30aa764e3efb7e234cc694e92d9e495d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

30aa764e3efb7e234cc694e92d9e495d_JaffaCakes118
Size

1.8MB
MD5

30aa764e3efb7e234cc694e92d9e495d
SHA1

6563914a1b3849e0ff402b176856684ac2a5da1a
SHA256

d6129731391f088c7c219e2cf69fed6d71e769514e29e65c179116feba1d3d8d
SHA512

af55716fc4806902f92b801399a5d520302722d81b6974ca9e6f72f3191947273efe3f1dd841920d04cd8a26a039c49d21756de402eefd18f20ad770aedcdc48
SSDEEP

49152:cW71Kf0tt8SqQsPcrlU+0OXgS2HX7z2q1:zztX6PJFw2HrCq1

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack001/TVK.exe
unpack002///uninstall.exe
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/System.dll
unpack002//ɽ.exe
unpack002//InstallOptions.dll
unpack002/$_4612_/PSNetwork.dll
unpack002/$_4741_/AcIERHelper.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
static1/unpack001/TVK.exe	nsis_installer_1
static1/unpack002///uninstall.exe	nsis_installer_1
static1/unpack002//setup.exe	nsis_installer_1
static1/unpack002//setup.exe	nsis_installer_2

Files

30aa764e3efb7e234cc694e92d9e495d_JaffaCakes118
.rar
TVK.exe
.exe windows:4 windows x86 arch:x86

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
SetErrorMode
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
GetModuleHandleA
LoadLibraryA
CreateThread
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
ExitProcess

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
PostQuitMessage
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
//uninstall.exe
.exe windows:4 windows x86 arch:x86

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ord17
ImageList_AddMasked
ImageList_Destroy

kernel32

GetExitCodeProcess
WaitForSingleObject
ExpandEnvironmentStringsA
GetEnvironmentVariableA
lstrcmpiA
FindNextFileA
DeleteFileA
FindFirstFileA
SetFileTime
GetFileAttributesA
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
lstrcatA
SetCurrentDirectoryA
CreateDirectoryA
SetFileAttributesA
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
CopyFileA
SetErrorMode
lstrcpynA
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
GetUserDefaultLangID
GetDiskFreeSpaceA
GetVersion
GlobalUnlock
GlobalLock
GlobalAlloc
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcpyA
lstrlenA
GetSystemDirectoryA
EnterCriticalSection
Sleep
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
GlobalFree
GetModuleHandleA
LoadLibraryA
CreateThread
GetProcAddress
FreeLibrary
MultiByteToWideChar
GetCurrentProcess
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
FindClose
MulDiv
ExitProcess

user32

CreateDialogParamA
DialogBoxParamA
GetClassInfoA
CreateWindowExA
SystemParametersInfoA
RegisterClassA
EndDialog
SetFocus
ScreenToClient
GetWindowRect
GetWindowLongA
SetClassLongA
IsWindowEnabled
SetWindowPos
LoadCursorA
SetCursor
GetDlgItemTextA
MapWindowPoints
GetMessagePos
LoadBitmapA
CallWindowProcA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
MessageBoxA
CharPrevA
DestroyWindow
SetTimer
SetForegroundWindow
ShowWindow
CharNextA
wsprintfA
SendMessageTimeoutA
FindWindowExA
IsWindow
GetDlgItem
GetSysColor
SetWindowLongA
LoadImageA
GetDC
EnableWindow
PeekMessageA
DispatchMessageA
ExitWindowsEx
PostQuitMessage
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
GetWindowTextA
DrawTextA
EndPaint
InvalidateRect

gdi32

SetBkColor
GetDeviceCaps
CreateFontIndirectA
DeleteObject
CreateSolidBrush
CreateFontA
SetBkMode
SetTextColor
CreateBrushIndirect
SelectObject

advapi32

RegEnumValueA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegCloseKey

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHGetSpecialFolderLocation
SHFileOperationA

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/modern-header.bmp
/AD_bg.jpg
.jpg
/Ad.htm
.html .js polyglot
/Ad11.htm
.html .js polyglot
/Buffering.gif
.gif
/Buffering.htm
.html
/Buffering.jpg
.jpg
/LoginTV.htm
.js
/Quick.tvk
/Splash.jpg
.jpg
/TVDat.dat
/WhatsNew.htm
.html
/config.dll
/mobilefee.htm
.html
/setup.exe
.exe windows:4 windows x86 arch:x86

dfb06052e74b26a42b0e490bd1c07959

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

80:6f:a6:75:2e:a7:99:c7:88:4a:b6:19:c6:9d:7e:4f:b8:ee:22:08
Signer

Actual PE Digest

80:6f:a6:75:2e:a7:99:c7:88:4a:b6:19:c6:9d:7e:4f:b8:ee:22:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
SetFilePointer
MulDiv
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetAsyncKeyState
IsDlgButtonChecked
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
RegisterClassA
OpenClipboard
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
wvsprintfA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
ShowWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
EmptyClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SetForegroundWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/option_big.ini
$PLUGINSDIR/option_cn.ini
$PLUGINSDIR/option_en.ini
$TEMP/modules/$R0
.dll regsvr32 windows:4 windows x86 arch:x86

