.gif
.gif
skin/main/images/line_x.jpg
.jpg
skin/main/images/link.jpg
.jpg
skin/main/images/loadweb.swf
skin/main/images/movie_page_navi.jpg
.jpg
skin/main/images/next_page.jpg
.jpg
skin/main/images/next_page2.jpg
.jpg
skin/main/images/p_download.jpg
.jpg
skin/main/images/p_stop.jpg
.jpg
skin/main/images/pic.jpg
.jpg
skin/main/images/pre_page.jpg
.jpg
skin/main/images/pre_page2.jpg
.jpg
skin/main/images/rate1.jpg
.jpg
skin/main/images/rate2.jpg
.jpg
skin/main/images/rate3.jpg
.jpg
skin/main/images/rate4.jpg
.jpg
skin/main/images/rate5.jpg
.jpg
skin/main/images/rate6.jpg
.jpg
skin/main/images/review_list_bg.jpg
.jpg
skin/main/images/review_top_bg.jpg
.jpg
skin/main/images/rview_bg.jpg
.jpg
skin/main/images/search.css
skin/main/images/search_add.gif
.gif
skin/main/images/search_down.gif
.gif
skin/main/images/search_in.gif
.gif
skin/main/images/search_pic.gif
.gif
skin/main/images/search_play.gif
.gif
skin/main/images/search_rate_bg.gif
.gif
skin/main/images/search_rate_bg_b.gif
.gif
skin/main/images/search_seepic.gif
.gif
skin/main/images/search_show_movie.gif
.gif
skin/main/images/search_t_head_bg.gif
.gif
skin/main/images/search_t_head_bg2.gif
.gif
skin/main/images/search_table_add.jpg
.jpg
skin/main/images/search_table_add_s.jpg
.jpg
skin/main/images/search_table_in.jpg
.jpg
skin/main/images/search_table_in_s.jpg
.jpg
skin/main/images/search_table_play.jpg
.jpg
skin/main/images/search_table_play_s.jpg
.jpg
skin/main/images/search_top_bg.jpg
.jpg
skin/main/images/search_up.gif
.gif
skin/main/images/searchtop_bg.jpg
.jpg
skin/main/images/show_tu1.jpg
.jpg
skin/main/images/show_tu2.jpg
.jpg
skin/main/images/show_wen1.jpg
.jpg
skin/main/images/show_wen2.jpg
.jpg
skin/main/images/speed_blue.jpg
.jpg
skin/main/images/spreed_gray.jpg
.jpg
skin/main/images/ssbutton_27.gif
.gif
skin/main/images/tagsearchstyle.css
skin/main/images/title_categorylist.jpg
.jpg
skin/main/images/title_linklist.jpg
.jpg
skin/main/images/title_tag.jpg
.jpg
skin/main/images/tj_add.gif
.gif
skin/main/images/tj_add_1.gif
.gif
skin/main/images/tj_add_2.gif
.gif
skin/main/images/tj_in.gif
.gif
skin/main/images/tj_in_1.gif
.gif
skin/main/images/tj_in_2.gif
.gif
skin/main/images/tj_list_bg1.gif
.gif
skin/main/images/tj_list_bg2.gif
.gif
skin/main/images/tj_play.gif
.gif
skin/main/images/tj_play_1.gif
.gif
skin/main/images/tj_play_2.gif
.gif
skin/main/images/woopie.jpg
.jpg
skin/main/javascript/boxover.js
.js
skin/main/javascript/cookie.js
.js
skin/main/link.html
.html .js polyglot
skin/main/local_bk.bmp
.png
skin/main/main_list_select_back.bmp
skin/main/mid_split.bmp
skin/main/monitorindex.html
.html .js polyglot
skin/main/moveto_group.bmp
skin/main/online_bk.bmp
skin/main/play_thumb_normal.bmp
skin/main/playlist_delete.bmp
skin/main/q_search_left.bmp
skin/main/q_search_mid.bmp
skin/main/q_search_right.bmp
skin/main/rename_group.bmp
skin/main/repet_button.bmp
skin/main/repetstop_button.bmp
skin/main/rview.html
.html .js polyglot
skin/main/save.bmp
skin/main/save_all_video.bmp
skin/main/search_bk_left.bmp
skin/main/search_bk_mid.bmp
skin/main/search_bk_right.bmp
skin/main/search_button.bmp
skin/main/search_start_2.bmp
skin/main/search_type1.css
skin/main/search_type2.css
skin/main/search_type_back.bmp
skin/main/searchstyle.html
.js
skin/main/searchstyle2.html
.js
skin/main/skin.xml
skin/main/specialstyle.html
.html .js polyglot
skin/main/specialstyle2.html
.js
skin/main/status_flag.bmp
skin/main/tab_bk.bmp
skin/main/tab_bk_game.bmp
skin/main/tab_bk_hot.bmp
skin/main/tab_bk_play.bmp
skin/main/tab_bk_web.bmp
skin/main/tab_button.bmp
skin/main/tab_close.bmp
skin/main/title_logo.bmp
skin/main/top_left.bmp
skin/main/top_mid.bmp
skin/main/top_right.bmp
skin/main/volume_bk.bmp
skin/main/volume_disable.bmp
skin/main/volume_enable.bmp
skin/main/volume_thumb_normal.bmp
skin/main/web_favorite.bmp
skin/mini/bottom_left.bmp
skin/mini/bottom_mid.bmp
skin/mini/bottom_right.bmp
skin/mini/but_full_mode.bmp
skin/mini/but_playlist.bmp
skin/mini/skin.xml
.xml
skin/mini/title_logo.bmp
skin/mini/top_left.bmp
skin/mini/top_mid.bmp
skin/mini/top_right.bmp
skin/preview/close.bmp
skin/preview/skin.xml
.xml
skin/preview/switch.bmp
skin/preview/title_left.bmp
skin/preview/title_logo.bmp
skin/preview/title_mid.bmp
skin/preview/title_right.bmp
sseting/126da57eba7dc36575406f54293610bf
sseting/141aa39382ef4350eab3290bdf17bae2
sseting/37b34ce12b17ed43be831ddb61b8521d
sseting/68f13e11c9dfa8e5aff6b20b51b0f223
sseting/84b6eb9a89e3f7426ab72f7794f77241
sseting/afd207b34c0d4f68aa12ab604d32262d
sseting/befdb6a2f860237b69e41920a3626e43
sseting/e44d44a5af9c0b858e015292b0edd90e
uninst.exe.nsis
update_config.x
video.swf
yt7j_psac01.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/YTVersion.dll
.dll windows:4 windows x86 arch:x86

7a844e26dba981fde4c096c2d432ee56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Jobs\YTB_new\Installer\Tools\plugin\YTVersion\Release\YTVersion.pdb

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalAlloc
GlobalFree

user32

wsprintfA

Exports

Exports

FormatForFeed

Sections

.text
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/doit.exe
.exe windows:4 windows x86 arch:x86

d283e7e2f9551816a6f0cecbb0038d8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Jobs\widget\Installer\--- work ---\doit\Release\doit.pdb

Imports

kernel32

GetCommandLineA
ExitProcess
lstrcpyA
GetCurrentDirectoryA
WaitForSingleObject
GetExitCodeProcess

shell32

ShellExecuteExA

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/y!jTools.dll
.dll windows:4 windows x86 arch:x86

