301c47adaf8a61e752c2c6ae70a6125a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

301c47adaf8a61e752c2c6ae70a6125a_JaffaCakes118
Size

9.2MB
MD5

301c47adaf8a61e752c2c6ae70a6125a
SHA1

f2c4f724e0e536a295dc20f7ba95c093db1231a8
SHA256

cf165079a6bd8e20dbc1e55fc83636bb6d15e07c2dfa6304f08d044c663dac0d
SHA512

82dd7fe9d1a5ae03e795a86eeef8fcd9a5f00be402f6e5744e46123baa6a83f78dc9edfe1233896fba04333db25e5a1aa00deb0ceef585b1d79fc6f70eb88c2c
SSDEEP

196608:LsPWPZm7HjM7yie8sA3Ld1x5rqfct5U0yqRE0XU1WlprhneG:HZqM2/6dLYfKUn10XEWlp1nL

Score

8^/10

upx

Malware Config

Signatures

Patched UPX-packed file 1 IoCs

Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.

resource	yara_rule
static1/unpack001/enswerapiworker.dll	patched_upx

ACProtect 1.3x - 1.4x DLL software 3 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$PLUGINSDIR/version.dll	acprotect
static1/unpack005/$PLUGINSDIR/version.dll	acprotect
static1/unpack001/nat.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$PLUGINSDIR/version.dll	upx
static1/unpack005/$PLUGINSDIR/version.dll	upx
static1/unpack001/nat.dll	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
301c47adaf8a61e752c2c6ae70a6125a_JaffaCakes118
unpack001/$PLUGINSDIR/AdvSplash.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/nsWeb.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/version.dll
unpack003/out.upx
unpack004/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/KillProcDLL.dll
unpack005/$PLUGINSDIR/System.dll
unpack005/$PLUGINSDIR/nsExec.dll
unpack005/$PLUGINSDIR/version.dll
unpack006/out.upx
unpack007/out.upx

NSIS installer 8 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/BTUpdate.exe	nsis_installer_1
static1/unpack001/$TEMP/BTUpdate.exe	nsis_installer_2
static1/unpack001/$TEMP/JJangQSUpdateU.exe	nsis_installer_1
static1/unpack001/$TEMP/JJangQSUpdateU.exe	nsis_installer_2
static1/unpack001/$TEMP/OPUpdate.exe	nsis_installer_1
static1/unpack001/$TEMP/OPUpdate.exe	nsis_installer_2

Files

301c47adaf8a61e752c2c6ae70a6125a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccountInf.ini
$PLUGINSDIR/AdvSplash.dll
.dll windows:4 windows x86 arch:x86

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GetVersion
lstrcpyA
lstrcatA
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree

user32

LoadCursorA
RegisterClassA
SetWindowPos
SetWindowLongA
SystemParametersInfoA
EndPaint
GetClientRect
BeginPaint
DefWindowProcA
DestroyWindow
LoadImageA
CreateWindowExA
IsWindow
GetMessageA
DispatchMessageA
UnregisterClassA
wsprintfA
PostMessageA
SetWindowRgn
EnumDisplaySettingsA

gdi32

CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA
DeleteDC
BitBlt
DeleteObject

winmm

timeSetEvent
PlaySoundA
timeKillEvent

Exports

Exports

show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 188B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

0000020b36314254f6eca65a7ae713f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
InterlockedExchange
InitializeCriticalSection

user32

wsprintfA

ws2_32

inet_addr

wininet

InternetGetCookieA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetCookie
GetMacAddr
KillProc

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/gmarket.bmp
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

e1f8abbc599388fad512debd5c970ef1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strcmp
_adjust_fdiv
malloc
_initterm
free
_mbsrchr
strtoul
memset
_mbsstr
_mbschr
strtol
strlen
strncpy
atol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrcatA
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
GetTickCount
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer

user32

MessageBoxA
GetParent
ShowWindow
PostMessageA
IsWindow
GetWindowTextA
SendMessageA
GetDlgItem
SetDlgItemTextA
SendDlgItemMessageA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
SetWindowLongA
GetWindowLongA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
SetWindowTextA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
get2
head
post
post2
put

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsWeb.dll
.dll windows:4 windows x86 arch:x86

98215311cded205e71eec2ba8e4595f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
lstrcpynA
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryA
SetEndOfFile
HeapSize
GlobalFree
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
FlushFileBuffers
MultiByteToWideChar
SetStdHandle
InitializeCriticalSection
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
Sleep
GetLastError
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
CloseHandle
ReadFile
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement

user32

SetWindowLongA
GetWindowLongA
CallWindowProcA
PostMessageA
DestroyWindow
DispatchMessageA
TranslateMessage
SetWindowTextA
FindWindowExA
RegisterWindowMessageA
CreateWindowExA
GetDlgItem
CreateDialogParamA
SendMessageA
GetWindowRect
MapWindowPoints
MoveWindow
ShowWindow
UpdateWindow
IsDialogMessageA
GetMessageA

gdi32

CreateFontA

ole32

OleInitialize
OleUninitialize

oleaut32

SysFreeString
SafeArrayDestroy
SafeArrayAccessData
VariantInit
SysAllocString
VariantClear
SafeArrayCreate
SysAllocStringLen

urlmon

CreateURLMoniker

wininet

InternetAttemptConnect

Exports

Exports

CreateCheckBoxControl
CreateEditControl
CreateEditControlEx
IsInet
SetTextEditControl
ShowHTMLInPage
ShowWebInPage
ShowWebInPopUp

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
$SYSDIR/JJangQ.ico
$TEMP/BTUpdate.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

0000020b36314254f6eca65a7ae713f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
InterlockedExchange
InitializeCriticalSection

user32

wsprintfA

ws2_32

inet_addr

wininet

InternetGetCookieA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetCookie
GetMacAddr
KillProc

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/version.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetWindowsVersion
IsWindows2000
IsWindows2003
IsWindows31
IsWindows95
IsWindows98
IsWindows98orLater
IsWindowsME
IsWindowsNT351
IsWindowsNT40
IsWindowsPlatform9x
IsWindowsPlatformNT
IsWindowsXP

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/license1.txt
ButtonGuideC.exe
.exe windows:4 windows x86 arch:x86

d3f4e1546483b8213e389b7c33e0a8e6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\TGSM\MAIN\buttonguide\ButtonGuideC\release\ButtonGuideC.pdb