e3856bb100fa908175842f70323fca45

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66
Signer

Actual PE Digest

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetSystemDefaultLangID
LocalFree
ExpandEnvironmentStringsW
GetVersionExA
lstrcmpA
FindNextFileW
FindFirstFileW
GetModuleFileNameA
GetShortPathNameA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
GetCurrentProcess
CreateDirectoryA
CopyFileA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
Process32Next
Process32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
GetLocalTime
SetEnvironmentVariableA
CompareStringW
GetTickCount
SetEndOfFile
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
Sleep
ExitProcess
GetVersion
GetCommandLineA
HeapReAlloc
GetSystemTime
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsA
lstrcatW
GetCurrentProcessId
lstrcpyA
lstrcmpiA
SetFileAttributesA
MultiByteToWideChar
WritePrivateProfileStringA
lstrlenA
GetCurrentThreadId
GetProcessHeap
HeapFree
lstrcpyW
lstrcpynW
lstrcmpiW
GetPrivateProfileIntA
lstrlenW
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetTimeZoneInformation
RtlUnwind
HeapAlloc
DeleteFileA
WideCharToMultiByte
CompareStringA
InterlockedExchange

user32

PtInRect
ScreenToClient
GetCursorPos
GetDC
SetWindowTextW
GetWindowTextLengthW
GetParent
DrawTextW
SendMessageA
IsWindow
GetAsyncKeyState
SetCursor
GetClientRect
GetWindowTextW
SetWindowLongA
PostMessageW
SendMessageW
LoadCursorA
CopyRect
GetSysColor
FindWindowExW
LoadImageW
DestroyIcon
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfA
LoadImageA
ReleaseDC
GetWindowLongA
CharNextA
FindWindowExA
GetClassNameA
CreateWindowExA
DestroyWindow
wsprintfW
GetWindowRect
CreatePopupMenu
InsertMenuItemW
CheckMenuItem
TrackPopupMenu
DestroyMenu
CallWindowProcW
SetWindowLongW
GetDlgCtrlID
GetWindowThreadProcessId
FillRect
GetFocus

gdi32

GetTextExtentPointW
SetTextColor
SetBkMode
GetTextExtentPoint32W
CreateCompatibleDC
GetObjectA
SelectObject
CreateDIBSection
BitBlt
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA
StrStrIW
StrCmpIW
StrCmpW
StrStrIA
PathFindFileNameA
StrStrW
StrCmpNIW
StrCpyW
StrCatW
StrCpyNW
StrDupW
UrlApplySchemeW
PathIsURLW
StrRetToBufW
StrRStrIW
PathFileExistsW
PathIsDirectoryW
StrDupA
StrNCatW

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetCrackUrlA
FindCloseUrlCache

urlmon

URLDownloadToFileA

comctl32

ImageList_Remove
ImageList_ReplaceIcon

ws2_32

gethostbyname
inet_ntoa
WSAGetLastError
WSAStartup
recv
connect
inet_addr
htons
send
setsockopt
socket
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/modules/addr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

e3856bb100fa908175842f70323fca45

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66
Signer

Actual PE Digest

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindNextFileA
FindFirstFileA
GetSystemDefaultLangID
LocalFree
ExpandEnvironmentStringsW
GetVersionExA
lstrcmpA
FindNextFileW
FindFirstFileW
GetModuleFileNameA
GetShortPathNameA
CloseHandle
WriteFile
CreateFileA
lstrcpynA
GetCurrentProcess
CreateDirectoryA
CopyFileA
DeleteCriticalSection
InitializeCriticalSection
DisableThreadLibraryCalls
Process32Next
Process32First
CreateToolhelp32Snapshot
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
IsDBCSLeadByte
SetFilePointer
ReadFile
SystemTimeToFileTime
GetCurrentDirectoryA
LocalFileTimeToFileTime
GetFileAttributesA
SetFileTime
GetLocalTime
SetEnvironmentVariableA
CompareStringW
GetTickCount
SetEndOfFile
GetOEMCP
GetACP
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
GetCPInfo
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapSize
TerminateProcess
LCMapStringW
LCMapStringA
Sleep
ExitProcess
GetVersion
GetCommandLineA
HeapReAlloc
GetSystemTime
CreateThread
LoadLibraryA
GetProcAddress
FreeLibrary
ExpandEnvironmentStringsA
lstrcatW
GetCurrentProcessId
lstrcpyA
lstrcmpiA
SetFileAttributesA
MultiByteToWideChar
WritePrivateProfileStringA
lstrlenA
GetCurrentThreadId
GetProcessHeap
HeapFree
lstrcpyW
lstrcpynW
lstrcmpiW
GetPrivateProfileIntA
lstrlenW
GetPrivateProfileStringA
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetTimeZoneInformation
RtlUnwind
HeapAlloc
DeleteFileA
WideCharToMultiByte
CompareStringA
InterlockedExchange