85790f8a6f7459131154db61a1c78b40

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\Installer702\Tools\plugin\y!jTools\Release\y!jTool.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVersionExA
lstrcmpA
FreeLibrary
MultiByteToWideChar
GetProcAddress
LoadLibraryA

user32

SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindow
ScreenToClient
GetAsyncKeyState
wsprintfA
PostMessageA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows

urlmon

ObtainUserAgentString

wininet

InternetSetCookieA
InternetGetConnectedState

Exports

Exports

CenterWindow
ClearCookie
GetDefaultUserAgent
GetSpecialKey
GetUserAgent
IsOnline
PostMessageToAllToolbar
ResizeHeight
ResizeHeight2
ResizeWidth
ResizeWidth2

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/yt7j_inst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetModuleVersion.dll
.dll windows:4 windows x86 arch:x86

8cdfe293cedd39c001b5c76492dc0a3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\tools\NSIS\kw_plugins\GetModuleVersion\Release\GetModuleVersion.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GlobalAlloc
GetFullPathNameA
GlobalFree
lstrcpyA
lstrcpynA

user32

wsprintfA

Exports

Exports

GetProductVersion

Sections

.text
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/YTVersion.dll
.dll windows:4 windows x86 arch:x86

7a844e26dba981fde4c096c2d432ee56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Jobs\YTB_new\Installer\Tools\plugin\YTVersion\Release\YTVersion.pdb

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalAlloc
GlobalFree

user32

wsprintfA

Exports

Exports

FormatForFeed

Sections

.text
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/finish_no_bmp_ja.ini
$PLUGINSDIR/inetcJP.dll
.dll windows:4 windows x86 arch:x86

3f1149a3053980fe6b461521d2b55a2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
GetWindowTextA
IsWindow
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SendMessageA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/y!jTools.dll
.dll windows:4 windows x86 arch:x86

85790f8a6f7459131154db61a1c78b40

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\Installer702\Tools\plugin\y!jTools\Release\y!jTool.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVersionExA
lstrcmpA
FreeLibrary
MultiByteToWideChar
GetProcAddress
LoadLibraryA

user32

SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindow
ScreenToClient
GetAsyncKeyState
wsprintfA
PostMessageA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows

urlmon

ObtainUserAgentString

wininet

InternetSetCookieA
InternetGetConnectedState

Exports

Exports

CenterWindow
ClearCookie
GetDefaultUserAgent
GetSpecialKey
GetUserAgent
IsOnline
PostMessageToAllToolbar
ResizeHeight
ResizeHeight2
ResizeWidth
ResizeWidth2

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/Yahoo!J/Toolbar/ytcnt.exe
.exe windows:4 windows x86 arch:x86

4c9ae336f1c00a8e638347fbad86fcc5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
MoveFileExW
RemoveDirectoryW
GetProcAddress
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
LeaveCriticalSection
GetProcessHeap
HeapFree
WritePrivateProfileStringW
GetLongPathNameW
GetModuleFileNameW
lstrcmpW
FlushInstructionCache
SetFileAttributesW
SetLastError
lstrcmpiW
GetTickCount
GetCurrentThreadId
EnterCriticalSection
LocalFree
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetLastError
DeleteFileW
GetFileAttributesW
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
FindFirstFileW
lstrcatW
lstrcpyW
FindClose
FindNextFileW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
SetCurrentDirectoryW
CreateDirectoryW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStringTypeA
RtlUnwind
Sleep
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
GetModuleHandleW
MultiByteToWideChar
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsAlloc

user32

PostMessageW
SetWindowLongW
GetWindowLongW
GetWindow
GetParent
GetDesktopWindow
KillTimer
EndDialog
SetTimer
GetActiveWindow
DialogBoxParamW
SystemParametersInfoW
GetWindowRect
GetClientRect
MapWindowPoints
UnregisterClassA
SetWindowPos
RegisterWindowMessageW
GetClassNameW
WaitForInputIdle

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegCreateKeyExW
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
OleInitialize
CoUninitialize
OleRun
CoTaskMemFree

oleaut32

VariantClear

shlwapi

PathStripPathW
PathRemoveBackslashW
SHDeleteEmptyKeyW
PathRemoveFileSpecW
PathFindExtensionW
PathAddBackslashW

wininet

InternetSetCookieW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/uninstall.exe.nsis
Modules/Config.xml
.xml
Modules/LocalPlugin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

3f558f7cf87a4b572ec78fb44ce09286

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Eclipse\Fujisan\LocalPlugin\Release\LocalPlugin.pdb

Imports

kernel32

CreateThread
DeleteCriticalSection
InitializeCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
TerminateThread
SizeofResource
FindResourceW
WriteFile
FlushInstructionCache
GetTickCount
GetCurrentProcess
SetEvent
WaitForSingleObject
FindResourceExW
GetModuleFileNameW
ResetEvent
LoadResource
SetLastError
CreateEventW
LockResource
lstrlenA
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
DeleteFileW
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
lstrcmpW
CloseHandle
GetTempPathW
RaiseException
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
ExitProcess
Sleep
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
GetDateFormatA
GetTimeFormatA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetCPInfo
HeapCreate
RtlUnwind
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
LeaveCriticalSection
CreateFileW
EnterCriticalSection
GetCurrentThreadId
ResumeThread
MultiByteToWideChar
GetConsoleOutputCP
SetThreadPriority
CreateMutexW
ReleaseMutex
GetFileAttributesW
CopyFileW
GetLastError
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetVersionExW
lstrcpyW
GetModuleHandleW
GetProcAddress
MulDiv
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
SystemTimeToFileTime
SetFileTime
LocalFileTimeToFileTime
CreateDirectoryW
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GetSystemTimeAsFileTime

user32

KillTimer
GetWindowLongW
CreateWindowExW
LoadCursorW
SendMessageW
DefWindowProcW
CallWindowProcW
IsWindow
SetWindowPos
wsprintfA
EndDialog
SetTimer
EnableWindow
GetDlgItem
DialogBoxParamW
GetClassInfoExW
GetParent
MessageBoxW
RegisterClassExW
GetWindow
LoadIconW
DispatchMessageW
SetWindowLongW
wsprintfW
GetWindowTextW
GetClassNameW
DestroyAcceleratorTable
SetForegroundWindow
ShowWindow
ReleaseCapture
EqualRect
SetWindowTextW
SetCapture
ReleaseDC
GetDC
EndPaint
GetWindowTextLengthW
FillRect
MoveWindow
RegisterWindowMessageW
RedrawWindow
ScreenToClient
BeginPaint
GetSysColor
SetFocus
ClientToScreen
GetFocus
GetMessageW
IsChild
GetDesktopWindow
CopyRect
InvalidateRgn
CharNextW
CreateAcceleratorTableW
GetKeyState
GetAncestor
InvalidateRect
GetActiveWindow
GetMonitorInfoW
MonitorFromRect
UnregisterClassA
TranslateMessage
PostMessageW
PeekMessageW
DestroyWindow
SystemParametersInfoW
GetWindowRect
GetClientRect
MapWindowPoints

advapi32

RegQueryValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

OleUninitialize
CreateStreamOnHGlobal
OleLockRunning
OleInitialize
CoGetClassObject
CoTaskMemAlloc
StringFromGUID2
OleRun
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoCreateInstance

oleaut32

GetErrorInfo
OleCreateFontIndirect
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate
VariantCopy
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VarBstrCmp
DispCallFunc
VariantClear
SysAllocStringLen
LoadRegTypeLi
SysAllocString
LoadTypeLi
SysAllocStringByteLen

shlwapi

PathAddBackslashW
SHGetValueW
PathFindFileNameW

wininet

InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetGetConnectedState
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetCloseHandle
InternetCanonicalizeUrlW

urlmon

ObtainUserAgentString

crypt32

CryptMsgClose
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptQueryObject

gdi32

GetStockObject
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
DeleteObject
GetObjectW
GetDeviceCaps