Imports

kernel32

GetModuleFileNameW
GlobalFlags
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
lstrcmpW
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCurrentProcessId
GlobalGetAtomNameA
GetFullPathNameA
GetVolumeInformationA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
FormatMessageA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
GetPrivateProfileStringA
WritePrivateProfileStringA
FreeResource
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
FindClose
FindFirstFileA
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
SetFilePointer
GetFileType
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
InterlockedDecrement
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
GetModuleHandleA
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
CompareStringA
InterlockedExchange
GlobalAddAtomA
GlobalFindAtomA
CompareStringW
lstrlenA
TerminateThread
MultiByteToWideChar
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
LocalAlloc
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
Sleep
WriteFile
CreateDirectoryA
TerminateProcess
GetTickCount
DeleteFileA
ReadFile
GetFileSize
CreateFileA
GetCurrentThreadId
WaitForSingleObject
GetVersionExA
GetFileAttributesA
OutputDebugStringA
SetCurrentDirectoryA
CloseHandle
GetLastError
CreateMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
SetStdHandle
WideCharToMultiByte

user32

PostThreadMessageA
CopyAcceleratorTableA
CharNextA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DestroyMenu
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
SetWindowLongA
FindWindowA
SetWindowRgn
LoadBitmapA
GetActiveWindow
RegisterClipboardFormatA
WindowFromPoint
GetCapture
GetAsyncKeyState
IsRectEmpty
UpdateWindow
OffsetRect
FrameRect
FillRect
RegisterWindowMessageA
RedrawWindow
LockWindowUpdate
ClientToScreen
SetCursor
ShowScrollBar
UnregisterClassA
GetSysColorBrush
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
ReleaseCapture
SetCapture
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
PostMessageA
SystemParametersInfoA
GetWindowRect
InvalidateRect
PtInRect
GetFocus
DrawFrameControl
GetSysColor
InflateRect
GetWindowLongA
LoadCursorA
DefWindowProcA
GetClassInfoA
CharUpperA
EnableWindow
SendMessageA
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
KillTimer
CopyRect
SetTimer
AppendMenuA
GetSystemMenu
LoadIconA
GetParent
IsWindowVisible
IsWindow
GetWindow
GetDesktopWindow
SetFocus
BringWindowToTop
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
GetClassNameA
DispatchMessageA
TranslateMessage
PeekMessageA
EndPaint

gdi32

GetDeviceCaps
CreatePen
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateRectRgnIndirect
CreateSolidBrush
MoveToEx
LineTo
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
DeleteDC
SetBkColor
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
DeleteObject
GetCurrentObject
CreateRectRgn
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
Rectangle
GetObjectA
CreateFontIndirectA
CreateFontA
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegEnumKeyA
RegCreateKeyExA
RegFlushKey
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathRemoveFileSpecA
PathFindFileNameA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoInitialize
CoCreateInstance
OleRun
CLSIDFromProgID
CLSIDFromString
OleIsCurrentClipboard
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString
VariantChangeType
GetErrorInfo
SysAllocStringLen
SysStringLen
OleCreateFontIndirect

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry

Sections

.text
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
$TEMP/G_PLUS_JJANGQ.exe
.exe windows:4 windows x86 arch:x86

394de10023524fe1db2eebb472f862ce

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\TGSM\MAIN\FreeFile(최신)\release\FreeFile.pdb

Imports

kernel32

GetOEMCP
GetTickCount
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RtlUnwind
ExitProcess
RaiseException
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
GetACP
VirtualFree
GetStdHandle
GetStringTypeA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCPInfo
SetErrorMode
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFlags
GetCurrentDirectoryA
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GlobalAddAtomA
WaitForSingleObject
GlobalUnlock
FormatMessageA
LocalFree
MulDiv
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
CloseHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
FindFirstFileA
GetFileTime
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
WritePrivateProfileStringA
FreeResource
GlobalFree
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GetModuleHandleA
GetProcAddress
HeapDestroy
HeapCreate
GetVersion
CompareStringA
GetLastError
InterlockedExchange
CompareStringW
lstrlenA
GetSystemDirectoryA
MultiByteToWideChar
HeapFree
GetProcessHeap
HeapAlloc
GetFileAttributesA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStringTypeW
WideCharToMultiByte

user32

PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
LoadCursorA
SetCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClipboardFormatA
GetActiveWindow
IsWindowVisible
UnregisterClassA
GetSysColorBrush
GetTopWindow
MessageBeep
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
CharUpperA
EnableWindow
GetClientRect
GetSystemMetrics
SendMessageA
IsIconic
LoadIconA

gdi32

GetWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetViewportExtEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetBkColor
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyA
RegCloseKey
RegQueryValueExA

shell32

SHChangeNotify
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA
UrlUnescapeA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoInitialize
CoCreateInstance
CoUninitialize
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

VariantCopy
SysAllocString
SafeArrayDestroy
SystemTimeToVariantTime
VariantTimeToSystemTime
OleCreateFontIndirect
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysStringLen
SysAllocStringLen
SysFreeString

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA

Sections

.text
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/IPlusSetup_jjangq.exe
.exe windows:5 windows x86 arch:x86

9460c61592a905fec7dd65d2d1260365

Code Sign

3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

02/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:0d:ae:d6:1e:18:0a:05:36:95:22:54:a8:c1:4a:ad
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

14/04/2011, 00:00

Not After

12/06/2012, 23:59

Subject

CN=CJ Mooter Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=CJ Mooter Inc.,L=Gangnam-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

iphlpapi

GetAdaptersInfo

imagehlp

MakeSureDirectoryPathExists

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFileExistsA

kernel32

LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GlobalFlags
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
SetErrorMode
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
SetStdHandle
GetFileType
HeapSize
VirtualFree
HeapCreate
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
CompareStringW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
WritePrivateProfileStringA
GetPrivateProfileStringA
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
GetVersionExA
DeleteFileA
GetTempPathA
Sleep
FindClose
FindNextFileA
FindFirstFileA
MultiByteToWideChar
InterlockedDecrement
TerminateProcess
CloseHandle
GetCurrentProcessId
GetDriveTypeA
SetFileAttributesA
GetFileAttributesA
lstrlenA
GetModuleHandleW
GetFileTime
GetFileSizeEx
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetModuleFileNameW
CreateFileA
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
GetModuleFileNameA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetModuleHandleA
GetProcAddress
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MulDiv

user32

RegisterClipboardFormatA
PostThreadMessageA
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
CharUpperA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetMessageA
TranslateMessage
GetActiveWindow
ValidateRect
PostQuitMessage
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetDlgItemTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetSysColor
EndPaint
BeginPaint
GetWindowDC
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CallNextHookEx
SetCursor
PtInRect
SendMessageA
GetClientRect
InvalidateRect
RedrawWindow
SetCapture
GetParent
EnableWindow
ReleaseCapture
LoadCursorA
SetWindowLongA
MessageBoxA
DrawIcon
IsIconic
LoadIconA
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
IsWindowEnabled
ScreenToClient
WindowFromPoint
IsWindow
SetWindowPos
GetCursorPos
GetKeyState
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
SetWindowsHookExA

gdi32

SetMapMode
GetClipBox
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateBitmap
CreateRectRgnIndirect
GetMapMode
GetBkColor
GetTextColor
GetRgnBox
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
GetObjectA
CreateFontIndirectA
SetWindowExtEx
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
GetUserNameA
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegQueryValueA

shell32

ShellExecuteA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoTaskMemFree
CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoCreateInstance
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantChangeType
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
VariantClear

urlmon

URLOpenStreamA
URLDownloadToFileA

Sections

.text
Size: 271KB - Virtual size: 270KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/JJangQSUpdateU.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JJangQSearchBarU.exe
.exe windows:4 windows x86 arch:x86

974444bf7ee60cf52a6a0d38a6449c30

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\WORK\MONE\PROGRAM\SearchBar\SearchBar\SearchBar\JJangQSearchBar\SRC\JJangQSearchBarU\release\JJangQSearchBarU.pdb