user32

PtInRect
ScreenToClient
GetCursorPos
GetDC
SetWindowTextW
GetWindowTextLengthW
GetParent
DrawTextW
SendMessageA
IsWindow
GetAsyncKeyState
SetCursor
GetClientRect
GetWindowTextW
SetWindowLongA
PostMessageW
SendMessageW
LoadCursorA
CopyRect
GetSysColor
FindWindowExW
LoadImageW
DestroyIcon
CallNextHookEx
SetWindowsHookExW
UnhookWindowsHookEx
wsprintfA
LoadImageA
ReleaseDC
GetWindowLongA
CharNextA
FindWindowExA
GetClassNameA
CreateWindowExA
DestroyWindow
wsprintfW
GetWindowRect
CreatePopupMenu
InsertMenuItemW
CheckMenuItem
TrackPopupMenu
DestroyMenu
CallWindowProcW
SetWindowLongW
GetDlgCtrlID
GetWindowThreadProcessId
FillRect
GetFocus

gdi32

GetTextExtentPointW
SetTextColor
SetBkMode
GetTextExtentPoint32W
CreateCompatibleDC
GetObjectA
SelectObject
CreateDIBSection
BitBlt
DeleteObject
DeleteDC
CreateSolidBrush

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance

oleaut32

VarUI4FromStr
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

PathAppendA
PathRemoveFileSpecA
PathFileExistsA
StrStrIW
StrCmpIW
StrCmpW
StrStrIA
PathFindFileNameA
StrStrW
StrCmpNIW
StrCpyW
StrCatW
StrCpyNW
StrDupW
UrlApplySchemeW
PathIsURLW
StrRetToBufW
StrRStrIW
PathFileExistsW
PathIsDirectoryW
StrDupA
StrNCatW

wininet

DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
InternetCrackUrlW
InternetCrackUrlA
FindCloseUrlCache

urlmon

URLDownloadToFileA

comctl32

ImageList_Remove
ImageList_ReplaceIcon

ws2_32

gethostbyname
inet_ntoa
WSAGetLastError
WSAStartup
recv
connect
inet_addr
htons
send
setsockopt
socket
closesocket

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/modules/auxr.dll
.dll windows:4 windows x86 arch:x86

47678825157cd635a4fcc2bed640ea66

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0f:96:fd:03:79:ef:84:65:b0:2b:ad:15:c0:4f:d1:10:82:52:67
Signer

Actual PE Digest

61:0f:96:fd:03:79:ef:84:65:b0:2b:ad:15:c0:4f:d1:10:82:52:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

iphlpapi

GetAdaptersInfo

kernel32

RtlUnwind
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
HeapAlloc
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
InterlockedDecrement
InterlockedIncrement
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
CloseHandle

Exports

Exports

Aux_Aux
Aux_Uid

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/modules/auxr.exe
.exe windows:4 windows x86 arch:x86

d6ea02ddbcfab8f0b9cc8a1fa8516135

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:60:a8:30:26:a4:de:b9:e4:36:89:4a:9b:8c:bd:2b:49:58:a8:fa
Signer

Actual PE Digest

9e:60:a8:30:26:a4:de:b9:e4:36:89:4a:9b:8c:bd:2b:49:58:a8:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
ExpandEnvironmentStringsA
CreateDirectoryA
DeleteFileA
FreeLibrary
WinExec
lstrcatA
SetEnvironmentVariableA
CompareStringW
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetPrivateProfileStringA
HeapSize
TerminateProcess
GetOEMCP
GetACP
GetCPInfo
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
GetVersionExA
GetEnvironmentVariableA
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindNextFileA
FindFirstFileA
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
WritePrivateProfileStringA
SetFileAttributesA
LoadLibraryA
GetProcAddress
LocalFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
GetSystemDefaultLangID
SetThreadLocale
RaiseException
ReleaseMutex
CloseHandle
CreateMutexA
GetLastError
GetCurrentProcess
FlushInstructionCache
InterlockedDecrement
OutputDebugStringA
DebugBreak
CompareStringA
InterlockedIncrement
lstrcmpiA
lstrlenA
lstrcpyA
GetModuleFileNameA
UnhandledExceptionFilter
GetThreadLocale