Exports

Exports

CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/Update.xml
.xml
Modules/YJImage.dll
.dll windows:4 windows x86 arch:x86

2a64d7133342a663511da564f4851e62

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\Common\picture2005V31\YJImage\Release\YJImage.pdb

Imports

kernel32

FindResourceW
lstrlenA
MultiByteToWideChar
CloseHandle
CreateFileA
GetStringTypeW
GetStringTypeA
ReadFile
GetFileSize
CreateFileW
EnterCriticalSection
GetFileAttributesExW
SetErrorMode
LeaveCriticalSection
RaiseException
WriteFile
LockResource
LoadResource
SizeofResource
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
RtlUnwind
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetLastError
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetCPInfo
GetOEMCP
IsValidCodePage
SetEndOfFile
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

MessageBoxA
DestroyIcon
GetIconInfo
LoadImageW
ReleaseDC
GetDC
wsprintfW
CopyImage
UnregisterClassA

gdi32

SelectObject
CreateCompatibleDC
GetDIBits
CreateDIBSection
DeleteObject
GetObjectW
StretchBlt
DeleteDC
BitBlt

oleaut32

SysAllocStringLen

Exports

Exports

??0CYJImage@@QAE@XZ
??1CYJImage@@QAE@XZ
??4CYJImage@@QAEAAV0@ABV0@@Z
?AddTransparent@CYJImage@@SGPAUHBITMAP__@@PAU2@HK@Z
?AddTransparent@CYJImage@@SGPAUtagBITMAPINFOHEADER@@PAU2@HK@Z
?AlphaBlend2@CYJImage@@SAHPAUHBITMAP__@@0H@Z
?AlphaBlend2@CYJImage@@SAHPAUHBITMAP__@@AAUtagRECT@@01@Z
?AlphaBlend2@CYJImage@@SAHPAUHBITMAP__@@QAUtagBITMAPINFOHEADER@@H@Z
?AlphaBlend2@CYJImage@@SAHPAUtagBITMAPINFOHEADER@@PAUHBITMAP__@@H@Z
?AlphaBlend2@CYJImage@@SAHPAUtagBITMAPINFOHEADER@@QAU2@H@Z
?CheckHaveAlphaPixel@CYJImage@@SAHPAUHBITMAP__@@@Z
?CheckHaveAlphaPixel@CYJImage@@SAHQAUtagBITMAPINFOHEADER@@@Z
?CheckValidAlphaImage@CYJImage@@SAHPAUHBITMAP__@@@Z
?CheckValidAlphaImage@CYJImage@@SAHQAUtagBITMAPINFOHEADER@@@Z
?CloneImage@CYJImage@@SAPAUHBITMAP__@@PAU2@@Z
?CloneImage@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAU2@@Z
?ConvertFormat@CYJImage@@SAPAUHBITMAP__@@QAUtagBITMAPINFOHEADER@@@Z
?ConvertFormat@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAUHBITMAP__@@@Z
?ConvertImageToRGBA@CYJImage@@SAPAUHBITMAP__@@PAU2@K@Z
?ConvertToGray@CYJImage@@SAPAUHBITMAP__@@PAU2@HK@Z
?ConvertToMaskDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@QAU2@@Z
?ConvertToMaskHBITMAP@CYJImage@@SAPAUHBITMAP__@@PAU2@@Z
?CoolResizeImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HHH@Z
?CoolResizeImage@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAU2@HHH@Z
?CreateHBITMAP@CYJImage@@SAPAUHBITMAP__@@HHPAPAE@Z
?CutImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HHHH@Z
?DeleteDIB@CYJImage@@SAXPAUtagBITMAPINFOHEADER@@@Z
?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUHDC__@@HH@Z
?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUtagRECT@@PAUHDC__@@AAU3@@Z
?DrawImage@CYJImage@@SAHQAUtagBITMAPINFOHEADER@@PAUHDC__@@HH@Z
?DrawImage@CYJImage@@SAHQAUtagBITMAPINFOHEADER@@PAUtagRECT@@PAUHDC__@@AAU3@@Z
?DrawMaskData@CYJImage@@SAHPAUHBITMAP__@@PAUHDC__@@AAUtagRECT@@@Z
?IsIconFile@CYJImage@@SAHPBD@Z
?IsIconFile@CYJImage@@SAHPB_W@Z
?LoadCustomImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPB_WK@Z
?LoadCustomImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPB_WPAUCYJIMAGE_INFO@@K@Z
?LoadCustomImageDataDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAUHINSTANCE__@@IPB_WPAUCYJIMAGE_INFO@@K@Z
?LoadIconData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IH@Z
?LoadIconData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPAUCYJIMAGE_INFO@@H@Z
?LoadIconDataToDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAUHINSTANCE__@@IPAUCYJIMAGE_INFO@@H@Z
?LoadImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IK@Z
?LoadImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPAUCYJIMAGE_INFO@@K@Z
?LoadImageDataToDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PAUHINSTANCE__@@IPAUCYJIMAGE_INFO@@K@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PBDK@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PBDPAUCYJIMAGE_INFO@@KHPAPA_W@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PB_WK@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PB_WPAUCYJIMAGE_INFO@@KHPAPA_W@Z
?LoadImageFileToDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PBDPAUCYJIMAGE_INFO@@KHPAPA_W@Z
?LoadImageFileToDIB@CYJImage@@SAPAUtagBITMAPINFOHEADER@@PB_WPAUCYJIMAGE_INFO@@KHPAPA_W@Z
?Rotate90@CYJImage@@SAPAUHBITMAP__@@PAU2@H@Z
?SetTransparentColorToAlpha@CYJImage@@SAHPAUHBITMAP__@@K@Z
?SetTransparentColorToAlpha@CYJImage@@SAHPAUtagBITMAPINFOHEADER@@K@Z
?SwapLRTB@CYJImage@@SAPAUHBITMAP__@@PAU2@HH@Z
?TileImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HH@Z

Sections

.text
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/YJImageToCom.dll
.dll regsvr32 windows:4 windows x86 arch:x86

bbb07236774bbac62f9713dc496838a1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:c9:3b:83:fa:4a:56:c7:a1:ae:50:14:b7:cd:7a:a3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

21/04/2008, 00:00

Not After

21/04/2009, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Security Officer,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\YJImageToComV20\Release\YJImageToCom.pdb