Imports

kernel32

GlobalFindAtomA
GlobalGetAtomNameA
GetModuleFileNameW
InterlockedIncrement
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
GlobalAddAtomA
lstrcmpW
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetStdHandle
GetCurrentProcessId
GetFullPathNameA
GetVolumeInformationA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
FreeResource
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
FormatMessageA
MulDiv
FindClose
FindFirstFileA
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
SetFilePointer
GetFileType
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
InterlockedDecrement
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
GetModuleHandleA
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
CompareStringA
InterlockedExchange
CompareStringW
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
Sleep
WriteFile
CreateDirectoryA
TerminateProcess
GetTickCount
DeleteFileA
ReadFile
GetFileSize
CreateFileA
GetCurrentThreadId
GetVersionExA
GetFileAttributesA
GetWindowsDirectoryA
OutputDebugStringA
SetCurrentDirectoryA
CreateMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TerminateThread
WaitForSingleObject
CloseHandle
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
HeapSize
LocalAlloc

user32

PostThreadMessageA
CharNextA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DestroyMenu
LoadIconA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetLastActivePopup
MessageBoxA
CallNextHookEx
GetMessageA
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowLongA
FindWindowA
SetWindowRgn
LoadBitmapA
PeekMessageA
TranslateMessage
DispatchMessageA
GetClassNameA
GetActiveWindow
WindowFromPoint
GetCapture
GetAsyncKeyState
IsRectEmpty
UpdateWindow
OffsetRect
FrameRect
FillRect
RegisterWindowMessageA
RegisterClipboardFormatA
RedrawWindow
LockWindowUpdate
CopyAcceleratorTableA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
SetWindowsHookExA
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
SetFocus
GetDesktopWindow
GetWindow
IsWindow
IsWindowVisible
GetParent
GetSystemMenu
AppendMenuA
SetTimer
CopyRect
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
EnableWindow
CharUpperA
GetClassInfoA
DefWindowProcA
LoadCursorA
GetWindowLongA
InflateRect
GetSysColor
DrawFrameControl
GetFocus
ClientToScreen
SetCursor
ShowScrollBar
SetRect
ReleaseCapture
SetCapture
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
PostMessageA
SystemParametersInfoA
GetWindowRect
InvalidateRect
PtInRect
MapWindowPoints

gdi32

ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
MoveToEx
LineTo
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
DeleteDC
SetBkColor
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
DeleteObject
GetCurrentObject
CreateRectRgn
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
Rectangle
CreateFontA
GetStockObject
GetViewportExtEx
SelectClipRgn
CreateFontIndirectA
CreateSolidBrush
GetObjectA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegFlushKey
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathFindExtensionA

oledlg

ord8

ole32

CoInitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysStringLen
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysAllocStringByteLen

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry

Sections

.text
Size: 356KB - Virtual size: 354KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
$TEMP/OPUpdate.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

0000020b36314254f6eca65a7ae713f4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc
HeapSize
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
ExitProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetLocaleInfoA
GetCPInfo
GetStringTypeA
GetStringTypeW
RtlUnwind
GetACP
GetOEMCP
InterlockedExchange
InitializeCriticalSection

user32

wsprintfA

ws2_32

inet_addr

wininet

InternetGetCookieA

iphlpapi

GetAdaptersInfo

Exports

Exports

GetCookie
GetMacAddr
KillProc

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/version.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetWindowsVersion
IsWindows2000
IsWindows2003
IsWindows31
IsWindows95
IsWindows98
IsWindows98orLater
IsWindowsME
IsWindowsNT351
IsWindowsNT40
IsWindowsPlatform9x
IsWindowsPlatformNT
IsWindowsXP

Sections

UPX0
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 376B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/license1.txt
OpenShopperC.exe
.exe windows:4 windows x86 arch:x86

5abdde5c2051f52b25521a2f4e1f3c02

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\MONE\PROGRAM\OpenShopper\OpenShopperC\release\OpenShopperC.pdb

Imports

kernel32

GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
HeapSize
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetModuleFileNameW
GlobalGetAtomNameA
GetStdHandle
InterlockedIncrement
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
GetFullPathNameA
GetVolumeInformationA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
FreeResource
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
FormatMessageA
MulDiv
FindClose
FindFirstFileA
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
SetFilePointer
GetFileType
DuplicateHandle
FlushFileBuffers
InterlockedDecrement
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
GetModuleHandleA
SetLastError
GetVersion
CompareStringA
InterlockedExchange
CompareStringW
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
GetTempPathA
WriteFile
CreateDirectoryA
TerminateProcess
GetTickCount
DeleteFileA
ReadFile
GetFileSize
CreateFileA
GetCurrentThreadId
GetFileAttributesA
Sleep
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
GetWindowsDirectoryA
SetCurrentDirectoryA
CreateMutexA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TerminateThread
WaitForSingleObject
CloseHandle
MultiByteToWideChar
GetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
LocalFree
SetStdHandle
LocalAlloc

user32

InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DestroyMenu
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetLastActivePopup
MessageBoxA
SetWindowsHookExA
CallNextHookEx
GetNextDlgGroupItem
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
PeekMessageA
TranslateMessage
MessageBeep
GetMenuItemCount
GetSubMenu
SetWindowLongA
FindWindowA
SetWindowRgn
LoadBitmapA
GetActiveWindow
WindowFromPoint
GetCapture
GetAsyncKeyState
IsRectEmpty
UpdateWindow
OffsetRect
FrameRect
FillRect
RegisterWindowMessageA
UnregisterClassA
PostThreadMessageA
RedrawWindow
LockWindowUpdate
RegisterClipboardFormatA
DispatchMessageA
GetClassNameA
GetMessageA
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
SetFocus
GetDesktopWindow
GetWindow
IsWindow
IsWindowVisible
GetParent
LoadIconA
GetSystemMenu
AppendMenuA
SetTimer
CopyRect
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
EnableWindow
CharUpperA
GetClassInfoA
DefWindowProcA
LoadCursorA
GetWindowLongA
InflateRect
ClientToScreen
SetCursor
ShowScrollBar
SetRect
ReleaseCapture
SetCapture
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
PostMessageA
SystemParametersInfoA
GetWindowRect
InvalidateRect
PtInRect
GetFocus
DrawFrameControl
GetSysColor

gdi32

CreatePen
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
MoveToEx
LineTo
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
DeleteDC
SetBkColor
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
DeleteObject
GetCurrentObject
CreateRectRgn
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
Rectangle
GetObjectA
CreateFontIndirectA
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
CreateSolidBrush
CreateFontA
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

RegOpenKeyExA
OpenProcessToken
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
ConvertStringSidToSidA
GetLengthSid
RegCreateKeyExA
RegFlushKey
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegSetValueExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegDeleteKeyA

shell32

SHGetSpecialFolderPathA
ShellExecuteA

comctl32

InitCommonControlsEx

shlwapi

PathFindExtensionA
UrlUnescapeA
PathStripToRootA
PathIsUNCA
PathFindFileNameA

oledlg

ord8

ole32

CoInitialize
CoRegisterMessageFilter
CoCreateInstance
OleRun
CoTaskMemFree
OleFlushClipboard
OleIsCurrentClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject

oleaut32

SystemTimeToVariantTime
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysStringLen
SysAllocStringLen
SafeArrayDestroy
OleCreateFontIndirect
GetErrorInfo
VariantTimeToSystemTime

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetCrackUrlA
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetSetStatusCallback
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
DeleteUrlCacheEntry