user32

IsWindowEnabled
GetSysColor
GetFocus
FillRect
GetDlgCtrlID
GetCursorPos
ScreenToClient
CallWindowProcA
PtInRect
SetFocus
SetCapture
GetCapture
ReleaseCapture
IsDialogMessageA
LoadImageA
GetDlgItem
GetParent
SetDlgItemTextA
GetSystemMetrics
PostQuitMessage
CheckDlgButton
IsDlgButtonChecked
SetCursor
InvalidateRect
UpdateWindow
DestroyCursor
SetRectEmpty
FrameRect
EnableWindow
DestroyWindow
CreateDialogParamA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
FindWindowA
IsWindowVisible
IsIconic
BringWindowToTop
SetForegroundWindow
DefWindowProcA
ShowWindow
LoadStringA
wvsprintfA
CharNextA
SetWindowTextA
CreateWindowExA
ReleaseDC
GetDC
DrawTextA
OffsetRect
GetClassNameA
SetWindowLongA
CreateCursor
GetWindowTextLengthA
GetWindowTextA
GetWindowLongA
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SetWindowPos
EndPaint
IsWindow
SendMessageA
BeginPaint
GetClientRect
ClientToScreen
DrawFocusRect

gdi32

SetBkColor
GetTextExtentPointA
SetBkMode
CreateSolidBrush
SetTextColor
TextOutA
DeleteDC
GetStockObject
GetObjectA
DeleteObject
LineTo
MoveToEx
SelectObject
ExtTextOutA
CreateFontIndirectA
CreatePen

advapi32

RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAppendA
SHGetValueA

comctl32

InitCommonControlsEx
_TrackMouseEvent

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/modules/shell.exe
.exe windows:4 windows x86 arch:x86

71f75802017354127962b2eabc8254d4

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:93:24:ce:23:e7:35:06:a5:41:36:0f:2b:8b:a6:a9:8c:da:f6:4b
Signer

Actual PE Digest

dd:93:24:ce:23:e7:35:06:a5:41:36:0f:2b:8b:a6:a9:8c:da:f6:4b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDefaultLangID
FreeLibrary
GetProcAddress
LoadLibraryA
TerminateProcess
CloseHandle
WritePrivateProfileStringA
InterlockedIncrement
DebugBreak
OutputDebugStringA
InterlockedDecrement
GetLastError
GetPrivateProfileIntA
Sleep
WinExec
ReadFile
SetStdHandle
FlushFileBuffers
CreateDirectoryA
lstrlenA
FindFirstFileA
SetFileAttributesA
DeleteFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetModuleFileNameA
GetPrivateProfileStringA
LocalFree
ExpandEnvironmentStringsA
RaiseException
VirtualAlloc
LCMapStringW
LCMapStringA
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
HeapFree
HeapAlloc
HeapReAlloc
GetCurrentProcess
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
SetUnhandledExceptionFilter

user32

CharNextA
wvsprintfA
LoadStringA

advapi32

SetEntriesInAclA
GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetNamedSecurityInfoA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegDeleteKeyA
RegCloseKey
RegSetValueExA
RegEnumKeyA

shlwapi

SHDeleteKeyA
SHSetValueA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecA
PathAppendA

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/modules/sign.dll
.dll windows:4 windows x86 arch:x86

42c095e840a02bdbd17c7caf849a3f19

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

27-09-2007 00:00

Not After

11-10-2008 23:59

Subject

CN=China Internet Network Information Center,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Technique Department,O=China Internet Network Information Center,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

36:f0:0d:69:c9:0d:3b:ac:e2:82:d3:ad:a6:3e:06:25:b1:93:24:af
Signer

Actual PE Digest

36:f0:0d:69:c9:0d:3b:ac:e2:82:d3:ad:a6:3e:06:25:b1:93:24:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
CloseHandle
ReadFile
GetFileSize
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CopyFileA
WriteFile
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
VirtualAlloc
HeapReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
FlushFileBuffers
GetStringTypeA
GetStringTypeW
SetStdHandle
LCMapStringA
LCMapStringW
RtlUnwind

Exports

Exports

Sign_SplitSgnFile
Sign_VerifySgnFile

Sections

.text
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/unikeyword/config.dat
$TEMP/unikeyword/rscver.dat
$TEMP/unikeyword/setup.dat
$WINDIR/ocinfo.dat
KwData/Resource/default.ini
KwData/Resource/default/addrlist.ini
KwData/Resource/default/kwinfo.ini
KwData/Resource/default/listicon.ico
KwData/Resource/default/vistabmp.bmp
KwData/Resource/default/xpbmp.bmp
KwData/Resource/education.ini
KwData/Resource/education/addrlist.ini
KwData/Resource/education/kwinfo.ini
KwData/Resource/education/listicon.ico
KwData/Resource/education/vistabmp.bmp
KwData/Resource/education/xpbmp.bmp
KwData/Resource/finance.ini
KwData/Resource/finance/addrlist.ini
KwData/Resource/finance/kwinfo.ini
KwData/Resource/finance/listicon.ico
KwData/Resource/finance/vistabmp.bmp
KwData/Resource/finance/xpbmp.bmp
KwData/Resource/fun.ini
KwData/Resource/fun/addrlist.ini
KwData/Resource/fun/kwinfo.ini
KwData/Resource/news.ini
KwData/Resource/news/addrlist.ini
KwData/Resource/news/kwinfo.ini
KwData/Resource/user.ini
KwData/rscver.dat
kwhkcu_big.reg
kwhkcu_cn.reg
kwhkcu_en.reg
kwhklm_big.reg
kwhklm_cn.reg
kwhklm_en.reg
stcr.dat
ukwrbtn.html
.html .js polyglot
url.ico
version.dat
/skins/ɫ.dll
/skins/XP.dll
/skins/δ.dll
/tvk.dat
/unicomreg.htm
.html .js polyglot
/welcome.htm
.html
/wmp11_bg.jpg
.jpg
/ɽ$(LSTR_6014)url
.url
/ɽ.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 935KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