Imports

kernel32

InitializeCriticalSection
lstrcmpiW
InterlockedDecrement
FindResourceW
LoadResource
FreeLibrary
GetModuleFileNameW
InterlockedIncrement
lstrlenW
GetThreadLocale
SetThreadLocale
HeapSize
SetLastError
SizeofResource
RaiseException
EnterCriticalSection
DeleteCriticalSection
GetLastError
LeaveCriticalSection
LoadLibraryExW
GetModuleHandleW
MultiByteToWideChar
GetStringTypeW
GetStringTypeA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetModuleHandleA
GetProcAddress
HeapCreate
HeapDestroy
WideCharToMultiByte
IsValidCodePage
GetOEMCP
GetCPInfo
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
VirtualAlloc
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
HeapAlloc
HeapFree
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
Sleep

user32

MessageBoxA
CharNextW
UnregisterClassA

advapi32

RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2

oleaut32

RegisterTypeLi
SysAllocString
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

yjimage

?CutImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HHHH@Z
?TileImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HH@Z
?Rotate90@CYJImage@@SAPAUHBITMAP__@@PAU2@H@Z
?SwapLRTB@CYJImage@@SAPAUHBITMAP__@@PAU2@HH@Z
?AlphaBlend2@CYJImage@@SAHPAUHBITMAP__@@AAUtagRECT@@01@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PB_WK@Z
?LoadImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IK@Z
?AddTransparent@CYJImage@@SGPAUHBITMAP__@@PAU2@HK@Z
?LoadIconData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IH@Z
?CoolResizeImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HHH@Z
?LoadCustomImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPB_WK@Z
?IsIconFile@CYJImage@@SAHPB_W@Z
?SetTransparentColorToAlpha@CYJImage@@SAHPAUHBITMAP__@@K@Z
?CheckValidAlphaImage@CYJImage@@SAHPAUHBITMAP__@@@Z
?AlphaBlend2@CYJImage@@SAHPAUHBITMAP__@@0H@Z
?ConvertImageToRGBA@CYJImage@@SAPAUHBITMAP__@@PAU2@K@Z
?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUtagRECT@@PAUHDC__@@AAU3@@Z
?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUHDC__@@HH@Z
?ConvertToGray@CYJImage@@SAPAUHBITMAP__@@PAU2@HK@Z
?CreateHBITMAP@CYJImage@@SAPAUHBITMAP__@@HHPAPAE@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/YJTools.dll
.dll regsvr32 windows:4 windows x86 arch:x86

981630d2bf3dbcc122b2baa7ebd3a1ec

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\YJTools\Release\YJTools.pdb

Imports

kernel32

HeapReAlloc
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
RtlUnwind
ExitProcess
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
GetFileTime
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
GetFileAttributesW
FileTimeToLocalFileTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
WritePrivateProfileStringW
GlobalFlags
FileTimeToSystemTime
GetModuleHandleA
SetErrorMode
GetTickCount
GetCurrentProcessId
CloseHandle
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
FreeResource
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryW
CompareStringW
LoadLibraryA
GetVersionExA
GetProcAddress
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
LocalFree
MulDiv
SetThreadLocale
GetThreadLocale
GetVersionExW
WideCharToMultiByte
lstrlenA
lstrcmpW
LockResource
GetModuleFileNameW
lstrcmpiW
LeaveCriticalSection
LoadLibraryExW
FreeLibrary
FindResourceW
InterlockedDecrement
LoadResource
InterlockedIncrement
GetLastError
SizeofResource
GetModuleHandleW
InitializeCriticalSection
lstrlenW
MultiByteToWideChar
DeleteCriticalSection
RaiseException
SetHandleCount
EnterCriticalSection

user32

EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
LoadCursorW
GetSysColorBrush
UnregisterClassW
RegisterClipboardFormatW
GetWindowThreadProcessId
SetCursor
GetMessageW
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
MessageBeep
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
SetForegroundWindow
CharNextW
GetKeyState
UnregisterClassA
EnableWindow
UpdateWindow
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
PtInRect
DestroyMenu
GetDlgCtrlID
SendMessageW
CharUpperW
IsChild
PostThreadMessageW
GetAncestor
GetActiveWindow
GetWindow
GetWindowTextW
PostMessageW
GetParent
GetSystemMetrics
GetClientRect
SetWindowPos
wsprintfW
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
CopyAcceleratorTableW
IsWindow
GetWindowLongW
IsWindowVisible
IsWindowEnabled
CopyRect
IsRectEmpty
SetRect
OffsetRect
IntersectRect
EqualRect
GetWindowRect
GetDC
ReleaseDC
InvalidateRect
InvalidateRgn
SetCapture
GetFocus
GetDesktopWindow
DefWindowProcW
CallWindowProcW
SetWindowLongW
SystemParametersInfoA
IsIconic
GetWindowPlacement
UnhookWindowsHookEx
ReleaseCapture
SetFocus
RegisterWindowMessageW

gdi32

GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SelectObject
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetTextColor
GetBkColor
GetStockObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetRgnBox
CreateRectRgnIndirect
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CoFreeUnusedLibraries
OleUninitialize
CLSIDFromString
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleInitialize
StringFromGUID2
OleRun
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VarUI4FromStr
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
VarBstrCmp
SysAllocStringLen
SysReAllocStringLen
SysAllocString
VarBstrCat
VariantInit
VariantClear
SafeArrayCreate
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
VariantTimeToSystemTime
SystemTimeToVariantTime
VariantChangeType
OleCreateFontIndirect
VariantCopy
GetErrorInfo

wininet

InternetGetCookieW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/YahooToolBar.dll
.dll regsvr32 windows:4 windows x86 arch:x86

47263690aa0e99e5668606691cea2c6b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CreateMutexW
LoadLibraryA
GetCommandLineW
GetThreadLocale
SetThreadLocale
lstrcpyW
lstrlenA
HeapFree
GetProcessHeap
lstrcatW
GetFullPathNameW
SetErrorMode
CopyFileW
lstrcmpW
lstrcpynW
GetFileSize
GetVersion
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
GetStringTypeW
GetStringTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTimeZoneInformation
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
RtlUnwind
Sleep
TlsFree
InterlockedDecrement
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
CreateThread
ExitThread
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCommandLineA
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
InterlockedCompareExchange
TerminateThread
ResumeThread
GetExitCodeProcess
CreateProcessW
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
SetLastError
ReadFile
OpenMutexW
CreateFileW
ReleaseMutex
GetModuleFileNameW
GetLastError
LoadLibraryExW
DeleteFileW
FindResourceW
LoadResource
SizeofResource
GlobalUnlock
GlobalLock
FlushInstructionCache
MultiByteToWideChar
LoadLibraryW
GetCurrentThreadId
GetCurrentProcess
OutputDebugStringA
FindResourceExW
lstrlenW
LockResource
InitializeCriticalSection
GetFileAttributesW
SystemTimeToFileTime
GetSystemTime
SetFileTime
CreateFileA
RaiseException
GetModuleHandleW
FreeLibrary
GetProcAddress
WideCharToMultiByte
WriteFile
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
FileTimeToSystemTime
GetModuleHandleA
lstrcmpiW
CloseHandle
LeaveCriticalSection
TlsSetValue
FileTimeToLocalFileTime
GetVersionExW
WaitForSingleObject
CreateDirectoryW
FindFirstFileW
FindClose
RemoveDirectoryW
FindNextFileW

user32

UnregisterClassA
GetWindowTextW
wsprintfA
GetMonitorInfoW
MonitorFromRect
SwitchDesktop
GetThreadDesktop
InvalidateRect
ShowWindow
GetClientRect
DestroyWindow
DefWindowProcW
GetParent
GetSysColor
GetClassNameW
GetWindow
GetDC
ReleaseDC
GetPropW
SetWindowLongW
RemovePropW
IsWindow
GetWindowTextLengthW
CallWindowProcW
GetForegroundWindow
SendMessageTimeoutW
IsRectEmpty
SetRectEmpty
CopyImage
DrawEdge
MapWindowPoints
MessageBoxW
SetParent
ClientToScreen
UpdateWindow
IntersectRect
ScreenToClient
GetDesktopWindow
DispatchMessageW
MoveWindow
TranslateMessage
PeekMessageW
OffsetRect
SetWindowTextW
CopyRect
CharNextW
IsWindowVisible
PostMessageW
GetClassInfoExW
EndPaint
GetFocus
DrawTextW
RegisterClassExW
SetFocus
LoadCursorW
SetCursor
GetKeyState
SendMessageW
wsprintfW
WindowFromPoint
ReleaseCapture
GetCursorPos
RegisterWindowMessageW
SetWindowPos
SetCapture
GetWindowRect
GetCapture
KillTimer
CreateWindowExW
SetPropW
PtInRect
GetDlgItem
SetTimer
GetWindowLongW
SystemParametersInfoW
BeginPaint