Sections

.text
Size: 360KB - Virtual size: 359KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
$TEMP/ROS_license.txt
$TEMP/license1.txt
$TEMP/license_Button.txt
$TEMP/license_IPLUS.txt
$TEMP/license_privacyplus.txt
7z32.dll
.dll windows:5 windows x86 arch:x86

16c36299bea4a41f9f92fec7e54ebfa3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
LocalFileTimeToFileTime
lstrcpyA
GlobalAlloc
FileTimeToLocalFileTime
CompareFileTime
SetLastError
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
ReadFile
WriteFile
CreateFileA
DosDateTimeToFileTime
FileTimeToDosDateTime
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount

user32

CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ark32.dll
.dll windows:5 windows x86 arch:x86

bc73dc9ea1863a2ab74703a83312cda7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\devel\Ark\bin\Ark32.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
lstrlenW
GetProcAddress
GetModuleFileNameW
lstrcatW
GlobalFree
DeleteFileW
SetFileAttributesW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventW
CloseHandle
SetEvent
WaitForSingleObject
CreateFileW
Sleep
SetFileTime
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
GetFileAttributesW
lstrcpyW
CreateDirectoryW
WideCharToMultiByte
FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
lstrcpynA
FreeLibrary
LoadLibraryW
GetStdHandle
VirtualAlloc
VirtualFree
GetCPInfo
IsDBCSLeadByte
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
ExitThread
CreateThread
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap
GetModuleHandleA

user32

CharToOemBuffA
SendMessageW
FindWindowW

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

CreateArk

Sections

.text
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
JJangQC.exe
.exe windows:4 windows x86 arch:x86

40aa48e26373dd42cf45a3bd505985de

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\TGSM\MAIN\webhard\JJangQ\JJangQ\Src\Windows\JJangQUpdate\release\JJangQC.pdb

Imports

kernel32

GlobalFindAtomA
GlobalGetAtomNameA
GetModuleFileNameW
InterlockedIncrement
TlsGetValue
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
GetFileTime
SetErrorMode
GetCPInfo
GetOEMCP
ExitThread
CreateThread
GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
RaiseException
ExitProcess
GlobalAddAtomA
lstrcmpW
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
SetStdHandle
GetCurrentProcessId
GetFullPathNameA
GetVolumeInformationA
GetThreadLocale
SetEndOfFile
UnlockFile
LockFile
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetPrivateProfileStringA
WritePrivateProfileStringA
FreeResource
GetCurrentThread
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
GlobalDeleteAtom
FormatMessageA
MulDiv
FindClose
FindFirstFileA
SetFileTime
SetFileAttributesA
DosDateTimeToFileTime
GetCurrentDirectoryA
SystemTimeToFileTime
SetFilePointer
GetFileType
GetCurrentProcess
DuplicateHandle
FlushFileBuffers
InterlockedDecrement
GlobalFree
GlobalReAlloc
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpynA
GetModuleHandleA
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
GetVersion
CompareStringA
InterlockedExchange
CompareStringW
lstrlenA
HeapFree
GetProcessHeap
HeapAlloc
WriteFile
CreateDirectoryA
GetSystemDirectoryA
TerminateProcess
GetTickCount
DeleteFileA
ReadFile
GetFileSize
CreateFileA
GetCurrentThreadId
GetVersionExA
GetFileAttributesA
GetWindowsDirectoryA
GetTempPathA
SetCurrentDirectoryA
Sleep
OutputDebugStringA
CreateMutexA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
TerminateThread
WaitForSingleObject
CloseHandle
IsBadWritePtr
MultiByteToWideChar
IsBadReadPtr
GetLastError
lstrcpynW
FileTimeToSystemTime
FileTimeToLocalFileTime
lstrcmpA
lstrcpyW
LocalFree
HeapSize
LocalAlloc

user32

PostThreadMessageA
CharNextA
GetSysColorBrush
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
DestroyMenu
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
CallWindowProcA
IntersectRect
GetWindowPlacement
GetLastActivePopup
SetWindowsHookExA
CallNextHookEx
GetKeyState
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
EndPaint
BeginPaint
GetWindowDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowLongA
FindWindowA
SetWindowRgn
LoadBitmapA
GetActiveWindow
PeekMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
WindowFromPoint
GetCapture
GetAsyncKeyState
IsRectEmpty
UpdateWindow
OffsetRect
FrameRect
FillRect
RegisterWindowMessageA
RedrawWindow
LockWindowUpdate
RegisterClipboardFormatA
ClientToScreen
SetCursor
CopyAcceleratorTableA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
GetMessageA
GetClassNameA
GetWindowThreadProcessId
GetForegroundWindow
SetForegroundWindow
BringWindowToTop
SetFocus
GetDesktopWindow
GetWindow
IsWindow
IsWindowVisible
GetParent
LoadIconA
GetSystemMenu
AppendMenuA
SetTimer
CopyRect
KillTimer
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
EnableWindow
CharUpperA
GetClassInfoA
DefWindowProcA
LoadCursorA
GetWindowLongA
InflateRect
GetSysColor
ShowScrollBar
SetRect
ReleaseCapture
SetCapture
ReleaseDC
GetDC
ScreenToClient
GetCursorPos
PostMessageA
SystemParametersInfoA
GetWindowRect
InvalidateRect
PtInRect
GetFocus
DrawFrameControl

gdi32

ExtSelectClipRgn
CreatePen
CreateRectRgnIndirect
GetBkColor
GetTextColor
GetRgnBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
MoveToEx
LineTo
GetClipBox
SetTextColor
SetBkMode
RestoreDC
SaveDC
GetDeviceCaps
CombineRgn
ExtCreateRegion
CreateDIBSection
StretchBlt
DeleteDC
SetBkColor
GetMapMode
SetMapMode
CreateCompatibleBitmap
CreateBitmap
DPtoLP
DeleteObject
GetCurrentObject
CreateRectRgn
BitBlt
CreateCompatibleDC
GetTextExtentPoint32A
SelectObject
Rectangle
GetObjectA
CreateFontIndirectA
GetViewportExtEx
SelectClipRgn
CreateSolidBrush
CreateFontA
GetStockObject

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegCreateKeyExA
RegFlushKey
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegSetValueExA
RegOpenKeyA
RegQueryValueA
RegEnumKeyA

shell32

ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathFindFileNameA
PathStripToRootA
UrlUnescapeA
PathFindExtensionA

oledlg

ord8

ole32

CoInitialize
CoCreateInstance
OleRun
CoTaskMemFree
CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocString
VariantChangeType
SysStringLen
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
GetErrorInfo
SysAllocStringByteLen

urlmon

URLDownloadToFileA

crypt32

CryptDecodeObject
CertFreeCertificateContext
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetNameStringA
CryptQueryObject

iphlpapi

GetAdaptersInfo

ws2_32

inet_addr

wininet

HttpOpenRequestA
InternetOpenUrlA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
DeleteUrlCacheEntry
InternetGetCookieA

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JJangQDown.exe
.exe windows:4 windows x86 arch:x86

2ab5ef6461bc75d9e3011523bdb0cfaf

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\웹하드\클라이언트\JJangQ\Windows\Bin\JJangQDown.pdb