7ca439f240520f2b3eaee86b88d31ab2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
lstrcpynA
GetModuleHandleA
GlobalAlloc
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
lstrcatA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
lstrcmpiA

user32

GetDlgCtrlID
SetWindowLongA
LoadIconA
LoadImageA
PtInRect
GetDC
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
GetDlgItem
GetWindowLongA
DrawTextA
DrawFocusRect
MapWindowPoints
CallWindowProcA
PostMessageA
SetWindowTextA
SendMessageA
GetWindowTextA
SetFocus
MessageBoxA
wsprintfA
CreateWindowExA

gdi32

SetTextColor
SelectObject
CreateCompatibleDC
DeleteObject
GetTextExtentPoint32A
DeleteDC
SetBkMode
SetBkColor
GetTextMetricsA

comdlg32

GetOpenFileNameA
CommDlgExtendedError
GetSaveFileNameA

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA
SHGetMalloc

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 942B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
/ioSpecial.ini
/modern-header.bmp
/modern-wizard.bmp
$_4612_/PSNetwork.dll
.dll windows:4 windows x86 arch:x86

3be0b942a870bf0ace51981889d053d3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5572
ord2915
ord4277
ord4278
ord2763
ord1228
ord6283
ord3721
ord3619
ord809
ord795
ord2614
ord556
ord3663
ord3626
ord2414
ord4275
ord5875
ord2864
ord1088
ord2122
ord1641
ord3797
ord6358
ord6197
ord2859
ord6880
ord926
ord2860
ord4129
ord5683
ord6663
ord4774
ord4402
ord3640
ord693
ord4243
ord3301
ord3910
ord6605
ord2754
ord6696
ord3293
ord6282
ord538
ord6569
ord1085
ord5601
ord802
ord542
ord922
ord6905
ord6007
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2546
ord291
ord5710
ord2824
ord6874
ord2642
ord1175
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3953
ord2725
ord771
ord2528
ord1008
ord497
ord1948
ord5303
ord4699
ord5715
ord817
ord565
ord2726
ord4226
ord6215
ord2086
ord5450
ord6394
ord5440
ord6383
ord283
ord5678
ord5789
ord5787
ord5873
ord6172
ord5736
ord2814
ord834
ord3573
ord3089
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1669
ord5681
ord4224
ord2652
ord6334
ord3874
ord3092
ord858
ord1768
ord5280
ord470
ord755
ord4234
ord2301
ord324
ord567
ord6467
ord1168
ord1146
ord641
ord656
ord3610
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord3597
ord4853
ord4376
ord6199
ord2370
ord4202
ord6877
ord3337
ord4171
ord6311
ord2764
ord3097
ord6453
ord3998
ord6907
ord939
ord5953
ord2379
ord4710
ord3996
ord4258
ord825
ord2302
ord489
ord768
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord1907
ord940
ord356
ord535
ord941
ord2770
ord2781
ord4058
ord3181
ord3178
ord3310
ord668
ord2818
ord540
ord3811
ord2820
ord537
ord800
ord860
ord823
ord539

msvcrt

strstr
_beginthreadex
_mbscmp
memset
memcmp
memcpy
atoi
sprintf
strlen
time
srand
rand
__CxxFrameHandler
_purecall
_stricmp
_strcmpi
_strnicmp
_vsnprintf
_except_handler3
atof
_mbccpy
_mbsnbcmp
_mbsstr
_mbclen
_mbsncmp
_mbschr
strcat
strncpy
fopen
fwrite
fflush
fclose
_mbsicmp
sscanf
_mbsrchr
??8type_info@@QBEHABV0@@Z
_CxxThrowException
_ftol
toupper
vsprintf
strcpy
exit
__dllonexit
_onexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_endthreadex

kernel32

InterlockedIncrement
GetVersionExA
DeviceIoControl
lstrcmpA
LockFile
WriteFile
UnlockFile
ReadFile
MoveFileA
FindFirstFileA
FindNextFileA
FindClose
GetFileSize
SetFilePointer
SetEndOfFile
GetFileAttributesA
GlobalFree
GetModuleFileNameA
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
OutputDebugStringA
lstrcpyA
ResetEvent
SetEvent
WaitForSingleObject
GetExitCodeThread
CreateFileA
WideCharToMultiByte
LocalFree
InterlockedDecrement
TerminateProcess
CreateDirectoryA
GetPrivateProfileStringA
WritePrivateProfileStringA
SetLastError
GetLastError
InterlockedExchange
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrlenA
GetPrivateProfileIntA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
lstrlenW
GetTempFileNameA
GetTempPathA
SetUnhandledExceptionFilter
VirtualQuery
GetFileTime
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
IsBadReadPtr
MultiByteToWideChar
FreeLibrary
LoadLibraryA
GetWindowsDirectoryA
CreateProcessA
GetProcAddress
LoadLibraryExA
GetCurrentThreadId
lstrcpynA
lstrcmpiA
CreateEventA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
OpenFile
GetACP
CopyFileA
SetFileTime
SystemTimeToFileTime
CloseHandle
GetTickCount
GetSystemTime