gdi32

GetObjectW
ExtTextOutW
SetBkColor
CreatePen
CreateCompatibleBitmap
DeleteDC
BitBlt
SetWindowOrgEx
CreateCompatibleDC
GetDeviceCaps
GetStockObject
DeleteObject
Rectangle
SetBkMode
CreateSolidBrush
SelectObject
SetTextColor
GetTextExtentPoint32W
CreateFontIndirectW
PatBlt

advapi32

RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoTaskMemFree
RevokeDragDrop
CoTaskMemRealloc
ReleaseStgMedium
RegisterDragDrop

oleaut32

VariantCopy
SysAllocStringByteLen
SysStringByteLen
UnRegisterTypeLi
RegisterTypeLi
SafeArrayLock
SafeArrayCreate
VariantChangeType
SysStringLen
LoadTypeLi
LoadRegTypeLi
VariantClear
SysAllocString
VariantInit
DispCallFunc
VarUI4FromStr
SysAllocStringLen
SysFreeString
VarBstrCmp
GetErrorInfo
SafeArrayUnlock

shlwapi

PathAddBackslashW
PathFindExtensionW
SHDeleteValueW
PathFindFileNameW
SHGetValueW
SHSetValueW

urlmon

ObtainUserAgentString

msimg32

GradientFill

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME
ImmGetContext

yjimage

?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUHDC__@@HH@Z
?CoolResizeImage@CYJImage@@SAPAUHBITMAP__@@PAU2@HHH@Z
?ConvertToGray@CYJImage@@SAPAUHBITMAP__@@PAU2@HK@Z
?DrawImage@CYJImage@@SAHPAUHBITMAP__@@PAUtagRECT@@PAUHDC__@@AAU3@@Z
?LoadImageFile@CYJImage@@SAPAUHBITMAP__@@PB_WK@Z
?ConvertImageToRGBA@CYJImage@@SAPAUHBITMAP__@@PAU2@K@Z
?CheckValidAlphaImage@CYJImage@@SAHPAUHBITMAP__@@@Z
?SetTransparentColorToAlpha@CYJImage@@SAHPAUHBITMAP__@@K@Z
?LoadCustomImageData@CYJImage@@SAPAUHBITMAP__@@PAUHINSTANCE__@@IPB_WK@Z

crypt32

CertCloseStore
CryptMsgGetParam
CertGetNameStringW
CertFindCertificateInStore
CryptQueryObject
CryptMsgClose
CertFreeCertificateContext

wininet

InternetConnectW
HttpOpenRequestW
InternetOpenW
InternetCloseHandle
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
InternetGetConnectedState
InternetGetCookieW

shell32

SHFileOperationW
SHGetSpecialFolderPathW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/def_bland20.dll
.dll regsvr32 windows:4 windows x86 arch:x86

d3de562f589a0a5b0cc5363148e3ea15

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\def_bland\Release-IF2\def_bland20.pdb

Imports

kernel32

GetProcAddress
GetCurrentThreadId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetCommandLineA
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
SetLastError
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
LeaveCriticalSection
EnterCriticalSection
RaiseException
DeleteCriticalSection
InterlockedDecrement
InitializeCriticalSection
TlsFree
InterlockedIncrement

user32

UnregisterClassA
TrackPopupMenuEx
CreatePopupMenu
GetCursorPos
ReleaseDC
GetDC
GetMonitorInfoW
MonitorFromPoint
DestroyMenu
MessageBoxA
AppendMenuW

gdi32

GetDeviceCaps
DeleteObject
GetObjectW

ole32

CoCreateInstance

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/def_comment20.dll
.dll regsvr32 windows:4 windows x86 arch:x86

0610c46489cc3ac9d1558130811ce753

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\def_comment\Release-IF2\def_comment20.pdb

Imports

kernel32

InterlockedDecrement
GetProcAddress
GetCurrentThreadId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetCommandLineA
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedIncrement
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsDebuggerPresent
DeleteCriticalSection

user32

GetCursorPos
CreatePopupMenu
AppendMenuW
DestroyMenu
UnregisterClassA
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
GetDC
TrackPopupMenuEx
MessageBoxA

gdi32

GetObjectW
DeleteObject
GetDeviceCaps

ole32

CoCreateInstance

oleaut32

VariantInit
SysFreeString
SysAllocString
SysAllocStringLen
VariantClear

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/def_customize20.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a06c58c38316a9cfa06d9d8c199fa170

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\def_customize\Release\def_customize20.pdb

Imports

kernel32

FlushFileBuffers
CloseHandle
InterlockedDecrement
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
WriteFile
SetFilePointer
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
FlushInstructionCache
GetCurrentProcess
FindResourceW
EnterCriticalSection
GetCurrentThreadId
SetLastError
RaiseException
FindResourceExW
LoadResource
LockResource
lstrcpyW
lstrlenW
LoadLibraryW
GetProcAddress
FreeLibrary
GetVersionExW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetCommandLineA
GetSystemTimeAsFileTime
HeapCreate
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
RtlUnwind
GetStringTypeA
GetStringTypeW

user32

SetDlgItemInt
MessageBoxA
DialogBoxParamW
SendMessageW
GetSysColor
ScreenToClient
CreateWindowExW
DrawTextW
GetMenuItemInfoW
GetClassInfoExW
SetMenuItemInfoW
EndMenu
LoadCursorW
AppendMenuW
GetDC
ReleaseDC
RegisterClassExW
TrackPopupMenuEx
GetMenuItemCount
OffsetRect
MonitorFromPoint
GetMonitorInfoW
GetCursorPos
GetMenuItemRect
PtInRect
GetKeyState
UnregisterClassA
GetDlgItemInt
wsprintfW
SetWindowTextW
GetWindowRect
IsWindow
GetParent
SystemParametersInfoW
DefWindowProcW
GetClientRect
MapWindowPoints
SetWindowLongW
GetWindow
CreatePopupMenu
GetDlgItem
SetWindowPos
DestroyMenu
EndDialog
CallWindowProcW
EnableWindow
DestroyWindow
GetWindowLongW

gdi32

DeleteObject
GetObjectW
CreateFontIndirectW
GetDeviceCaps
ExtTextOutW
SetBkColor
SetTextColor
SetBkMode
SelectObject
GetStockObject

shell32

ShellExecuteW

ole32

CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
PropertySheetW
DestroyPropertySheetPage

crypt32

CertFreeCertificateContext
CryptMsgGetParam
CryptQueryObject
CertGetNameStringW
CryptMsgClose
CertFindCertificateInStore
CertCloseStore

imm32

ImmAssociateContextEx

advapi32

RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

Exports

Exports

CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/def_search20.dll
.dll regsvr32 windows:4 windows x86 arch:x86

a0bfec446a1e4913a449b35e8d6a7f44

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\def_search\Release-IF2\def_search20.pdb

Imports

kernel32

InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetCurrentThreadId
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetVersionExA
GetCommandLineA
GetLastError
TerminateProcess
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
MultiByteToWideChar
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
GetStringTypeW
DeleteCriticalSection
GetCurrentProcess
InterlockedDecrement

user32

GetCursorPos
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
DestroyMenu
UnregisterClassA
GetMonitorInfoW
ReleaseDC
GetDC
SystemParametersInfoW
OffsetRect
MessageBoxA
InflateRect
DrawTextW
MonitorFromPoint

gdi32

ExtTextOutW
SetBkColor
DeleteObject
GetObjectW
CreateFontIndirectW
SelectObject
GetDeviceCaps

ole32

CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocString
VariantClear

msimg32

GradientFill

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

Exports

Exports

CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/yjem.dll
.dll regsvr32 windows:4 windows x86 arch:x86