Imports

enswerapi

EnswerAPINewReport
EnswerAPIUploadFiltering
EnswerAPIDownloadFiltering
EnswerAPIPreDownloadFiltering
EnswerAPIDownloadLogging
EnswerAPINew
EnswerAPIInit
EnswerAPINewPayLog
EnswerAPIDelete
EnswerAPIDeleteReport
EnswerAPIDeletePayLog
EnswerAPIAddPayLog

kernel32

GetCurrentDirectoryA
GlobalFlags
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
TlsFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
InterlockedIncrement
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringA
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
FormatMessageA
LocalFree
GetSystemDirectoryA
GetCurrentProcess
GetCommandLineA
FreeLibrary
GetVersionExA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCurrentThreadId
GetNumberFormatA
GetDiskFreeSpaceExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
lstrcpynA
GlobalReAlloc
HeapDestroy
HeapCreate
ResetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
InterlockedDecrement
GetModuleFileNameA
OutputDebugStringA
lstrcpyA
GetProcessHeap
HeapAlloc
HeapFree
LoadResource
LockResource
SizeofResource
FindResourceA
GetVolumeInformationA
ExpandEnvironmentStringsA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetExitCodeThread
TerminateThread
GetSystemInfo
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
CreateDirectoryA
GetFileAttributesA
CloseHandle
CreateMutexA
GetLastError
Sleep
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
ReadFile
UnhandledExceptionFilter

user32

LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
RegisterClipboardFormatA
PostThreadMessageA
EndPaint
BeginPaint
GetWindowDC
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
GetScrollPos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
InsertMenuItemA
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetScrollPos
RegisterWindowMessageA
FrameRect
ShowScrollBar
LockWindowUpdate
LoadCursorA
GetDesktopWindow
GetFocus
ScreenToClient
DrawFrameControl
DefWindowProcA
ExitWindowsEx
wsprintfA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetFocus
ReplyMessage
FindWindowA
SetWindowRgn
GetWindowLongA
GetActiveWindow
LoadBitmapA
IsWindow
SetWindowLongA
CallWindowProcA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsRectEmpty
SystemParametersInfoA
SetRect
GetParent
RedrawWindow
UpdateWindow
ReleaseDC
GetDC
GetWindowRect
SetCursor
FillRect
EnableWindow
WindowFromPoint
SetCapture
GetCapture
SetRectEmpty
SetMenu
TranslateAcceleratorA
UnregisterClassA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
ClientToScreen
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
EndDialog
DrawIcon
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
DestroyIcon
LoadImageA
GetIconInfo
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
KillTimer
SetTimer
PostMessageA
SendMessageA
GetClassInfoA
MessageBoxA
CharUpperA
GetMenuCheckMarkDimensions

gdi32

SelectClipRgn
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SaveDC
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
SelectPalette
CreateRectRgnIndirect
CreateEllipticRgn
Ellipse
GetTextColor
GetRgnBox
SetTextColor
GetClipBox
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
RealizePalette
GetDeviceCaps
SetBkMode
CreatePalette
GetTextExtentPoint32A
Rectangle
GetCurrentObject
GetTextMetricsA
CreateFontA
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateBitmap
SetMapMode
SetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetBkColor
CreateRectRgn
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
RestoreDC

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ord17

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrFormatByteSize64A
UrlUnescapeA

oledlg

ord8

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard

oleaut32

SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
VariantInit
VariantChangeType
OleLoadPicture
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen
OleCreateFontIndirect

ws2_32

WSASend
WSAStartup
WSACleanup
connect
htons
socket
closesocket
inet_addr
recv
__WSAFDIsSet
WSAGetLastError
select
WSAConnect
WSASocketA
setsockopt
WSAWaitForMultipleEvents
WSARecv
inet_ntoa
gethostbyname

wininet

HttpQueryInfoA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetOpenUrlA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 696KB - Virtual size: 692KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JJangQDown2.exe
.exe windows:4 windows x86 arch:x86

4220942672803d5f33416f2a9fb5c56b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\웹하드\KGRID\JJangQ\bin\JJangQDown2.pdb

Imports

enswerapi

EnswerAPINew
EnswerAPIAddPayLog
EnswerAPIDownloadLogging
EnswerAPIPreDownloadFiltering
EnswerAPIDownloadFiltering
EnswerAPIUploadFiltering
EnswerAPIInit
EnswerAPINewPayLog
EnswerAPIDelete
EnswerAPIDeleteReport
EnswerAPIDeletePayLog
EnswerAPINewReport

kernel32

GetCurrentDirectoryA
GlobalFlags
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
ExitThread
CreateThread
RaiseException
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
TlsFree
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoA
ExitProcess
HeapSize
SetStdHandle
GetFileType
VirtualFree
GetStdHandle
GetACP
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
InterlockedIncrement
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
WritePrivateProfileStringA
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
SuspendThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
FormatMessageA
LocalFree
GetSystemDirectoryA
GetCurrentProcess
GetCommandLineA
FreeLibrary
GetVersionExA
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCurrentThreadId
GetNumberFormatA
GetDiskFreeSpaceExA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
lstrcpynA
GlobalReAlloc
HeapDestroy
HeapCreate
ResetEvent
FreeResource
GlobalAlloc
ResumeThread
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
InterlockedDecrement
GetModuleFileNameA
OutputDebugStringA
lstrcpyA
GetProcessHeap
HeapAlloc
HeapFree
LoadResource
LockResource
SizeofResource
FindResourceA
GetVolumeInformationA
ExpandEnvironmentStringsA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetExitCodeThread
TerminateThread
GetSystemInfo
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetCurrentThread
SetThreadPriority
CreateDirectoryA
GetFileAttributesA
CloseHandle
CreateMutexA
GetLastError
Sleep
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
ReadFile
UnhandledExceptionFilter

user32

InvalidateRgn
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
DrawIcon
EndPaint
BeginPaint
GetWindowDC
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
GetScrollPos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
PostThreadMessageA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetScrollPos
RegisterWindowMessageA
FrameRect
ShowScrollBar
LockWindowUpdate
LoadCursorA
GetDesktopWindow
GetFocus
ScreenToClient
DrawFrameControl
DefWindowProcA
ExitWindowsEx
wsprintfA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
BringWindowToTop
SetFocus
ReplyMessage
FindWindowA
SetWindowRgn
GetWindowLongA
GetActiveWindow
LoadBitmapA
IsWindow
SetWindowLongA
CallWindowProcA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsRectEmpty
SystemParametersInfoA
SetRect
GetParent
RedrawWindow
UpdateWindow
RegisterClipboardFormatA
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
ReleaseDC
GetDC
InsertMenuItemA
SetRectEmpty
SetMenu
TranslateAcceleratorA
UnregisterClassA
GetMenuItemInfoA
MessageBeep
CreateDialogIndirectParamA
GetNextDlgGroupItem
GetWindowRect
SetCursor
FillRect
EnableWindow
WindowFromPoint
SetCapture
GetCapture
InvalidateRect
ClientToScreen
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
DestroyIcon
LoadImageA
GetIconInfo
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
KillTimer
SetTimer
PostMessageA
SendMessageA
GetClassInfoA
MessageBoxA
CharUpperA
IsWindowVisible

gdi32

SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
OffsetViewportOrgEx
CreateRectRgnIndirect
CreateEllipticRgn
Ellipse
GetTextColor
GetRgnBox
SelectPalette
SetViewportOrgEx
GetPixel
SelectClipRgn
SetTextAlign
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
RealizePalette
GetDeviceCaps
MoveToEx
LineTo
OffsetClipRgn
CreatePalette
GetTextExtentPoint32A
Rectangle
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
GetCurrentObject
GetTextMetricsA
CreateFontA
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateBitmap
SetMapMode
SetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetBkColor
CreateRectRgn
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