user32

EnableWindow
GetMessagePos
RegisterWindowMessageA
FillRect
MessageBeep
PostThreadMessageA
GetMenuItemCount
GetMenuItemID
LoadMenuA
GetSubMenu
PostMessageA
SetWindowPos
GetCursorPos
ScreenToClient
UpdateWindow
SendDlgItemMessageA
SetDlgItemTextA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
GetWindowRect
GetDC
ReleaseDC
InflateRect
InvalidateRect
IsWindow
SetCursor
PtInRect
ReleaseCapture
RedrawWindow
SetCapture
DestroyCursor
GetSysColor
wsprintfA
GetParent
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
SetWindowLongA
GetWindowLongA
IsWindowVisible
IsIconic
KillTimer
SetTimer
MessageBoxA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
LoadIconA

gdi32

GetTextExtentPoint32A
GetObjectA
CreateFontIndirectA
GetStockObject

advapi32

CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
RegCloseKey
GetUserNameA

shell32

ExtractIconA
SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoInitialize
OleRun
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromCLSID
CoUninitialize

oleaut32

SysAllocString
VariantClear
SysFreeString
GetErrorInfo

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Xran@std@@YAXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ws2_32

getpeername
gethostname
WSAStartup
recvfrom
WSACleanup
sendto
send
recv
inet_addr
connect
gethostbyname
setsockopt
shutdown
WSACreateEvent
WSAEventSelect
WSACloseEvent
WSASocketA
socket
htons
bind
getsockname
ntohs
listen
WSASetEvent
WSAWaitForMultipleEvents
WSAGetLastError
WSASetLastError
WSAResetEvent
WSAEnumNetworkEvents
accept
closesocket
WSASend
inet_ntoa
WSARecv

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetSetCookieA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wmvcore

WMCreateReader
WMCreateWriter

Exports

Exports

??0CPSNetwork@@QAE@ABV0@@Z
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
??4CPSNetwork@@QAEAAV0@ABV0@@Z
??_7CPSNetwork@@6B@
?Connect@CPSNetwork@@QAEHXZ
?Disconnect@CPSNetwork@@QAEXXZ
?GetCacheTime@CPSNetwork@@QAEHXZ
?GetChannelName@CPSNetwork@@QAEPBDXZ
?GetChannelOnlineCount@CPSNetwork@@QAEKXZ
?GetComment@CPSNetwork@@QAEPBDH@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?GetMsg@CPSNetwork@@QAEHAAKPAD@Z
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ
?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?Save@CPSNetwork@@QAEHPBD@Z
?SetLogLevel@CPSNetwork@@QAEHH@Z
?SetParam@CPSNetwork@@QAEXPBD0@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
FIO_Create

Sections

.text
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_4612_/PowerPlayer.dll
.dll regsvr32 windows:4 windows x86 arch:x86

f43e3dfe6894cb729a259eaa180c0c3b

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16-07-2004 00:00

Not After

15-07-2014 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

64:6a:7c:3d:37:aa:20:67:3c:5e:27:ee:72:d8:f3:0e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