9c67718899589920ca0bc95f3a91e1ab

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\yjem\Release-IF2\yjem.pdb

Imports

kernel32

LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
InterlockedDecrement
EnterCriticalSection
InterlockedIncrement
CloseHandle
CreateMutexW
ReleaseMutex
GlobalAlloc
GlobalFree
GlobalUnlock
GlobalLock
DeleteFileW
lstrcmpW
MultiByteToWideChar
lstrcpynW
lstrcmpiW
GetCurrentProcessId
GetCurrentThreadId
WideCharToMultiByte
CompareStringW
CompareStringA
SetEndOfFile
lstrlenW
GetVersion
FreeLibrary
GetProcAddress
LoadLibraryW
OutputDebugStringA
RaiseException
GetLastError
GetModuleHandleW
SetLastError
GetModuleHandleA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetTickCount
QueryPerformanceCounter
Sleep
IsValidCodePage
GetOEMCP
GetCPInfo
GetTimeZoneInformation
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileAttributesW
IsBadReadPtr
GetModuleFileNameW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
RtlUnwind
CreateThread
CreateFileW
WriteFile
lstrcpyW
SetFileAttributesW
MoveFileExW
GetFileAttributesExW
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryW
lstrlenA
FindFirstFileW
FindClose
SetErrorMode
FindNextFileW
ReadFile
lstrcpyA
lstrcatA
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
MulDiv
GetCurrentProcess
FlushInstructionCache
ResumeThread
WaitForSingleObject
TerminateThread
GetVersionExW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetSystemTimeAsFileTime
GetCommandLineA
GetConsoleCP
GetConsoleMode
SetFilePointer
ExitThread

user32

SetWindowLongW
GetWindowLongW
MessageBoxA
SendMessageW
ShowCaret
GetClassNameW
CreateCaret
GetWindow
IsWindow
GetDesktopWindow
GetKeyState
wsprintfA
SetCapture
GetWindowRect
RegisterWindowMessageW
SetWindowPos
RegisterClassExW
GetClassInfoExW
RedrawWindow
GetMessageW
MoveWindow
TranslateMessage
ReleaseDC
DestroyWindow
DispatchMessageW
LoadCursorW
ScreenToClient
GetDC
DestroyAcceleratorTable
ClientToScreen
GetDlgItem
EndPaint
GetWindowTextW
CallNextHookEx
UnhookWindowsHookEx
FillRect
CreateWindowExW
SetWindowsHookExW
InvalidateRgn
CharNextW
CreateAcceleratorTableW
SetWindowTextW
IsWindowVisible
InvalidateRect
GetFocus
BeginPaint
GetSysColor
IsChild
SetTimer
KillTimer
GetWindowTextLengthW
ShowWindow
ReleaseCapture
SetForegroundWindow
MapWindowPoints
SystemParametersInfoW
GetActiveWindow
MessageBoxW
MonitorFromRect
GetMonitorInfoW
MonitorFromPoint
CreatePopupMenu
TrackPopupMenuEx
AppendMenuW
DestroyMenu
GetCursorPos
UnregisterClassA
DestroyCaret
SetClipboardData
HideCaret
EmptyClipboard
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClientRect
SetFocus
EnumChildWindows
LoadIconW
GetAncestor
PostMessageW
wsprintfW
GetParent
CallWindowProcW
DefWindowProcW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteValueW
CryptDecrypt
CryptReleaseContext
CryptEncrypt
CryptDestroyKey
CryptDeriveKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

ole32

OleInitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoGetClassObject
OleLockRunning
CoTaskMemFree
OleRun
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoCreateInstance

oleaut32

GetErrorInfo
SafeArrayLock
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCreate
SysAllocStringByteLen
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
DispCallFunc
VariantCopy
SysAllocStringLen
VariantInit
VariantClear
SysFreeString
VarBstrCmp
VarBstrCat
SysStringLen
SysAllocString

shlwapi

PathFindFileNameA
PathAddBackslashW
PathFindFileNameW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetCanonicalizeUrlW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
InternetConnectW
InternetOpenW
InternetGetCookieW
InternetGetConnectedState
InternetGoOnlineW
InternetCrackUrlW

crypt32

CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CertCloseStore
CryptMsgClose

urlmon

ObtainUserAgentString

gdi32

GetStockObject
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps

shell32

SHGetSpecialFolderPathW

Exports

Exports

CloseBrowserWindow
CreatePlugin
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/yjgh.dll
.dll windows:4 windows x86 arch:x86

ae1c6c623544b8bbb9985a1a228b2160

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\yjgh\Release\yjgh.pdb

Imports

user32

MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
PostMessageW
IsWindow
GetParent

kernel32

TerminateProcess
GetLastError
HeapFree
VirtualFree
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsSetValue
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
InitializeCriticalSection
Sleep
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

Exports

Exports

FreeHook
FreeSuggestHook
SetHook
SetSuggestHook

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shareda
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/yjop.exe
.exe windows:4 windows x86 arch:x86

ac09dafc8dd37d06ab528e1f28cf05e9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Fujisan\yjop\Release\yjop.pdb

Imports

kernel32

GetProcAddress
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
lstrcmpW
LoadLibraryW
lstrcpyW
GetCurrentThreadId
FindResourceW
EnterCriticalSection
RaiseException
SizeofResource
LockResource
LeaveCriticalSection
LoadResource
SetLastError
GetCurrentProcess
FindResourceExW
lstrcmpiW
FlushInstructionCache
CreateEventW
CreateThread
CloseHandle
SetEvent
GetLastError
WaitForSingleObject
GetLongPathNameW
Sleep
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
WideCharToMultiByte
GetModuleHandleW
MultiByteToWideChar
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
lstrlenW
GetCommandLineW
GetConsoleCP
WriteFile
SetFilePointer
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
TlsFree
TlsSetValue
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExW
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapReAlloc
HeapSize
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
GetEnvironmentStrings

user32

RegisterWindowMessageW
LoadCursorW
GetClassInfoExW
GetDesktopWindow
CharNextW
SetWindowLongW
GetWindowLongW
DefWindowProcW
RegisterClassExW
CreateWindowExW
MessageBoxA
CharUpperW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
PostQuitMessage
CallWindowProcW
DestroyWindow
UnregisterClassA

advapi32

RegDeleteKeyW
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoUninitialize
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc

oleaut32

UnRegisterTypeLi
RegisterTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
LoadTypeLi
LoadRegTypeLi
SysStringLen

shlwapi

PathRemoveFileSpecW
PathStripPathW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Modules/yphb.exe
.exe windows:4 windows x86 arch:x86

247e4df32984e0370719107bbfc147a6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Eclipse\Fujisan\AntiPhishingPlugin\phishing\bin\yphb.pdb