ShellExecuteA
SHGetFileInfoA
SHGetSpecialFolderPathA
DragFinish
DragQueryFileA
Shell_NotifyIconA

comctl32

ord17

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
StrFormatByteSize64A
UrlUnescapeA

oledlg

ord8

ole32

CLSIDFromProgID
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
VariantInit
VariantChangeType
OleLoadPicture
SysAllocStringLen
VariantClear
SysFreeString
SysAllocStringByteLen
OleCreateFontIndirect
SysStringByteLen

ws2_32

socket
closesocket
inet_addr
recv
__WSAFDIsSet
WSAGetLastError
select
WSAConnect
WSASocketA
setsockopt
WSASend
WSAWaitForMultipleEvents
htons
inet_ntoa
gethostbyname
connect
WSACleanup
WSAStartup
WSARecv

wininet

InternetQueryDataAvailable
InternetSetOptionExA
InternetCanonicalizeUrlA
InternetReadFile
HttpQueryInfoA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
HttpSendRequestA
InternetOpenUrlA

nat

ord16
ord15
ord5
ord7
ord18
ord22
ord17
ord23

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 696KB - Virtual size: 695KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 168KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
JJangQUp.exe
.exe windows:4 windows x86 arch:x86

b6779b6b9ad2d21882a46c9509a03091

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\웹하드\클라이언트\JJangQ\Windows\Bin\JJangQUp.pdb

Imports

enswerapi

EnswerAPINew
EnswerAPIInit
EnswerAPIDelete
EnswerAPIDeleteReport
EnswerAPINewReport
EnswerAPIUploadFiltering

kernel32

SetErrorMode
HeapReAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
ExitThread
CreateThread
RaiseException
GetDriveTypeA
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoA
ExitProcess
HeapSize
GetOEMCP
GetACP
GetStdHandle
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetCPInfo
GetFileTime
GetFileAttributesA
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
TlsGetValue
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetThreadLocale
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetCurrentProcessId
GlobalAddAtomA
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
GlobalDeleteAtom
FormatMessageA
LocalFree
SuspendThread
GetTempPathA
GetCurrentProcess
GetCommandLineA
FreeLibrary
GetVersionExA
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
GetNumberFormatA
GetModuleHandleA
LoadLibraryA
GetProcAddress
SetLastError
lstrcpynA
GlobalReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
ResetEvent
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
InterlockedDecrement
GetModuleFileNameA
OutputDebugStringA
lstrcpyA
LoadResource
LockResource
SizeofResource
FindResourceA
ResumeThread
ExpandEnvironmentStringsA
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetExitCodeThread
TerminateThread
GetSystemInfo
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
GetTickCount
GetCurrentThread
SetThreadPriority
CloseHandle
CreateMutexA
Sleep
lstrlenA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
InterlockedExchange
GetVersion
WaitForSingleObject
GetLastError
VirtualFree

user32

PostThreadMessageA
GetSysColorBrush
DrawIcon
EndPaint
BeginPaint
GetWindowDC
MoveWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextLengthA
GetWindowTextA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
SetScrollRange
GetScrollRange
GetScrollPos
GetMenu
CreateWindowExA
GetClassInfoExA
RegisterClassA
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
GetDlgCtrlID
IntersectRect
IsIconic
GetWindowPlacement
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
RegisterClipboardFormatA
GetNextDlgTabItem
EndDialog
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
wsprintfA
SetScrollPos
RegisterWindowMessageA
FrameRect
ShowScrollBar
LockWindowUpdate
GetDesktopWindow
GetFocus
ScreenToClient
DrawFrameControl
DefWindowProcA
ExitWindowsEx
GetForegroundWindow
GetWindowThreadProcessId
BringWindowToTop
SetFocus
ReplyMessage
LoadCursorA
AttachThreadInput
FindWindowA
SetWindowRgn
GetWindowLongA
GetActiveWindow
LoadBitmapA
IsWindow
SetWindowLongA
CallWindowProcA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
IsRectEmpty
SystemParametersInfoA
SetRect
GetParent
RedrawWindow
UpdateWindow
ReleaseDC
GetDC
GetWindowRect
SetCursor
FillRect
UnpackDDElParam
ReuseDDElParam
LoadMenuA
LoadAcceleratorsA
InsertMenuItemA
SetRectEmpty
SetMenu
EnableWindow
WindowFromPoint
TranslateAcceleratorA
UnregisterClassA
GetMenuItemInfoA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
CopyAcceleratorTableA
GetDlgItem
CharNextA
SetCapture
GetCapture
InvalidateRect
ClientToScreen
GetClientRect
OffsetRect
InflateRect
PtInRect
CopyRect
DestroyIcon
LoadImageA
GetIconInfo
DrawIconEx
ReleaseCapture
GetSysColor
GetSystemMetrics
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
DestroyMenu
ShowWindow
LoadIconA
KillTimer
SetTimer
PostMessageA
SendMessageA
GetClassInfoA
MessageBoxA
CharUpperA
EnableMenuItem

gdi32

SelectClipRgn
GetPixel
SetViewportOrgEx
GetClipBox
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
SelectPalette
CreateRectRgnIndirect
CreateEllipticRgn
Ellipse
GetTextColor
GetRgnBox
ExtSelectClipRgn
GetCurrentObject
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
SetBkMode
RestoreDC
GetObjectA
RealizePalette
GetDeviceCaps
SaveDC
CreatePalette
GetTextExtentPoint32A
CreatePatternBrush
Rectangle
GetTextMetricsA
CreateHalftonePalette
GetDIBColorTable
CreateFontA
CreatePen
CreateDIBSection
ExtCreateRegion
CombineRgn
StretchBlt
CreateBitmap
SetMapMode
SetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
LPtoDP
DPtoLP
GetWindowExtEx
GetWindowOrgEx
GetViewportExtEx
GetViewportOrgEx
GetMapMode
GetBkColor
CreateRectRgn
SelectObject
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectA
DeleteObject
CreateSolidBrush
GetStockObject
SetTextColor

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

AdjustTokenPrivileges
RegQueryValueA
RegOpenKeyA
OpenProcessToken
LookupPrivilegeValueA
RegConnectRegistryA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegCloseKey
RegEnumValueA
RegEnumKeyA
RegOpenKeyExA

shell32

Shell_NotifyIconA
SHGetFileInfoA
DragFinish
DragQueryFileA
ShellExecuteA

comctl32

ord17

shlwapi

PathGetArgsA
PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathRemoveFileSpecA
StrFormatByteSize64A
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromProgID
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CoRegisterMessageFilter
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard

oleaut32

SysFreeString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysStringLen
VariantInit
VariantChangeType
OleLoadPicture
SysAllocStringLen
VariantClear
SysStringByteLen
SysAllocStringByteLen

ws2_32

htons
gethostbyname
inet_ntoa
WSARecv
WSAWaitForMultipleEvents
WSASend
setsockopt
WSASocketA
WSAConnect
select
WSAGetLastError
__WSAFDIsSet
send
socket
closesocket
WSAStartup
connect
WSACleanup
inet_addr

wininet

InternetCrackUrlA
InternetCloseHandle
InternetOpenUrlA
HttpSendRequestA
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetConnectA
HttpOpenRequestA