12-07-2007 00:00

Not After

11-07-2008 23:59

Subject

CN=SHANGHAI ZHONGYUAN NETWORKS LIMITED,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Product Department,O=SHANGHAI ZHONGYUAN NETWORKS LIMITED,L=Shanghai,ST=Shanghai,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6111
ord2915
ord1200
ord1175
ord2393
ord1567
ord268
ord4160
ord3619
ord809
ord556
ord1088
ord2122
ord3797
ord6358
ord941
ord926
ord2860
ord6385
ord6930
ord5450
ord6394
ord5440
ord6383
ord6379
ord772
ord6142
ord500
ord5860
ord3986
ord5606
ord939
ord4284
ord5873
ord5834
ord2841
ord2448
ord2044
ord2107
ord6467
ord5861
ord6883
ord6648
ord4278
ord6663
ord703
ord404
ord603
ord273
ord275
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord640
ord5785
ord1640
ord323
ord816
ord3908
ord562
ord940
ord1233
ord5575
ord6194
ord6378
ord3815
ord5981
ord6442
ord465
ord4204
ord6928
ord2652
ord4202
ord4224
ord1669
ord5710
ord2763
ord3716
ord790
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord561
ord1134
ord3952
ord1205
ord2724
ord6354
ord1216
ord1227
ord6010
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord4006
ord2727
ord2730
ord2729
ord5572
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord2575
ord4707
ord2876
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord5332
ord5328
ord5331
ord5314
ord5333
ord2541
ord4949
ord2998
ord4459
ord5033
ord4502
ord6030
ord6876
ord2956
ord1601
ord3474
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord6311
ord4171
ord2753
ord3546
ord4317
ord2243
ord5788
ord472
ord5787
ord6646
ord6334
ord2450
ord4133
ord4297
ord3005
ord4033
ord433
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord1979
ord665
ord924
ord922
ord1641
ord641
ord795
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord2078
ord289
ord613
ord539
ord6143
ord4476
ord2764
ord6199
ord6605
ord4287
ord2688
ord801
ord541
ord283
ord3742
ord2795
ord6215
ord2086
ord2642
ord4299
ord6880
ord3092
ord2116
ord2614
ord6778
ord6453
ord1168
ord2567
ord3874
ord2380
ord4275
ord609
ord3574
ord4396
ord4023
ord6282
ord6283
ord5683
ord4277
ord4129
ord5875
ord5789
ord2754
ord6172
ord2859
ord5768
ord2864
ord4034
ord535
ord1949
ord818
ord2135
ord823
ord1146
ord1644
ord2863
ord6270
ord2379
ord2438
ord3654
ord2584
ord4220
ord470
ord755
ord4710
ord6380
ord6197
ord4234
ord2302
ord2370
ord2414
ord3626
ord3663
ord825
ord324
ord567
ord540
ord860
ord858
ord800
ord537
ord6877
ord2818
ord354
ord5186
ord3318
ord2919
ord4705
ord5442
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord3573
ord3721
ord4424
ord3402
ord5290
ord1776
ord1226
ord6055
ord1131

msvcrt

strstr
_mbsicmp
abs
fopen
fwrite
fflush
fclose
sprintf
time
strcmp
memset
atoi
strlen
_ftol
_stricmp
__CxxFrameHandler
_mbsstr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
_beginthreadex
_endthreadex
exit
memcpy
strcpy
_access
toupper
memcmp
wcsncpy
pow
atol
strcat
strchr
_mbsrchr
strncpy
strncmp
memmove
_mbscmp
strrchr
wcstol
wcscmp
wcslen
rand
srand
strtoul
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_onexit

kernel32

CopyFileA
OpenFile
GetCurrentProcess
GetCurrentProcessId
GetSystemTime
OpenProcess
GetExitCodeProcess
TerminateProcess
WinExec
GetProcAddress
lstrcpynA
CreateDirectoryA
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
ResumeThread
MulDiv
GlobalFree
CreateEventA
FindResourceA
LoadResource
SizeofResource
LockResource
LCMapStringA
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersionExA
DeviceIoControl
InterlockedDecrement
GetLastError
CreateFileA
GetModuleFileNameA
GetCurrentDirectoryA
SetCurrentDirectoryA
GlobalAlloc
GlobalLock
GlobalUnlock
LeaveCriticalSection
LocalFree
LocalAlloc
ResetEvent
SetEvent
WaitForSingleObject
EnterCriticalSection
GetExitCodeThread
DeleteCriticalSection
InitializeCriticalSection
CreateProcessA
CloseHandle
lstrcpyA
GetPrivateProfileStringA
GetTickCount
Sleep
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
lstrlenA
lstrcatA
lstrlenW

user32

GetMenuStringA
GetMenuState
InsertMenuItemA
MessageBoxA
GetParent
ClientToScreen
KillTimer
SetTimer
RegisterClassA
DefWindowProcA
PostMessageA
SetRect
ScreenToClient
PtInRect
SetCursor
LoadMenuA
GetSubMenu
GetCursorPos
GetClientRect
GetMessageA
TranslateMessage
PostThreadMessageA
GetCapture
CreatePopupMenu
AppendMenuA
GetClassInfoA
EnableMenuItem
DeleteMenu
InsertMenuA
GetPropA
RemoveMenu
MonitorFromWindow
GetMonitorInfoA
GetDesktopWindow
SetParent
SetRectEmpty
ShowCursor
GrayStringA
TabbedTextOutA
wsprintfA
ShowWindow
SetForegroundWindow
LoadCursorA
CopyIcon
SetWindowLongA
ReleaseCapture
RedrawWindow
DestroyCursor
GetMenuItemCount
GetMenuItemInfoA
GetMenuStringW
GetMenuItemID
ModifyMenuA
UpdateWindow
CopyRect
GetSystemMetrics
SystemParametersInfoA
CharLowerA
IntersectRect
IsRectEmpty
MoveWindow
OffsetRect
mouse_event
DispatchMessageA
InvalidateRect
IsWindow
GetDC
CheckMenuItem
ReleaseDC
EnableWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
DrawTextA
FillRect
GetSysColor
GetWindowRect
SetPropA
GetWindowLongA
IsWindowVisible
SendMessageA
SetCapture
InflateRect
FrameRect

gdi32

SetBkColor
GetViewportExtEx
GetWindowExtEx
SetMapMode
GetMapMode
PtVisible
RectVisible
CreateBitmap
ExtTextOutA
Escape
GetNearestColor
Rectangle
GetTextMetricsA
GetObjectA
CreateFontIndirectA
StretchBlt
CreateRectRgnIndirect
CombineRgn
FillRgn
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteDC
GetDeviceCaps
GetStockObject
GetTextExtentPoint32A
SelectObject
PatBlt
DeleteObject
SetTextColor
SetBkMode
LPtoDP
TextOutA
CreateSolidBrush
DPtoLP

advapi32

RegSetValueA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegQueryValueExA

shell32

SHGetMalloc
ShellExecuteA
ShellExecuteExA
SHGetPathFromIDListA
SHGetSpecialFolderLocation

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance

olepro32

ord251

oleaut32

LoadRegTypeLi
SysAllocString
SysAllocStringLen
VariantClear
SysFreeString
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayDestroy

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

psnetwork

?GetStreamingType@CPSNetwork@@QAE?AW4STREAMING_TYPE@@XZ
?GetPercent@CPSNetwork@@QAEHAAK0@Z
?GetChannelName@CPSNetwork@@QAEPBDXZ
?Save@CPSNetwork@@QAEHPBD@Z
?ShowPropertyDlg@CPSNetwork@@QAEXH@Z
?Connect@CPSNetwork@@QAEHXZ
?GetComment@CPSNetwork@@QAEPBDH@Z
??0CPSNetwork@@QAE@XZ
??1CPSNetwork@@UAE@XZ
?SetParam@CPSNetwork@@QAEXPBD0@Z
?GetHttpURL@CPSNetwork@@QAEPBDH@Z
?Disconnect@CPSNetwork@@QAEXXZ
?GetStatus@CPSNetwork@@QAE?AW4PLAY_STATUS@@XZ

ws2_32

WSACleanup
inet_ntoa
WSAStartup

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_4741_/AcIERHelper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c34726458e2d510191df00cf8113f917

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
CloseHandle
WriteFile
CreateFileA
FindClose
FindFirstFileA
SetFileTime
GetFileTime
LocalFree
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
SetEnvironmentVariableA
DeleteCriticalSection
InitializeCriticalSection
GetModuleFileNameA
DisableThreadLibraryCalls
GetPrivateProfileSectionA
GetTickCount
CompareStringA
GetEnvironmentVariableA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
ReadFile
LoadLibraryA
FlushFileBuffers
SetStdHandle
GetSystemDirectoryA
WideCharToMultiByte
GetPrivateProfileStringA
GetPrivateProfileIntA
GetWindowsDirectoryA
DeleteFileA
WritePrivateProfileStringA
GetLastError
MultiByteToWideChar
lstrlenW
CompareStringW
SetFilePointer
GetStringTypeW
GetStringTypeA
VirtualAlloc
SetHandleCount
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
GetVersion
RaiseException
TlsAlloc
TlsFree
SetLastError
HeapAlloc
HeapFree
ExitProcess
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
GetProcAddress
GetModuleHandleA
SetUnhandledExceptionFilter

user32

EnumChildWindows
SetWindowTextA
GetClassNameA
GetWindowTextA
wsprintfA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateGuid
CoInitialize
CoUninitialize

oleaut32

LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysFreeString
VariantCopy
VariantChangeType
VariantClear

wininet

InternetCloseHandle
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetOpenA
InternetOpenUrlA

atl

ord18
ord15
ord57
ord21
ord31
ord32
ord58
ord30
ord16
ord23

ws2_32

htons
inet_addr
ioctlsocket
socket
sendto
recvfrom
WSAStartup

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

81c812ed76d4690c8678b3a4f0737a5f

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

advapi32

shell32

ole32

version

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 108KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 6KB - Virtual size: 8KB

dfb06052e74b26a42b0e490bd1c07959

Code Sign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59Certificate

Extended Key Usages

Key Usages

80:6f:a6:75:2e:a7:99:c7:88:4a:b6:19:c6:9d:7e:4f:b8:ee:22:08Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 112KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 14KB - Virtual size: 13KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 108KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 6KB - Virtual size: 8KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

80:6f:a6:75:2e:a7:99:c7:88:4a:b6:19:c6:9d:7e:4f:b8:ee:22:08
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 112KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 14KB - Virtual size: 13KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 92B

.reloc
Size: 512B - Virtual size: 496B

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66
Signer

.text
Size: 108KB - Virtual size: 107KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 12KB - Virtual size: 56KB

Shared
Size: 4KB - Virtual size: 52B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 12KB - Virtual size: 9KB

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

76:1d:3a:4f:d3:25:82:ce:e7:46:eb:ee:92:86:c9:59
Certificate

31:ed:df:b5:ea:74:35:6e:20:27:81:e1:74:7f:d8:2d:5b:33:82:66
Signer