Imports

kernel32

GetLastError
DeleteFileA
MoveFileA
GetFileAttributesExA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFileTime
SystemTimeToFileTime
GetSystemTime
lstrcpyA
CreateDirectoryA
lstrlenW
lstrcmpiA
GetModuleFileNameA
MultiByteToWideChar
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
SetLastError
Sleep
TerminateThread
FreeLibrary
LoadLibraryExA
GetModuleHandleA
ResumeThread
lstrcmpA
GetProcessHeap
InterlockedExchange
CompareStringA
CompareStringW
GetProcAddress
GetVersionExA
CreateProcessA
CreateThread
CreateEventA
SetEvent
GetCommandLineA
GetLongPathNameA
SetEnvironmentVariableA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesA
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetFileSize
ReadFile
CreateFileA
WriteFile
lstrlenA
CloseHandle
CreateMutexA
WaitForSingleObject
ReleaseMutex
HeapFree
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetCPInfo
GetStdHandle
ExitProcess
GetTimeZoneInformation
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy

user32

CharNextA
UnregisterClassA
SetWindowLongA
DefWindowProcA
RegisterClassExA
CreateWindowExA
PostQuitMessage
GetWindowLongA
DestroyWindow
CallWindowProcA
GetDesktopWindow
PostMessageA
GetClassInfoExA
LoadCursorA
CharUpperA
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
RegisterWindowMessageA

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA

shell32

SHGetSpecialFolderPathA

ole32

StringFromGUID2
CoRegisterClassObject
CoCreateInstance
CoRevokeClassObject
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoUninitialize

oleaut32

SysFreeString
SysAllocStringLen
VarUI4FromStr
VariantInit
VariantClear
SysAllocString
SysStringLen
LoadRegTypeLi
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathRemoveFileSpecA
PathStripPathA
PathAddBackslashA

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetCloseHandle

urlmon

ObtainUserAgentString

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Modules/ypho.dll
.dll regsvr32 windows:4 windows x86 arch:x86

da0d29eb7e9c1e493495048a21cfd4c9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Eclipse\Fujisan\AntiPhishingPlugin\phishing\bin\ypho.pdb

Imports

kernel32

GetFileTime
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
GetVolumeInformationA
WritePrivateProfileStringA
HeapAlloc
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
HeapDestroy
HeapCreate
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
GetOEMCP
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
Sleep
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCPInfo
GlobalFlags
IsProcessorFeaturePresent
InterlockedCompareExchange
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LocalAlloc
GetModuleFileNameW
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcmpW
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
GetThreadLocale
SetThreadLocale
GetFullPathNameA
GetProcAddress
LoadLibraryA
GetVersionExA
CreateThread
SetThreadPriority
ResumeThread
SetEvent
TerminateThread
CreateEventA
ResetEvent
GetTickCount
FindFirstFileA
FindClose
SetErrorMode
CreateDirectoryA
lstrcpyA
GlobalAlloc
GlobalFree
GetSystemTime
SystemTimeToFileTime
SetFileTime
GetFileAttributesA
GetFileSize
ReadFile
CreateFileA
WriteFile
GetFileAttributesExA
DeleteFileA
MoveFileA
GetModuleHandleA
LoadLibraryExA
FreeLibrary
SetLastError
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
IsDBCSLeadByte
InterlockedIncrement
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareStringW
CompareStringA
InterlockedDecrement
lstrcmpiA
lstrlenA
lstrcmpA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
HeapFree
InterlockedExchange
CreateMutexA
WaitForSingleObject
ReleaseMutex
SetUnhandledExceptionFilter
CloseHandle

user32

GetMessageA
ValidateRect
PostQuitMessage
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetDesktopWindow
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetWindowThreadProcessId
MapWindowPoints
GetKeyState
SetForegroundWindow
IsWindowVisible
GetMenu
MessageBoxA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
GetWindow
GetParent
GetClassNameA
CharNextA
GetDlgCtrlID
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDC
ReleaseDC
MapDialogRect
SetWindowContextHelpId
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
UnregisterClassA
GetSysColorBrush
DestroyMenu
PostThreadMessageA
GetMessagePos
PostMessageA
SetTimer
KillTimer
DestroyWindow
CharUpperA
DefWindowProcA
SendMessageA
IsWindow
SetWindowLongA
GetWindowLongA
GetClassInfoExA
LoadCursorA
CallWindowProcA
RegisterClassExA
CreateWindowExA
SetRectEmpty
CopyRect
PtInRect
OffsetRect
UpdateWindow
InvalidateRect
EnableWindow
GetWindowTextA
GetWindowRect
GetCursorPos
DispatchMessageA
TranslateMessage
PeekMessageA
GetClientRect
GetSystemMetrics
SetWindowPos
SetPropA
SetCursor
GetCapture
SetCapture
ClientToScreen
ReleaseCapture
GetPropA
RemovePropA
GetDlgItem

gdi32

CreateRectRgnIndirect
GetRgnBox
GetBkColor
GetTextColor
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SetMapMode
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
GetObjectA
DeleteObject
SelectObject
GetClipBox
SetTextColor
SetBkColor
GetStockObject
Escape

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyA
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

shlwapi

PathAddBackslashA
UrlUnescapeA
PathFindExtensionA
PathStripToRootA
PathFindFileNameA
PathIsUNCA

oledlg

ord8

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocStringLen
VarUI4FromStr
DispCallFunc
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
UnRegisterTypeLi
RegisterTypeLi
SysAllocStringByteLen
VariantChangeType
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
OleCreateFontIndirect
VariantCopy
GetErrorInfo
SysFreeString

urlmon

ObtainUserAgentString

ws2_32

WSACleanup
gethostbyname
WSAStartup

wininet

InternetOpenA
InternetReadFile
InternetCloseHandle
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetOpenUrlA
HttpQueryInfoA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 264KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Modules/yrestart.exe
.exe windows:4 windows x86 arch:x86

76c2ba23501cf9b50e51d9f168fd5ae9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalFree
ExitProcess
lstrcatW
lstrcpyW
GlobalAlloc

shell32

SHGetSpecialFolderPathW

shlwapi

PathAddBackslashW

rstrtmgr

RmEndSession
RmRestart
RmRemoveFilter
RmStartSession
RmRegisterResources
RmGetList
RmAddFilter
RmShutdown

Sections

.text
Size: 1024B - Virtual size: 702B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 710B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IsUninstOK.exe
.exe windows:4 windows x86 arch:x86

4c39cf24c1fe04d4ad7c607bc2456012

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
MultiByteToWideChar
GetModuleHandleW
EnterCriticalSection
SizeofResource
GetLastError
GetCurrentThreadId
LoadLibraryExW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
GetSystemTimeAsFileTime
LeaveCriticalSection
GetTickCount
QueryPerformanceCounter
GetCommandLineW
RaiseException
GetStartupInfoW
HeapReAlloc
GetModuleHandleA
HeapSize
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
VirtualAlloc
InterlockedDecrement
GetCurrentProcessId
InterlockedIncrement
lstrcmpiW
SetLastError
GetCurrentProcess
lstrlenW
DeleteCriticalSection
FreeLibrary
LoadResource
FlushInstructionCache
FindResourceW
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetModuleFileNameW
ExitProcess
VirtualQuery

user32

GetSystemMetrics
UnregisterClassA
GetActiveWindow
CharNextW
DialogBoxParamW
DestroyWindow
MapWindowPoints
SetWindowPos
EndDialog
GetSysColorBrush
GetDlgItem
SetFocus
SetWindowLongW
SendMessageW
GetWindowLongW
LoadImageW
GetWindow
SystemParametersInfoW
GetWindowRect
GetParent
GetClientRect
DefWindowProcW

gdi32

SetBkMode
SetTextColor

advapi32

RegDeleteValueW
RegCreateKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW

ole32

CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoCreateInstance

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/y!jTools.dll
.dll windows:4 windows x86 arch:x86

85790f8a6f7459131154db61a1c78b40

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\Installer702\Tools\plugin\y!jTools\Release\y!jTool.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVersionExA
lstrcmpA
FreeLibrary
MultiByteToWideChar
GetProcAddress
LoadLibraryA

user32

SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindow
ScreenToClient
GetAsyncKeyState
wsprintfA
PostMessageA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows

urlmon

ObtainUserAgentString

wininet

InternetSetCookieA
InternetGetConnectedState

Exports

Exports

CenterWindow
ClearCookie
GetDefaultUserAgent
GetSpecialKey
GetUserAgent
IsOnline
PostMessageToAllToolbar
ResizeHeight
ResizeHeight2
ResizeWidth
ResizeWidth2

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/doit.exe
.exe windows:4 windows x86 arch:x86

d283e7e2f9551816a6f0cecbb0038d8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Jobs\widget\Installer\--- work ---\doit\Release\doit.pdb

Imports

kernel32

GetCommandLineA
ExitProcess
lstrcpyA
GetCurrentDirectoryA
WaitForSingleObject
GetExitCodeProcess

shell32

ShellExecuteExA

Sections

.text
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1d:e7:ba:18:6d:32:71:8f:cd:25:42:38:f2:33:88:f5
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/04/2010, 00:00

Not After

14/04/2011, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 52KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/GetModuleVersion.dll
.dll windows:4 windows x86 arch:x86

8cdfe293cedd39c001b5c76492dc0a3f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\tools\NSIS\kw_plugins\GetModuleVersion\Release\GetModuleVersion.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GlobalAlloc
GetFullPathNameA
GlobalFree
lstrcpyA
lstrcpynA

user32

wsprintfA

Exports

Exports

GetProductVersion

Sections

.text
Size: 512B - Virtual size: 466B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/YTVersion.dll
.dll windows:4 windows x86 arch:x86

7a844e26dba981fde4c096c2d432ee56

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Jobs\YTB_new\Installer\Tools\plugin\YTVersion\Release\YTVersion.pdb

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalAlloc
GlobalFree

user32

wsprintfA

Exports

Exports

FormatForFeed

Sections

.text
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 431B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

0719bab1ded9f205ce51560901cb3911

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strtol
_adjust_fdiv
malloc
_initterm
free
strrchr
memset
strstr
strchr
strtoul

kernel32

CloseHandle
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
WriteFile
ReadFile
lstrlenA
lstrcmpA
lstrcpynA
GetLastError
GlobalFree
lstrcmpiA
DeleteFileA
SleepEx
SetFilePointer
GetTickCount
lstrcatA
GetFileSize
CreateFileA

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
SetWindowTextA
IsWindow
SendMessageA
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
InternetCloseHandle
InternetErrorDlg
InternetSetFilePointer
InternetQueryOptionA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/unfinish_no_bmp_ja.ini
$PLUGINSDIR/y!jTools.dll
.dll windows:4 windows x86 arch:x86

85790f8a6f7459131154db61a1c78b40

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Fujisan\Installer702\Tools\plugin\y!jTools\Release\y!jTool.pdb

Imports

kernel32

GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
GetVersionExA
lstrcmpA
FreeLibrary
MultiByteToWideChar
GetProcAddress
LoadLibraryA

user32

SetWindowPos
SystemParametersInfoA
GetWindowRect
IsWindow
ScreenToClient
GetAsyncKeyState
wsprintfA
PostMessageA
GetWindowTextA
GetClassNameA
EnumChildWindows
EnumWindows

urlmon

ObtainUserAgentString

wininet

InternetSetCookieA
InternetGetConnectedState

Exports

Exports

CenterWindow
ClearCookie
GetDefaultUserAgent
GetSpecialKey
GetUserAgent
IsOnline
PostMessageToAllToolbar
ResizeHeight
ResizeHeight2
ResizeWidth
ResizeWidth2

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 286B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ytcnt.exe
.exe windows:4 windows x86 arch:x86

4c9ae336f1c00a8e638347fbad86fcc5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:dc:c7:cb:1a:e9:7c:8d:2b:98:ca:7c:14:f0:05:5c
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/04/2009, 00:00

Not After

16/04/2010, 23:59

Subject

CN=Yahoo Japan Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Operation,O=Yahoo Japan Corporation,L=Minato-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
MoveFileExW
RemoveDirectoryW
GetProcAddress
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
LeaveCriticalSection
GetProcessHeap
HeapFree
WritePrivateProfileStringW
GetLongPathNameW
GetModuleFileNameW
lstrcmpW
FlushInstructionCache
SetFileAttributesW
SetLastError
lstrcmpiW
GetTickCount
GetCurrentThreadId
EnterCriticalSection
LocalFree
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetLastError
DeleteFileW
GetFileAttributesW
RaiseException
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
CloseHandle
WriteFile
CreateFileW
WideCharToMultiByte
FindFirstFileW
lstrcatW
lstrcpyW
FindClose
FindNextFileW
GetCurrentDirectoryW
FreeLibrary
LoadLibraryW
SetCurrentDirectoryW
CreateDirectoryW
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetStringTypeA
RtlUnwind
Sleep
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
LCMapStringW
LCMapStringA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
GetModuleHandleW
MultiByteToWideChar
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetSystemTimeAsFileTime
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
TlsAlloc

user32

PostMessageW
SetWindowLongW
GetWindowLongW
GetWindow
GetParent
GetDesktopWindow
KillTimer
EndDialog
SetTimer
GetActiveWindow
DialogBoxParamW
SystemParametersInfoW
GetWindowRect
GetClientRect
MapWindowPoints
UnregisterClassA
SetWindowPos
RegisterWindowMessageW
GetClassNameW
WaitForInputIdle

advapi32

RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
RegCreateKeyExW
FreeSid
SetFileSecurityW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegUnLoadKeyW
RegLoadKeyW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExW

shell32

SHGetSpecialFolderPathW

ole32

CoCreateInstance
OleInitialize
CoUninitialize
OleRun
CoTaskMemFree

oleaut32

VariantClear

shlwapi

PathStripPathW
PathRemoveBackslashW
SHDeleteEmptyKeyW
PathRemoveFileSpecW
PathFindExtensionW
PathAddBackslashW

wininet

InternetSetCookieW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3fCertificate

Extended Key Usages

0d:62:ed:91:37:a0:1c:66:a7:c5:06:ca:67:e8:62:b2:61:5d:ee:0bSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 24KB - Virtual size: 23KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 1012B

7868cd55f358bfb360f9eb8ce1512ca0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 472B

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3fCertificate

Extended Key Usages

f0:30:5b:d1:ea:23:ce:d1:59:bf:61:f4:ad:e4:e9:1d:f1:9e:53:a7Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

0a
Certificate

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

0d:62:ed:91:37:a0:1c:66:a7:c5:06:ca:67:e8:62:b2:61:5d:ee:0b
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 24KB - Virtual size: 23KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 472B

0a
Certificate

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

f0:30:5b:d1:ea:23:ce:d1:59:bf:61:f4:ad:e4:e9:1d:f1:9e:53:a7
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 21KB - Virtual size: 21KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 300B

0a
Certificate

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

a0:cd:bc:c7:11:7f:02:0d:37:64:3f:ff:96:74:b6:94:fb:21:b7:c7
Signer

.text
Size: 176KB - Virtual size: 174KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 20KB - Virtual size: 17KB

0a
Certificate

1f:46:25:61:71:93:1a:7c:b5:83:4e:6a:2c:32:60:3f
Certificate

f0:c8:59:4f:b8:3b:fd:07:31:07:6a:b5:6e:30:fe:1d:ac:e7:61:ad
Signer