Exports

Exports

??0CXListCtrl@@QAE@XZ
??1CXListCtrl@@UAE@XZ
??_7CXListCtrl@@6B@
?CountCheckedItems@CXListCtrl@@QAEHH@Z
?DeleteAllItems@CXListCtrl@@QAEHXZ
?DeleteAllToolTips@CXListCtrl@@QAEXXZ
?DeleteItem@CXListCtrl@@QAEHH@Z
?DeleteProgress@CXListCtrl@@QAEXHH@Z
?DrawCheckbox@CXListCtrl@@IAEXHHPAVCDC@@KKAAVCRect@@PAUXLISTCTRLDATA@@@Z
?DrawComboBox@CXListCtrl@@IAEXHH@Z
?DrawEdit@CXListCtrl@@IAEXHH@Z
?DrawImage@CXListCtrl@@IAEHHHPAVCDC@@KKVCRect@@PAUXLISTCTRLDATA@@@Z
?DrawProgress@CXListCtrl@@IAEXHHPAVCDC@@KKAAVCRect@@PAUXLISTCTRLDATA@@@Z
?DrawTextA@CXListCtrl@@IAEXHHPAVCDC@@KKAAVCRect@@PAUXLISTCTRLDATA@@@Z
?FindDataItem@CXListCtrl@@QAEHK@Z
?GetBold@CXListCtrl@@QAEHHH@Z
?GetCellPadding@CXListCtrl@@QAEHXZ
?GetCheckbox@CXListCtrl@@QAEHHH@Z
?GetColors@CXListCtrl@@IAEXXZ
?GetColumns@CXListCtrl@@QAEHXZ
?GetComboText@CXListCtrl@@QAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?GetCurSel@CXListCtrl@@QAEHXZ
?GetDrawColors@CXListCtrl@@IAEXHHAAK0@Z
?GetEllipsis@CXListCtrl@@QAEHXZ
?GetEnabled@CXListCtrl@@QAEHH@Z
?GetExtendedStyleX@CXListCtrl@@QAEKXZ
?GetHeaderCheckedState@CXListCtrl@@QAEHH@Z
?GetItemCheckedState@CXListCtrl@@QAEHHH@Z
?GetItemColors@CXListCtrl@@QAEHHHAAK0@Z
?GetItemData@CXListCtrl@@QAEKH@Z
?GetItemToolTipText@CXListCtrl@@QAE?AV?$CStringT@DV?$StrTraitMFC@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HH@Z
?GetListModified@CXListCtrl@@QAEHXZ
?GetMessageMap@CXListCtrl@@MBEPBUAFX_MSGMAP@@XZ
?GetModified@CXListCtrl@@QAEHHH@Z
?GetSubItemRect@CXListCtrl@@QAEHHHHAAVCRect@@@Z
?GetThisMessageMap@CXListCtrl@@KGPBUAFX_MSGMAP@@XZ
?InsertItem@CXListCtrl@@QAEHHPBD@Z
?InsertItem@CXListCtrl@@QAEHHPBDKK@Z
?InsertItem@CXListCtrl@@QAEHPBUtagLVITEMA@@@Z
?OnClick@CXListCtrl@@IAEHPAUtagNMHDR@@PAJ@Z
?OnColumnClick@CXListCtrl@@IAEHPAUtagNMHDR@@PAJ@Z
?OnComboComplete@CXListCtrl@@IAEJIJ@Z
?OnComboEscape@CXListCtrl@@IAEJIJ@Z
?OnCreate@CXListCtrl@@IAEHPAUtagCREATESTRUCTA@@@Z
?OnCustomDraw@CXListCtrl@@IAEXPAUtagNMHDR@@PAJ@Z
?OnDestroy@CXListCtrl@@IAEXXZ
?OnEraseBkgnd@CXListCtrl@@IAEHPAVCDC@@@Z
?OnKeyDown@CXListCtrl@@IAEXIII@Z
?OnLButtonDown@CXListCtrl@@IAEXIVCPoint@@@Z
?OnNcLButtonDown@CXListCtrl@@IAEXIVCPoint@@@Z
?OnPaint@CXListCtrl@@IAEXXZ
?OnRButtonDown@CXListCtrl@@IAEXIVCPoint@@@Z
?OnSysColorChange@CXListCtrl@@IAEXXZ
?OnTimer@CXListCtrl@@IAEXI@Z
?OnToolHitTest@CXListCtrl@@UBEHVCPoint@@PAUtagTOOLINFOA@@@Z
?OnToolTipText@CXListCtrl@@MAEHIPAUtagNMHDR@@PAJ@Z
?OnXEditEscape@CXListCtrl@@IAEJIJ@Z
?OnXEditKillFocus@CXListCtrl@@IAEJIJ@Z
?PreSubclassWindow@CXListCtrl@@UAEXXZ
?SetBold@CXListCtrl@@QAEHHHH@Z
?SetCellPadding@CXListCtrl@@QAEXH@Z
?SetCheckbox@CXListCtrl@@QAEHHHH@Z
?SetColumnWidth@CXListCtrl@@UAEHHH@Z
?SetComboBox@CXListCtrl@@QAEHHHHPAVCStringArray@@HHH@Z
?SetCurSel@CXListCtrl@@QAEHHH@Z
?SetEdit@CXListCtrl@@QAEHHH@Z
?SetEllipsis@CXListCtrl@@QAEHH@Z
?SetEnabled@CXListCtrl@@QAEHHH@Z
?SetExtendedStyleX@CXListCtrl@@QAEKK@Z
?SetHeaderAlignment@CXListCtrl@@QAEXI@Z
?SetHeaderCheckedState@CXListCtrl@@QAEHHH@Z
?SetHeaderTextColor@CXListCtrl@@QAEXK@Z
?SetItem@CXListCtrl@@QAEHPBUtagLVITEMA@@@Z
?SetItemCheckedState@CXListCtrl@@QAEXHHH@Z
?SetItemColors@CXListCtrl@@QAEXHHKK@Z
?SetItemData@CXListCtrl@@QAEHHK@Z
?SetItemImage@CXListCtrl@@QAEHHHH@Z
?SetItemText@CXListCtrl@@QAEHHHPBD@Z
?SetItemText@CXListCtrl@@QAEHHHPBDKK@Z
?SetItemToolTipText@CXListCtrl@@QAEHHHPBD@Z
?SetListModified@CXListCtrl@@QAEXH@Z
?SetModified@CXListCtrl@@QAEXHHH@Z
?SetProgress@CXListCtrl@@QAEHHHHPBD@Z
?SubclassHeaderControl@CXListCtrl@@IAEXXZ
?UpdateProgress@CXListCtrl@@QAEXHHH@Z
?UpdateSubItem@CXListCtrl@@QAEXHH@Z
?WM_XLISTCTRL_CHECKBOX_CLICKED@@3IA
?WM_XLISTCTRL_COMBO_SELECTION@@3IA
?WM_XLISTCTRL_EDIT_END@@3IA

Sections

.text
Size: 676KB - Virtual size: 675KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
enswerapi.dll
.dll windows:4 windows x86 arch:x86

ace1158c39194cb13b1424c2ea37d8ca

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\svn\cdp_2.1b\api\msvc8\release\enswerapi.pdb

Imports

ws2_32

htonl
connect
gethostname
shutdown
WSAGetOverlappedResult
WSAConnect
WSAEnumNetworkEvents
WSACreateEvent
closesocket
inet_ntoa
inet_addr
htons
setsockopt
recv
WSAEventSelect
WSAResetEvent
WSACloseEvent
socket
gethostbyname
send
WSARecv
ioctlsocket
WSAWaitForMultipleEvents
WSAStartup
WSACleanup
WSAGetLastError

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpAddRequestHeadersA
InternetConnectA
InternetSetOptionA
InternetCloseHandle
InternetSetStatusCallback
InternetQueryDataAvailable
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestA

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
FlushFileBuffers
GetConsoleCP
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
GetCurrentDirectoryA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
SetLastError
HeapCreate
HeapDestroy
VirtualAlloc
VirtualFree
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
MoveFileA
WaitForSingleObject
ReleaseMutex
GetLastError
ResetEvent
CreateEventA
SetEvent
CloseHandle
CreateMutexA
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
CreateProcessA
TerminateProcess
GetCurrentProcessId
GetExitCodeProcess
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetCurrentThreadId
GetVersionExA
GetModuleFileNameA
FreeEnvironmentStringsW
LoadLibraryA
CreateFileA
GetFileSize
Process32First
CreateToolhelp32Snapshot
Process32Next
FormatMessageA
LocalFree
WriteFile
FreeLibrary
ReadFile
CreatePipe
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
InterlockedCompareExchange
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WriteConsoleA
GetConsoleMode
GetFileType
GetStdHandle
AllocConsole
OutputDebugStringA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
RtlUnwind
GetCommandLineA
HeapReAlloc
FindNextFileA
GetTimeZoneInformation
RemoveDirectoryA
DeleteFileA
FindFirstFileA
GetDriveTypeA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetFullPathNameA
GetDateFormatA
GetTimeFormatA
GetFileAttributesA
CreateDirectoryA
IsDebuggerPresent
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetTickCount
QueryPerformanceCounter
GetLocaleInfoW
SetStdHandle
GetConsoleOutputCP
WriteConsoleW
CreateFileW
SetEndOfFile
CompareStringA
CompareStringW
GetSystemTimeAsFileTime
SetEnvironmentVariableA
InterlockedIncrement
InterlockedDecrement
ExitThread
CreateThread
UnhandledExceptionFilter
RaiseException

user32

SetFocus
CreateWindowExA
GetWindowTextA
DispatchMessageA
SendMessageA
GetFocus
DefWindowProcA
RegisterClassExA
LoadIconA
SetWindowLongA
PostQuitMessage
GetMessageA
InvalidateRect
UpdateWindow
CallWindowProcA
LoadCursorA
GetWindowLongA
TranslateMessage

gdi32

CreateSolidBrush
CreateFontA

advapi32

RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
ReportEventA

Exports

Exports

EnswerAPIAddPayLog
EnswerAPIDelete
EnswerAPIDeletePayLog
EnswerAPIDeleteReport
EnswerAPIDownloadFiltering
EnswerAPIDownloadLogging
EnswerAPIGetUnitedHash
EnswerAPIGetVersion
EnswerAPIGetVersionString
EnswerAPIInit
EnswerAPINew
EnswerAPINewPayLog
EnswerAPINewReport
EnswerAPIPreDownloadFiltering
EnswerAPISetArchiveOption
EnswerAPISetInitEnv
EnswerAPISetNewEnv
EnswerAPIStopUploadFiltering
EnswerAPIUploadFiltering
EnswerAPIUploadFilteringArg

Sections

.text
Size: 416KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
enswerapiworker.dll
.exe windows:4 windows x86 arch:x86

d442e6bf9e31363f1a0d27bf40ef66a2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\svn\cdp_2.1b\api\msvc8\release\enswerapiworker.pdb

Imports

ws2_32

gethostname
gethostbyname
inet_addr
connect
WSAGetLastError
setsockopt
socket
htonl
htons
WSAStartup
send
recv
closesocket
WSACleanup

kernel32

GetConsoleOutputCP
GetLocaleInfoW
SetEndOfFile
SetStdHandle
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeA
FlushFileBuffers
GetTickCount
CreateThread
Sleep
SetErrorMode
WriteFile
ReadFile
GetLastError
CreatePipe
CloseHandle
GetSystemTimeAsFileTime
Process32First
CreateToolhelp32Snapshot
Process32Next
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
DeleteCriticalSection
WaitForSingleObject
InitializeCriticalSection
WriteConsoleW
GetCurrentThreadId
InterlockedCompareExchange
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateEventA
SetEvent
ResetEvent
WriteConsoleA
GetConsoleMode
GetFileType
GetStdHandle
AllocConsole
OutputDebugStringA
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentProcess
GetFileAttributesA
WideCharToMultiByte
IsDBCSLeadByteEx
MultiByteToWideChar
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
VirtualFree
VirtualAlloc
GetCurrentDirectoryA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
InterlockedExchange
InterlockedIncrement
DuplicateHandle
InterlockedDecrement
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetTimeZoneInformation
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
MoveFileA
DeleteFileA
ExitThread
GetTimeFormatA
GetDateFormatA
HeapReAlloc
SetFilePointer
GetModuleFileNameA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
FindNextFileA
GetFullPathNameA
CreateFileA
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
SetLastError
LoadLibraryA
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

advapi32

RegisterEventSourceA
RegCloseKey
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource
OpenProcessToken
GetTokenInformation
GetLengthSid
CopySid
ReportEventA

Sections

.text
Size: 5.9MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.debug_a
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_i
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_f
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_l
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_p
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_a
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_r
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.debug_s
Size: 4KB - Virtual size: 605B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
nat.dll
.dll windows:5 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

_AddServer
_AppendServer
_AutoSetupServiceApp
_DownloadCompleteFile
_ExistFile
_GetCurrentFileSize
_GetLivePeerCount
_GetTraffic
_Init
_NotUseServiceApp
_ReceiveSize
_SetDownloadSpeed
_SetFileServerPeerCount
_SetServerConnectCount
_Speed
_StartDownload
_StartDownload2
_StartDownload3
_StartDownloadForLivePeer
_Status
_StopDownload
_UnInit
_UseDebugView

Sections

UPX0
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 475KB - Virtual size: 476KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 670B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 633B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
svc_setup.exe
.exe windows:1 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

11/02/2011, 00:00

Not After

12/03/2012, 23:59

Subject

CN=TGSM Inc.,OU=Dev Team,O=TGSM Inc.,L=Haeundae-gu,ST=Busan,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

17/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
version.cab

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 151KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 9KB - Virtual size: 9KB

741b6bafe355b63a372d737b30543a95

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winmm

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 188B

.reloc Size: 512B - Virtual size: 436B

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

0000020b36314254f6eca65a7ae713f4

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

wininet

iphlpapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 22KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 3KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 151KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 9KB - Virtual size: 9KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 188B

.reloc
Size: 512B - Virtual size: 436B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 22KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 304B

.reloc
Size: 8KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

51:10:a6:61:62:04:b0:26:4e:74:f3:52:7f:a2:aa:76
Certificate

34:4e:d5:57:20:d5:ed:ec:49:f4:2f:ce:37:db:2b:6d
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate