31151a90a011c05239d9382943fd972a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

31151a90a011c05239d9382943fd972a_JaffaCakes118
Size

5.3MB
MD5

31151a90a011c05239d9382943fd972a
SHA1

c28823aa1a26411782937e5ee7dcdbbb5d844d66
SHA256

e60aea3de7a184da9ffe6ab259ac9d8df4f766b7073425e1b9a0c38cba47e6a0
SHA512

e206e29f44cc239833416cda5433c59ed3ec4a74a78c5c2c5afe7b4c82903126c99dc1398ac56570a6fa5e6ba551ec80ee29a6830bb50eb201688e3a5c238f90
SSDEEP

98304:Kg8H+KNKS6r/5rdZhydaId1qqnkdSaNkMS+fHAy0VHzZlh3zXW4Y:J8HT6r/5xZ0dp1qqnk4aeMS+fgymlTmt

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ButtonEvent.dll
unpack001/$PLUGINSDIR/ExecCmd.dll
unpack001/$PLUGINSDIR/ExecDos.dll
unpack001/$PLUGINSDIR/FindProcDLL.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack001/$PLUGINSDIR/nsisXML.dll
unpack001/$SYSDIR/$SYSDIR/Funshion.scr
unpack001/$TEMP/$SYSDIR/Funshion.scr
unpack001/CoreAAC.ax
unpack001/cook.dll
unpack001/coreavc.ax
unpack001/drvc.dll
unpack001/pncrt.dll
unpack001/pndx5032.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

31151a90a011c05239d9382943fd972a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

6c:ff:a6:38:23:ac:cd:2f:f8:03:d1:6f:61:39:32:49:bb:ac:98:17
Signer

Actual PE Digest

6c:ff:a6:38:23:ac:cd:2f:f8:03:d1:6f:61:39:32:49:bb:ac:98:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 256KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ButtonEvent.dll
.dll windows:4 windows x86 arch:x86

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GlobalAlloc
lstrcpyA
lstrcpynA
GlobalFree

user32

PostMessageA
CallWindowProcA
GetDlgItem
FindWindowExA
SetWindowLongA
wsprintfA

Exports

Exports

AddEventHandler
Unload
UnsetEventHandler
WhichButtonId

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecCmd.dll
.dll windows:4 windows x86 arch:x86

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
OpenProcess
CloseHandle
GetProcAddress
LoadLibraryA
GetVersionExA
GlobalFree
TerminateProcess
GetExitCodeProcess
WaitForSingleObject
Sleep
CreateProcessA
GlobalAlloc
GetExitCodeThread
lstrcpyA
lstrcpynA
CreateThread
lstrcatA
GetEnvironmentVariableA
lstrcmpiA

user32

SendMessageA
EnumWindows
WaitForInputIdle
wsprintfA
GetWindowThreadProcessId

Exports

Exports

exec
wait

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 802B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 142B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:4 windows x86 arch:x86

2dfc6a992d004b736e85c64219a88b4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
TerminateProcess
Sleep
lstrcatA
lstrcmpiA
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileA
FlushFileBuffers
WriteFile
lstrlenA
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
CreatePipe
GlobalAlloc
lstrcpynA
GetExitCodeThread
WaitForSingleObject
lstrcpyA
CreateThread

user32

wsprintfA
GetClassNameA
GetDlgItem
FindWindowExA
SendMessageA

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 266B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
HeapCreate
VirtualFree
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
FreeLibrary
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
DisableThreadLibraryCalls
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetACP
GetOEMCP
WriteFile
VirtualAlloc
RtlUnwind
GetStringTypeA
GetStringTypeW
GetCPInfo

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstPath.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 836B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WelcomePage.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

e57536e0d3500471d52df7cea0d65a39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GetTickCount
Sleep
lstrcatA
lstrlenA
CloseHandle
ReadFile
CreateFileA

user32

wsprintfA

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 134B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsisXML.dll
.dll windows:4 windows x86 arch:x86

d9ee494a2a7b0d46616d9537ef3d8431

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
InterlockedIncrement
GlobalFree
WideCharToMultiByte
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
LocalFree

user32

wsprintfA

ole32

CoCreateInstance
CoInitialize

oleaut32

VariantClear
GetErrorInfo
VariantCopy
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysAllocString

msvcrt

memcpy
_onexit
__dllonexit
_adjust_fdiv
malloc
_initterm
free
_CxxThrowException
__CxxFrameHandler
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z
??1type_info@@UAE@XZ

Exports

Exports

appendChild
create
createElement
createProcessingInstruction
getAttribute
getText
insertBefore
load
loadAndValidate
parentNode
removeChild
save
select
setAttribute
setDocumentElement
setText

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 586B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROFILE/funshion.ini
$PROFILE/funshion/cache/Cacheflash/blankFs.swf
$PROFILE/funshion/cache/Cacheflash/donghuanew_18.swf
$SYSDIR/$SYSDIR/Funshion.scr
.exe windows:4 windows x86 arch:x86

a0aa13e67c3e94f81085a6db2623a4fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionA
HttpQueryInfoW
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlW

dbghelp

MakeSureDirectoryPathExists

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetModuleFileNameW
FreeResource
CloseHandle
WriteFile
SizeofResource
CreateFileW
LockResource
LoadResource
FindResourceW
DeleteFileW
lstrcmpiW
GetCurrentThreadId
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
SetLastError
MultiByteToWideChar
lstrlenW
lstrcmpW
MulDiv
InterlockedIncrement
InterlockedDecrement
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GlobalHandle
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
LoadLibraryW
LoadLibraryA
IsValidLocale
WideCharToMultiByte
WaitForSingleObject
GetModuleFileNameA
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
GetModuleHandleA
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
TlsAlloc
WriteConsoleW
CreateFileA
TlsSetValue
TlsFree
GetStdHandle
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId

user32

CharNextW
GetClassNameW
RedrawWindow
IsWindow
IsChild
ReleaseDC
GetFocus
DestroyAcceleratorTable
EndPaint
BeginPaint
GetWindowTextLengthW
GetDC
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
ReleaseCapture
SetFocus
SetCapture
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
InvalidateRect
GetParent
GetWindowRect
GetWindowLongW
SystemParametersInfoW
MapWindowPoints
SetWindowLongW
IsDialogMessageW
SetWindowContextHelpId
SendMessageW
GetDlgItem
ShowWindow
SetWindowPos
MoveWindow
PostMessageW
CreateWindowExW
MapDialogRect
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
DestroyWindow
FillRect
DefWindowProcW
PostQuitMessage
GetSystemMetrics
LoadImageW
GetDesktopWindow
GetClientRect
GetCursorPos
InvalidateRgn
CallWindowProcW
CreateDialogIndirectParamW
RegisterClassExW
UnregisterClassA
GetSysColor

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
GetObjectW

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW

ole32

OleUninitialize
OleInitialize
CoGetClassObject
CreateStreamOnHGlobal
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
GetErrorInfo
SysFreeString

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$SYSDIR/funshion.ini
$TEMP/$SYSDIR/Funshion.scr
.exe windows:4 windows x86 arch:x86

a0aa13e67c3e94f81085a6db2623a4fd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetOptionA
HttpQueryInfoW
InternetOpenA
InternetGetConnectedState
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
InternetOpenUrlW

dbghelp

MakeSureDirectoryPathExists

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetModuleFileNameW
FreeResource
CloseHandle
WriteFile
SizeofResource
CreateFileW
LockResource
LoadResource
FindResourceW
DeleteFileW
lstrcmpiW
GetCurrentThreadId
RaiseException
GlobalUnlock
GlobalLock
GlobalAlloc
GetLastError
DeleteCriticalSection
FlushInstructionCache
GetCurrentProcess
SetLastError
MultiByteToWideChar
lstrlenW
lstrcmpW
MulDiv
InterlockedIncrement
InterlockedDecrement
FindResourceExW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GlobalFree
GlobalHandle
GetModuleHandleW
FreeLibrary
LoadLibraryExW
GetProcAddress
LoadLibraryW
LoadLibraryA
IsValidLocale
WideCharToMultiByte
WaitForSingleObject
GetModuleFileNameA
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
ExitProcess
GetModuleHandleA
Sleep
HeapSize
HeapReAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetVersionExA
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
TlsAlloc
WriteConsoleW
CreateFileA
TlsSetValue
TlsFree
GetStdHandle
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
FlushFileBuffers
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId

user32

CharNextW
GetClassNameW
RedrawWindow
IsWindow
IsChild
ReleaseDC
GetFocus
DestroyAcceleratorTable
EndPaint
BeginPaint
GetWindowTextLengthW
GetDC
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
ReleaseCapture
SetFocus
SetCapture
GetWindowTextW
SetWindowTextW
RegisterWindowMessageW
GetClassInfoExW
LoadCursorW
InvalidateRect
GetParent
GetWindowRect
GetWindowLongW
SystemParametersInfoW
MapWindowPoints
SetWindowLongW
IsDialogMessageW
SetWindowContextHelpId
SendMessageW
GetDlgItem
ShowWindow
SetWindowPos
MoveWindow
PostMessageW
CreateWindowExW
MapDialogRect
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetWindow
DestroyWindow
FillRect
DefWindowProcW
PostQuitMessage
GetSystemMetrics
LoadImageW
GetDesktopWindow
GetClientRect
GetCursorPos
InvalidateRgn
CallWindowProcW
CreateDialogIndirectParamW
RegisterClassExW
UnregisterClassA
GetSysColor

gdi32

CreateSolidBrush
DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetStockObject
GetObjectW

advapi32

RegCloseKey
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW

ole32

OleUninitialize
OleInitialize
CoGetClassObject
CreateStreamOnHGlobal
CoInitialize
CLSIDFromProgID
CLSIDFromString
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SysStringLen
SysAllocString
VariantInit
VariantClear
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
GetErrorInfo
SysFreeString

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/Dump.dll
.dll windows:4 windows x86 arch:x86

fc9d417bdd3ba937f8bb7fe99b2f0426

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

48:2e:42:51:0b:66:c3:7a:bb:d9:54:87:5d:30:61:fa:11:c9:7d:a1
Signer

Actual PE Digest

48:2e:42:51:0b:66:c3:7a:bb:d9:54:87:5d:30:61:fa:11:c9:7d:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\Dump-vc80-mt.pdb

Imports

shell32

SHGetSpecialFolderPathW

wininet

InternetReadFile
HttpQueryInfoW
HttpQueryInfoA
InternetOpenUrlW

dbghelp

MakeSureDirectoryPathExists

kernel32

GetThreadLocale
ReleaseMutex
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetLastError
GetTickCount
OutputDebugStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetProcAddress
FindResourceExW
SizeofResource
LockResource
FindResourceW
LoadResource
LoadLibraryA
WriteFile
DeleteFileW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetLocaleInfoW
SetStdHandle
CreateFileA
WriteConsoleA

user32

UnregisterClassA

shlwapi

PathRemoveFileSpecW
PathFileExistsA

Exports

Exports

?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
?dump_info@dump@@YAHJABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
destroy_config_center
dump
dump_initialize
if_dump
init_config_center
log_output
lvalue
lvalue_of
svalue
svalue_of
ulvalue_of

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/funshion.ini
$TEMP/getmacaddress.dll
.dll windows:4 windows x86 arch:x86

63db1edf9502ffaa36498ff9a96fa7ad

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

6b:8b:7e:a1:c0:56:77:76:5b:24:f1:3a:78:03:f7:c6:30:6d:82:32
Signer

Actual PE Digest

6b:8b:7e:a1:c0:56:77:76:5b:24:f1:3a:78:03:f7:c6:30:6d:82:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\GetMACAddress-vc80-mt.pdb

Imports

iphlpapi

GetBestRoute
GetBestInterface
GetIpAddrTable
GetIfTable

ws2_32

gethostbyname
gethostname
htons
htonl

kernel32

SetEndOfFile
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
EnterCriticalSection
HeapAlloc
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/installfilescn.bmp
$TEMP/installfilesen.bmp
$TEMP/installpathcn.bmp
$TEMP/installpathen.bmp
$TEMP/instpath.ini
$TEMP/licensecn.bmp
$TEMP/licenseen.bmp
$TEMP/nicdescr.dat
$TEMP/partner.ini
$TEMP/showfinishcn.bmp
$TEMP/showfinishen.bmp
$TEMP/welcome.bmp
$TEMP/welcomekugou.bmp
$TEMP/welcomepage.ini
$TEMP/xml2fspdata.exe
.exe windows:4 windows x86 arch:x86

87d7ff083b0bdf1af3c3bf0315b95f36

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

72:df:19:2e:0c:29:65:45:f6:45:98:9f:ca:6e:8a:9b:ca:80:d7:5d
Signer

Actual PE Digest

72:df:19:2e:0c:29:65:45:f6:45:98:9f:ca:6e:8a:9b:ca:80:d7:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build2.4.1\symbols\xml2fspdata.pdb

Imports

shlwapi

PathRemoveExtensionW

ws2_32

htonl
htons
ntohl
ntohs

kernel32

SetEndOfFile
MultiByteToWideChar
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
DeleteFileW
HeapFree
HeapAlloc
HeapReAlloc
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
WriteFile
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetFilePointer
ReadFile
CloseHandle
FlushFileBuffers
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
ExitProcess
GetModuleFileNameA
HeapSize
Sleep
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
InitializeCriticalSection
CreateFileW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
CreateFileA

advapi32

IsTextUnicode

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CoreAAC.ax
.dll regsvr32 windows:4 windows x86 arch:x86

d52e386cb07e1e13a6b9de526bbe1d78

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

free
_onexit
_adjust_fdiv
_initterm
malloc
__dllonexit
memcmp
__CxxFrameHandler
_purecall
memset
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
_errno
fputs
_iob
qsort
pow
memmove
_except_handler3

winmm

timeGetTime
timeSetEvent

kernel32

SetEvent
GetSystemInfo
VirtualAlloc
CreateSemaphoreA
ReleaseSemaphore
SetErrorMode
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
FreeLibrary
InterlockedDecrement
LoadLibraryA
CloseHandle
CreateEventA
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
MultiByteToWideChar
WaitForMultipleObjects
WaitForSingleObject
GetTickCount
lstrcmpiA
InterlockedExchange
CreateThread
VirtualFree
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
GetModuleHandleA
GetLastError
WideCharToMultiByte
GetProcAddress
GetThreadPriority
SetThreadPriority
GetACP
GetCurrentThread

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegSetValueA
RegCreateKeyA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

user32

KillTimer
CheckDlgButton
GetWindowLongA
SetTimer
IsDlgButtonChecked
CreateDialogParamA
MoveWindow
SetWindowLongA
ShowWindow
DestroyWindow
DefWindowProcA
SetDlgItemTextA
MsgWaitForMultipleObjects
wvsprintfA
PostThreadMessageA
wsprintfA
GetQueueStatus
DispatchMessageA
LoadStringA
LoadStringW
GetWindowRect
GetDesktopWindow
PeekMessageA
InvalidateRect
RegisterWindowMessageA

ole32

StringFromGUID2
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemAlloc

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 272KB - Virtual size: 271KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CrashReport.exe
.exe windows:4 windows x86 arch:x86

80d0b61b1551f5566ef99ea66526f218

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

90:ac:e2:62:28:25:27:43:44:e9:01:80:3f:89:a1:2f:86:3f:5f:43
Signer

Actual PE Digest

90:ac:e2:62:28:25:27:43:44:e9:01:80:3f:89:a1:2f:86:3f:5f:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpPutFileA
InternetConnectA
InternetOpenA
InternetCloseHandle
FtpSetCurrentDirectoryA

kernel32

EnterCriticalSection
lstrcmpiW
SetLastError
lstrlenW
GetCurrentProcess
FlushInstructionCache
RaiseException
FindResourceW
GetThreadLocale
LoadLibraryExW
FreeLibrary
LeaveCriticalSection
SetThreadLocale
InterlockedIncrement
GetModuleHandleW
DeleteCriticalSection
LoadResource
CloseHandle
CreateFileA
ReadFile
GetPrivateProfileStringA
GetSystemTime
GetModuleFileNameA
InterlockedDecrement
GetStringTypeA
LCMapStringW
LCMapStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
SetStdHandle
IsValidCodePage
GetOEMCP
GetLastError
GetCPInfo
FlushFileBuffers
SetFilePointer
GetConsoleMode
GetConsoleCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSection
GetCurrentThreadId
GetStringTypeW
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
WritePrivateProfileStringW
DeleteFileA
HeapSize
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
LoadLibraryA
IsProcessorFeaturePresent
SetEndOfFile
InterlockedExchange
WriteFile
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
RtlUnwind
Sleep
GetFileType
GetACP
InterlockedCompareExchange
GetProcAddress
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
TerminateProcess
IsDebuggerPresent
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle

user32

GetWindow
GetWindowRect
IsDialogMessageW
DestroyWindow
GetDlgItem
GetParent
ShowWindow
CreateDialogParamW
PeekMessageW
SetWindowPos
PostQuitMessage
CharNextW
TranslateMessage
SendMessageW
LoadImageW
GetClientRect
SetWindowLongW
GetWindowLongW
GetMessageW
DispatchMessageW
GetSystemMetrics
SystemParametersInfoW
LoadIconW
MapWindowPoints
DefWindowProcW
UnregisterClassA

gdi32

GetStockObject
DeleteObject
CreateFontW

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoInitialize

oleaut32

VarUI4FromStr

shlwapi

PathFileExistsW
PathFindFileNameA
PathRemoveFileSpecA
PathRemoveFileSpecW

comctl32

InitCommonControlsEx

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Dump.dll
.dll windows:4 windows x86 arch:x86

fc9d417bdd3ba937f8bb7fe99b2f0426

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

48:2e:42:51:0b:66:c3:7a:bb:d9:54:87:5d:30:61:fa:11:c9:7d:a1
Signer

Actual PE Digest

48:2e:42:51:0b:66:c3:7a:bb:d9:54:87:5d:30:61:fa:11:c9:7d:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\Dump-vc80-mt.pdb

Imports

shell32

SHGetSpecialFolderPathW

wininet

InternetReadFile
HttpQueryInfoW
HttpQueryInfoA
InternetOpenUrlW

dbghelp

MakeSureDirectoryPathExists

kernel32

GetThreadLocale
ReleaseMutex
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
CloseHandle
TerminateThread
WaitForSingleObject
Sleep
GetPrivateProfileIntW
GetPrivateProfileSectionW
GetLastError
GetTickCount
OutputDebugStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
lstrcpyW
GetModuleFileNameA
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetProcAddress
FindResourceExW
SizeofResource
LockResource
FindResourceW
LoadResource
LoadLibraryA
WriteFile
DeleteFileW
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitThread
GetCurrentThreadId
CreateThread
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapFree
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
GetStringTypeA
GetStringTypeW
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
ExitProcess
GetACP
GetOEMCP
IsValidCodePage
GetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
GetLocaleInfoW
SetStdHandle
CreateFileA
WriteConsoleA

user32

UnregisterClassA

shlwapi

PathRemoveFileSpecW
PathFileExistsA

Exports

Exports

?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
?dump_info@dump@@YAHJABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
destroy_config_center
dump
dump_initialize
if_dump
init_config_center
log_output
lvalue
lvalue_of
svalue
svalue_of
ulvalue_of

Sections

.text
Size: 192KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Encrypt.dll
.dll windows:4 windows x86 arch:x86

9db75371d7554a8ca5b7e27a94fca919

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

1e:31:72:21:9a:c9:ba:81:a3:95:05:5f:09:9f:85:f7:c7:60:0a:94
Signer

Actual PE Digest

1e:31:72:21:9a:c9:ba:81:a3:95:05:5f:09:9f:85:f7:c7:60:0a:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\Encrypt.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

Decrypt
Encrypt
SHA_Add_p5
md5_append
md5_digest
md5_finish
md5_init

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Funshion-install.ico
Funshion.exe
.exe windows:4 windows x86 arch:x86

1a2acff5dc0d532f1818f371419a2e49

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

09:92:cd:17:f3:1f:0c:53:b0:1c:3e:77:9a:05:cc:a5:0d:3f:3a:ac
Signer

Actual PE Digest

09:92:cd:17:f3:1f:0c:53:b0:1c:3e:77:9a:05:cc:a5:0d:3f:3a:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build2.4.1\symbols\Funshion.pdb

Imports

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

shlwapi

PathIsRelativeW
PathRemoveBackslashW
StrCatW
PathRemoveArgsW
PathRemoveExtensionW
PathAddExtensionW
PathFileExistsA
PathRenameExtensionW
PathAppendW
PathRemoveFileSpecA
PathFileExistsW
PathRemoveFileSpecW

ws2_32

gethostname
ioctlsocket
WSASetLastError
ntohs
getservbyname
gethostbyname
htons
gethostbyaddr
htonl
closesocket
getservbyport
ntohl
inet_ntoa
inet_addr
WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
socket
recv
connect
send
select

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenUrlW
HttpSendRequestExW
HttpOpenRequestA
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectA
InternetSetOptionW
InternetQueryOptionW
InternetOpenA
InternetQueryDataAvailable
HttpAddRequestHeadersA
HttpQueryInfoW
InternetGetCookieW
InternetCloseHandle
HttpQueryInfoA
InternetSetCookieW
HttpEndRequestW

iphlpapi

GetAdaptersInfo
GetIfEntry
GetBestInterface

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetProcessMemoryInfo

shell32

SHAppBarMessage
DragQueryFileW
Shell_NotifyIconW
SHGetFolderPathW
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetMalloc
ord51
SHChangeNotify
ShellExecuteW
ord165
SHGetPathFromIDListW

encrypt

ord4
md5_init
ord2
ord3
md5_append
md5_finish

getmacaddress

GetMACAddress

winmm

mixerGetLineInfoW
mixerGetControlDetailsW
mixerOpen
mixerClose
mixerGetLineControlsW

kernel32

GetCurrentProcess
FlushInstructionCache
FindResourceW
MultiByteToWideChar
SizeofResource
LockResource
GetLastError
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
WideCharToMultiByte
CreateFileA
DeviceIoControl
CloseHandle
HeapAlloc
GetProcessHeap
HeapFree
lstrlenW
lstrcpyW
DeleteFileW
CompareStringW
MulDiv
GlobalAlloc
InterlockedDecrement
GlobalLock
InitializeCriticalSection
GlobalUnlock
InterlockedIncrement
InterlockedExchange
GetModuleFileNameW
lstrcmpW
GlobalHandle
GlobalFree
DeleteCriticalSection
GetTickCount
lstrlenA
FindFirstFileW
FindNextFileW
FindClose
lstrcpynW
GetVersionExW
GetDriveTypeW
CreateDirectoryW
GetSystemDirectoryW
GetFileAttributesExW
GetDiskFreeSpaceExW
Sleep
CopyFileW
GetModuleFileNameA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetComputerNameW
CreateFileW
WaitForSingleObject
SetFilePointer
WriteFile
lstrcmpiW
GetModuleHandleW
FindFirstFileA
CreateDirectoryA
FindNextFileA
LeaveCriticalSection
MoveFileA
LoadLibraryExW
SetThreadLocale
CreateEventW
MoveFileExW
FreeLibrary
lstrcpynA
GetSystemInfo
GlobalMemoryStatus
GetProcAddress
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
LoadLibraryW
SetThreadPriority
DeleteFileA
TerminateProcess
OpenProcess
GetCurrentProcessId
FreeResource
GetFileSize
ReadFile
SetThreadExecutionState
TerminateThread
SetThreadAffinityMask
QueryPerformanceCounter
CreatePipe
CreateProcessW
GetThreadLocale
OutputDebugStringW
QueryPerformanceFrequency
SetEvent
CreateThread
LoadLibraryA
GetSystemDirectoryA
ExpandEnvironmentStringsW
InterlockedCompareExchange
SetUnhandledExceptionFilter
HeapValidate
DebugBreak
HeapDestroy
HeapCreate
ResetEvent
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
EnterCriticalSection
GetCurrentThreadId
FindResourceExW
RaiseException
SetLastError
LoadResource
GetVersionExA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapSize
GetACP
GetLocaleInfoA
UnhandledExceptionFilter
IsDebuggerPresent
ExitThread
ReleaseSemaphore
CreateSemaphoreA
FormatMessageA
LocalFree
GetStringTypeA
GetStringTypeW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThread
GetOEMCP
IsValidCodePage
FatalAppExitA
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
ReleaseMutex
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
CreateMutexA
SetEnvironmentVariableA
CompareStringA
SetEndOfFile
ExitProcess
GetModuleHandleA
GetCPInfo
LCMapStringW
LCMapStringA
GetLocalTime
GetStartupInfoW
GetFullPathNameW
RtlUnwind
GetSystemTimeAsFileTime
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetLocaleInfoW
GetDriveTypeA
GetFullPathNameA
CopyFileA

user32

SendMessageA
UpdateWindow
SetCursor
GetCapture
GetDlgCtrlID
EnumChildWindows
IsWindowEnabled
MessageBeep
SetLayeredWindowAttributes
EnumDisplayMonitors
MonitorFromRect
GetDlgItemInt
SetDlgItemInt
GetDlgItemTextW
GetScrollInfo
SetScrollInfo
DrawFocusRect
ExitWindowsEx
LoadBitmapW
ScrollWindow
GetMenuItemID
GetScrollPos
SetScrollPos
GetScrollRange
DestroyIcon
PostThreadMessageW
GetMenuItemCount
DestroyMenu
PostQuitMessage
LoadStringA
GetWindowPlacement
IsZoomed
GetDoubleClickTime
GetCursorPos
CreateDialogParamW
SetDlgItemTextW
DispatchMessageW
PeekMessageW
SetForegroundWindow
FindWindowW
wsprintfW
LoadImageW
MessageBoxA
GetMessageW
TranslateMessage
ShowCursor
CopyRect
PtInRect
CloseClipboard
SetClipboardData
IsIconic
GetSysColorBrush
EmptyClipboard
OpenClipboard
DdeNameService
DdeConnect
DdeCreateStringHandleW
DdeInitializeW
DdeDisconnect
DdeGetData
InflateRect
KillTimer
GetMonitorInfoW
EnableWindow
IsChild
SetCapture
GetFocus
ReleaseCapture
PostMessageW
IsWindowVisible
RegisterWindowMessageW
GetWindowTextLengthW
CreateDialogIndirectParamW
GetSystemMetrics
InvalidateRgn
GetSysColor
GetWindowTextW
SetFocus
GetClassNameW
GetDesktopWindow
DestroyAcceleratorTable
DestroyWindow
CallWindowProcW
CharNextW
DefWindowProcW
ClientToScreen
FillRect
RedrawWindow
BeginPaint
OffsetRect
LoadCursorW
MoveWindow
SetWindowTextW
ReleaseDC
MessageBoxW
GetDlgItem
GetDC
SetWindowRgn
ScreenToClient
DrawTextW
CreateWindowExW
GetClassInfoExW
BringWindowToTop
InvalidateRect
EndPaint
RegisterClassExW
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
IsDialogMessageW
IsWindow
SetWindowLongW
EndDialog
GetWindowRect
GetWindowLongW
GetWindow
SystemParametersInfoW
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
DialogBoxParamW
GetActiveWindow
SendMessageW
SetRectEmpty
SendDlgItemMessageW
MapDialogRect
SetWindowContextHelpId
IsRectEmpty
EqualRect
SetRect
IntersectRect
TrackPopupMenu
ModifyMenuW
DeleteMenu
InsertMenuW
GetSubMenu
CheckMenuRadioItem
GetMenuStringW
GetMenuState
EnableMenuItem
CheckMenuItem
LoadMenuW
SetParent
GetWindowDC
DrawIcon
UnregisterClassA
LoadIconW
RemoveMenu
AppendMenuW
CreatePopupMenu
TrackPopupMenuEx
LoadStringW
GetMenuItemInfoW
FlashWindow
SetTimer
GetKeyState
CreateAcceleratorTableW

gdi32

Arc
CreateDIBSection
GetTextMetricsW
ExcludeClipRect
CreateRectRgn
CreateBitmap
SetBrushOrgEx
SetBkColor
CreatePatternBrush
SetPixel
Rectangle
GetTextExtentPoint32W
StretchBlt
LineTo
MoveToEx
TextOutW
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
GetDeviceCaps
GetPixel
DPtoLP
GetCurrentObject
SetTextAlign
CreatePen
OffsetRgn
ExtTextOutW
GetStockObject
SetBkMode
DeleteDC
SetTextColor
SelectObject
DeleteObject
CreateRoundRectRgn
CombineRgn
RoundRect

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCreateKeyExA
RegSetValueExA
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegQueryValueExA
RegOpenKeyW
RegEnumKeyW
RegOpenKeyExA
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW

ole32

CoInitialize
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2
OleUninitialize
OleInitialize
CoGetClassObject
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
StgOpenStorageEx
OleLockRunning

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantInit
SysAllocStringByteLen
GetErrorInfo
VariantChangeType
CreateErrorInfo
SysStringByteLen
LoadTypeLi
VariantClear
SysAllocStringLen
OleCreateFontIndirect
VarUI4FromStr
DispCallFunc
OleLoadPicture
SetErrorInfo
LoadRegTypeLi

comctl32

ImageList_GetImageCount
ImageList_GetIconSize
ImageList_AddMasked
ImageList_Create
ImageList_Destroy
ImageList_Draw
ImageList_GetImageInfo
InitCommonControlsEx
_TrackMouseEvent

msimg32

GradientFill
TransparentBlt
AlphaBlend

pdh

PdhAddCounterW
PdhCollectQueryData
PdhGetFormattedCounterValue
PdhCloseQuery
PdhOpenQueryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 412KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FunshionAddr/ASBarBroker.exe
.exe windows:4 windows x86 arch:x86

8cb73f23fc4ffce04345bba981c347fe

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

88:51:89:e8:e8:95:4d:3a:72:ab:63:d9:79:2f:96:2f:80:c3:f4:da
Signer

Actual PE Digest

88:51:89:e8:e8:95:4d:3a:72:ab:63:d9:79:2f:96:2f:80:c3:f4:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

OutputDebugStringW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
Sleep
GetProcAddress
LoadLibraryW
GetLongPathNameW
GetCurrentThreadId
GetCommandLineW
EnterCriticalSection
LeaveCriticalSection
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
DebugBreak
GetShortPathNameW
OpenProcess
CreateFileW
DeviceIoControl
GetVersionExW
GlobalFree
GlobalAlloc
GetCurrentProcess
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
lstrlenA
InterlockedIncrement
GetModuleFileNameW
CreateEventW
CreateThread
SetEvent
lstrcmpiW
InterlockedDecrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WideCharToMultiByte
WaitForSingleObject
CloseHandle
VirtualAllocEx
GetConsoleCP
SetFilePointer
LoadLibraryA
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetVersionExA
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcessHeap
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError

user32

GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
CharNextW
PostThreadMessageW
UnregisterClassA
CharLowerBuffW

advapi32

RegCreateKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoRegisterClassObject
CoRevokeClassObject
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

oleaut32

SysAllocString
LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
SysStringLen
SysFreeString
VarUI4FromStr

shlwapi

PathFileExistsW
StrCmpNIW
SHGetValueW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FunshionAddr/conf.xml
.xml
FunshionAddr/funshionAddr.dll
.dll regsvr32 windows:4 windows x86 arch:x86

c6079cff13dd538f8c2b93227d9d6d6c

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b
Signer

Actual PE Digest

75:89:34:12:13:d9:2b:24:2c:7a:e1:e9:e8:d0:6c:bb:6d:cb:07:0b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\cygwin\home\scmpf\compiler_src\pupeng_213326_win32\app\gensoft\bar\address-search\Res\Chinese\Baidudg\AddressBar.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

gethostname
WSAStartup
gethostbyname
inet_ntoa
WSACleanup

shlwapi

StrDupW
PathRemoveFileSpecW
StrCmpNW
UrlCanonicalizeW
UrlUnescapeA
StrCmpIW
PathRemoveFileSpecA
PathIsDirectoryA
SHDeleteValueW
PathFileExistsW
StrStrIW
SHGetValueW
StrCpyNW
SHDeleteKeyW
SHSetValueW

dbghelp

ImageDirectoryEntryToData

winmm

timeGetTime

iphlpapi

GetAdaptersInfo
GetNetworkParams

wininet

InternetConnectA
InternetConnectW
HttpOpenRequestA
HttpOpenRequestW
InternetCloseHandle
InternetSetStatusCallbackA
InternetSetStatusCallbackW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
DeleteUrlCacheEntryW
InternetGetCookieW
InternetCrackUrlW
InternetOpenUrlW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
GetUrlCacheEntryInfoW

rpcrt4

UuidCreate

setupapi

SetupIterateCabinetW

imm32

ImmGetOpenStatus
ImmGetDefaultIMEWnd
ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmGetCompositionWindow

kernel32

GetConsoleCP
GetModuleFileNameA
GetConsoleMode
LoadLibraryA
LoadLibraryW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
RaiseException
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
InterlockedIncrement
OutputDebugStringW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiW
LoadLibraryExW
lstrlenA
DebugBreak
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
DisableThreadLibraryCalls
LocalFree
CloseHandle
ResumeThread
SetThreadPriority
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteFileW
GetACP
GetCurrentThreadId
WideCharToMultiByte
GetTickCount
GlobalUnlock
GlobalLock
CreateFileW
DeviceIoControl
GetVersionExW
FlushInstructionCache
GetCurrentProcess
lstrcmpW
SwitchToThread
GetCurrentProcessId
GetCommandLineW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
MoveFileExW
CreateDirectoryW
GetCurrentDirectoryA
GetSystemDirectoryW
GetLongPathNameW
TerminateThread
CopyFileW
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
TryEnterCriticalSection
GetLocalTime
CompareStringW
GetWindowsDirectoryW
QueryPerformanceCounter
QueryPerformanceFrequency
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetFilePointer
ReadFile
SystemTimeToFileTime
LocalFileTimeToFileTime
GetCurrentDirectoryW
SetFileTime
WriteFile
GetTempFileNameW
GetTempPathW
LockResource
GlobalFree
GlobalAlloc
SetErrorMode
GetFileSize
FileTimeToSystemTime
GetShortPathNameW
lstrcatW
lstrcpyW
WritePrivateProfileStringW
FindNextFileW
FindClose
FindFirstFileW
FreeResource
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
lstrcmpiA
GetFileInformationByHandle
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
LocalAlloc
GetProcessHeap
GlobalReAlloc
GetFileAttributesA
DeleteFileA
AreFileApisANSI
CreateFileA
GetTempPathA
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
CreateThread
FileTimeToLocalFileTime
GetDriveTypeW
GetDriveTypeA
GetEnvironmentStrings
FindFirstFileA
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentThread
HeapDestroy
HeapCreate
FatalAppExitA
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetConsoleCtrlHandler
InterlockedExchange
GetLocaleInfoW
SetStdHandle
ExitThread
IsDebuggerPresent
GetVersionExA
InterlockedCompareExchange
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
RtlUnwind
TerminateProcess
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
UnhandledExceptionFilter
RemoveDirectoryW
SetUnhandledExceptionFilter

user32

GetCapture
CreateIconFromResourceEx
CharLowerBuffW
SetForegroundWindow
GetForegroundWindow
AttachThreadInput
GetClassLongW
KillTimer
SetTimer
wsprintfW
RemovePropW
SetPropW
GetPropW
OffsetRect
SetCursor
IsWindowEnabled
GetWindowDC
ScreenToClient
MoveWindow
GetWindowTextLengthW
SetFocus
GetWindow
MapWindowPoints
SetWindowPos
GetDlgItem
EndDialog
MessageBoxW
CharLowerW
FindWindowW
SetWindowTextW
GetActiveWindow
DialogBoxParamW
FindWindowExW
PostThreadMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDlgCtrlID
IsWindowVisible
EnumChildWindows
GetKeyState
GetClassNameW
GetParent
GetWindowThreadProcessId
WindowFromPoint
GetWindowRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DestroyWindow
PtInRect
LoadCursorW
IsWindow
ShowWindow
PostMessageW
UpdateWindow
SetRectEmpty
CreateDialogParamW
BeginPaint
EndPaint
RegisterWindowMessageW
InvalidateRect
FillRect
GetClientRect
SystemParametersInfoW
GetWindowTextW
ReleaseDC
GetDC
GetFocus
CharLowerBuffA
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
DefWindowProcW
GetWindowLongW
SetWindowLongW
CharNextW
LoadIconW
GetSysColor
DrawFocusRect
LoadStringW
InflateRect
CopyRect
DrawTextW
SendMessageW
DrawIconEx
SetScrollPos
ReleaseCapture
UpdateLayeredWindow
SetRect
GetSystemMetrics
RegisterClassW
SetCapture
DestroyIcon
GetScrollInfo
SetScrollInfo
ShowScrollBar
PeekMessageW
GetDesktopWindow
CharUpperBuffW
CharUpperW
MonitorFromRect
GetMonitorInfoW
GetCursorPos
LoadImageW
UnregisterClassA
CallWindowProcW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
DeleteDC
SelectObject
TextOutW
DeleteObject
ExtCreateRegion
CombineRgn
SetStretchBltMode
StretchBlt
GetDIBits
SetTextColor
SetBkMode
SetBkColor
GetPixel
ExtTextOutW
GetTextExtentPointW
BitBlt
CreateCompatibleDC
CreateDIBSection
CreateFontW
GetStockObject
GetCurrentObject
MoveToEx
CreateCompatibleBitmap
LineTo
CreatePen
GetObjectW
CreateSolidBrush

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDuplicateKey
CryptDecrypt
CryptEncrypt
RegOpenKeyW
RegEnumKeyExA
RegEnumKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
CryptDestroyKey
RegQueryValueExW
RegCreateKeyW
ConvertStringSecurityDescriptorToSecurityDescriptorW

shell32

ShellExecuteW
SHGetFolderPathW
ShellExecuteExW
ExtractIconW
SHGetSpecialFolderPathW
DragQueryFileA
ord85

ole32

GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoGetClassObject
RevokeDragDrop
CoInitialize
CoUninitialize
ReleaseStgMedium
RegisterDragDrop
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
OleInitialize

oleaut32

SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
LoadRegTypeLi
VariantInit
SysFreeString
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreate
VariantCopy
SysStringLen
VariantClear
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

msimg32

AlphaBlend

urlmon

CoInternetGetSession

Exports

Exports

DllCanUnloadNow
DllCreateObject
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RemoveOldVersion
RunOnceUpdate
SVCUninstall
UpdateASBar
_sqlite3_key_interop@12
_sqlite3_rekey_interop@12

Sections

.text
Size: 872KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FunshionGame2.ico
FunshionService.exe
.exe windows:4 windows x86 arch:x86

7a7aa62da5fa8ab0dc1356e7f91895d8

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:b9:44:95:4c:21:88:5d:f3:4b:89:18:31:52:08:bd:8a:e4:78:9a
Signer

Actual PE Digest

36:b9:44:95:4c:21:88:5d:f3:4b:89:18:31:52:08:bd:8a:e4:78:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\build2.4.1\symbols\FunshionService.pdb

Imports

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegQueryValueExW
RegCloseKey
RegOpenKeyExW

user32

DefWindowProcW
PostMessageW
CreateWindowExW
UnregisterClassA
FindWindowW
UpdateWindow
DestroyWindow
PeekMessageW
TranslateMessage
ShowWindow
LoadIconW
DispatchMessageW
LoadCursorW
RegisterClassExW

ws2_32

htonl
ntohs
WSAIoctl
WSASetLastError
ntohl
WSACleanup
htons
gethostbyname
inet_addr
WSAStartup
inet_ntoa
select
closesocket
WSAGetLastError
listen
__WSAFDIsSet
shutdown
accept
connect
getsockopt
send
socket
ioctlsocket
bind
WSAGetOverlappedResult
WSASend
WSARecv
WSARecvFrom
WSASocketW
WSASendTo
recv
sendto
setsockopt
recvfrom

quality

set_run_mode
report_task_detail
report_playing_pausing
report_something
report_ms_flow
report_tcp
report_uninitialize
report_udpt
report_initialize
report_task_state
report_hs
report_track
report_mem_info

shell32

SHFileOperationW
ord165
ShellExecuteW
SHGetFolderPathW
SHGetSpecialFolderPathW
ord51

dbghelp

MakeSureDirectoryPathExists
MiniDumpWriteDump

wininet

InternetOpenUrlW
HttpQueryInfoA
InternetReadFile
HttpQueryInfoW

encrypt

ord2
ord3
ord4

dump

dump_initialize
init_config_center
destroy_config_center
dump
ulvalue_of
svalue_of
svalue
lvalue_of
?dump_info@dump@@YAHABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
if_dump
?dump_info@dump@@YAHJABV?$basic_format@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@boost@@@Z
lvalue

fpsrv

ord4
ord1
ord3

kernel32

GetModuleHandleW
GetThreadLocale
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
FlushFileBuffers
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetLocaleInfoA
SetFilePointer
ReadFile
SleepEx
GetConsoleCP
IsValidCodePage
QueryPerformanceFrequency
GetACP
GetTimeZoneInformation
VirtualAlloc
HeapSize
VirtualFree
HeapCreate
HeapDestroy
SetLastError
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
RtlUnwind
HeapReAlloc
CreateThread
DebugBreak
GetOEMCP
WriteFileEx
SetFilePointerEx
GetFileAttributesExW
SetFileAttributesW
RemoveDirectoryW
GlobalMemoryStatus
FileTimeToSystemTime
FileTimeToLocalFileTime
HeapValidate
GetConsoleMode
ExitThread
GetFileAttributesW
IsDebuggerPresent
UnhandledExceptionFilter
Sleep
CloseHandle
GetCurrentProcess
GetLastError
GetPrivateProfileIntW
ExpandEnvironmentStringsW
InterlockedExchangeAdd
InterlockedExchange
QueueUserWorkItem
CreateEventW
WaitForSingleObject
SetEvent
GetTickCount
GetVersionExW
GetPrivateProfileStringW
DeleteCriticalSection
TerminateThread
WaitForMultipleObjects
InitializeCriticalSection
CreateEventA
EnterCriticalSection
GetVersionExA
LeaveCriticalSection
CreateFileW
WriteFile
GetLocalTime
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
LockResource
FindResourceExW
FindResourceW
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadResource
CreateProcessW
LoadLibraryA
SizeofResource
lstrcmpiW
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter
GetModuleFileNameA
DeleteFileW
QueryPerformanceCounter
CreateIoCompletionPort
ResumeThread
GetQueuedCompletionStatus
PostQueuedCompletionStatus
MoveFileW
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
FindNextFileW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
lstrcpyA
OpenFileMappingW
LocalAlloc
RaiseException
GetModuleHandleA
CreateMutexA
ReleaseMutex
GetSystemTimeAsFileTime
CreateSemaphoreA
ReleaseSemaphore
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
TerminateProcess
GetFileSize

shlwapi

PathAddBackslashW
PathRemoveFileSpecW
PathCombineW
PathRemoveBackslashW
PathFileExistsA
PathAppendW
PathIsRelativeW

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
FunshionUpgrade.exe
.exe windows:4 windows x86 arch:x86

91b0e578f22071833e1676ca115d4720

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

75:8f:66:35:66:2b:dd:36:93:56:dc:12:b4:e1:a8:6e:38:ec:45:37
Signer

Actual PE Digest

75:8f:66:35:66:2b:dd:36:93:56:dc:12:b4:e1:a8:6e:38:ec:45:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\workspace\updater\client\0.1.3\bin\release\FunshionUpgrade.pdb

Imports

wldap32

ord200
ord33
ord301
ord27
ord41
ord46
ord79
ord35
ord32
ord26
ord50
ord60
ord143
ord211
ord22
ord30

ws2_32

WSASetLastError
sendto
gethostbyaddr
getservbyname
htonl
inet_ntoa
gethostbyname
inet_addr
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup
recvfrom
accept
listen
__WSAFDIsSet
select
ioctlsocket
getservbyport

dbghelp

MakeSureDirectoryPathExists

wininet

InternetCloseHandle
InternetGetConnectedState
InternetOpenA
InternetSetStatusCallbackW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetReadFileExA
HttpQueryInfoW
InternetSetOptionA

kernel32

VirtualFree
IsProcessorFeaturePresent
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
DeleteFileW
WideCharToMultiByte
FindResourceW
SizeofResource
CreateEventW
LockResource
LoadResource
SetEvent
FindResourceExW
RaiseException
InitializeCriticalSection
CloseHandle
EnterCriticalSection
LeaveCriticalSection
GetLastError
WaitForSingleObject
WriteFile
SetLastError
GetCurrentThreadId
lstrlenW
lstrcpynW
GetModuleFileNameW
GetCurrentProcess
FlushInstructionCache
GetThreadLocale
lstrcmpiW
lstrcpyW
CompareStringW
LoadLibraryW
GetProcAddress
FreeLibrary
CreateToolhelp32Snapshot
Process32FirstW
OpenProcess
TerminateProcess
Process32NextW
CreateFileW
GetPrivateProfileIntW
SetThreadLocale
WritePrivateProfileStringW
MultiByteToWideChar
GetModuleHandleW
GetModuleFileNameA
CreateFileA
SetFilePointer
GetPrivateProfileStringW
GetPrivateProfileIntA
InterlockedDecrement
LoadLibraryExW
InterlockedIncrement
DeleteCriticalSection
GetSystemTimeAsFileTime
CreateEventA
HeapAlloc
GetProcessHeap
HeapFree
VirtualAlloc
ReleaseMutex
TlsAlloc
TlsFree
TlsGetValue
GetSystemInfo
Sleep
CreateMutexA
GetCurrentProcessId
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
LocalFree
FormatMessageA
GetVersionExW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileAttributesExA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindClose
GetFileTime
SetFileTime
GetDiskFreeSpaceExW
GetFullPathNameW
RemoveDirectoryW
CreateDirectoryW
CreateHardLinkW
GetDiskFreeSpaceExA
GetFullPathNameA
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
CreateHardLinkA
MoveFileW
CopyFileW
MoveFileA
CopyFileA
GetFileInformationByHandle
GetShortPathNameW
FindFirstFileW
FindNextFileW
FindFirstFileA
FindNextFileA
SleepEx
LoadLibraryA
GetSystemDirectoryA
DuplicateHandle
GetExitCodeThread
TerminateThread
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetStartupInfoW
RtlUnwind
InterlockedExchange
GetACP
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
GetTimeFormatA
GetDateFormatA
GetModuleHandleA
ExitProcess
GetDriveTypeA
LCMapStringA
LCMapStringW
GetCPInfo
GetCurrentThread
FatalAppExitA
HeapCreate
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
FlushFileBuffers
SetConsoleCtrlHandler
SetStdHandle
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
SetEndOfFile
GetTickCount

user32

InflateRect
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
MessageBoxA
MapWindowPoints
SystemParametersInfoW
SetRect
ScreenToClient
GetCursorPos
OffsetRect
SetFocus
CharNextW
GetSysColor
SetWindowTextW
UpdateWindow
GetClassNameW
SetCursor
PtInRect
GetWindowTextW
LoadCursorW
ReleaseCapture
GetCapture
EnableWindow
SetLayeredWindowAttributes
GetClassInfoExW
SetCapture
KillTimer
RegisterClassExW
SetRectEmpty
InvalidateRect
GetSysColorBrush
CopyRect
LoadBitmapW
ReleaseDC
IsWindowEnabled
CreateWindowExW
GetDC
IsWindow
SendMessageW
LoadImageW
SetWindowPos
UnregisterClassA
GetWindowTextLengthW
SetWindowLongW
GetClientRect
DefWindowProcW
GetWindowLongW
EndPaint
FindWindowW
SetTimer
DestroyWindow
wsprintfW
CallWindowProcW
FillRect
ShowWindow
GetActiveWindow
GetSystemMetrics
BeginPaint
EndDialog
LoadIconW
GetDlgItem
DialogBoxParamW
BringWindowToTop
DrawIcon
GetParent
GetWindow
PostMessageW
GetWindowRect
MoveWindow
SetWindowRgn
DrawTextW
GetDlgCtrlID

gdi32

DPtoLP
GetObjectW
TextOutW
CreateSolidBrush
GetDeviceCaps
CreateCompatibleBitmap
GetPixel
CreateCompatibleDC
Arc
GetTextExtentPoint32W
CreatePen
CreateBitmap
BitBlt
CreateDIBSection
DeleteDC
CreatePatternBrush
SetBrushOrgEx
CreateFontIndirectW
ExtTextOutW
SetBkColor
RoundRect
LineTo
MoveToEx
SetBkMode
GetStockObject
DeleteObject
SetTextColor
CreateRoundRectRgn
StretchBlt
SelectObject

advapi32

RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
IsTextUnicode
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetSpecialFolderPathW
ShellExecuteW
SHGetSpecialFolderPathA

ole32

CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoTaskMemFree
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

PathFileExistsA
PathFileExistsW
PathRemoveFileSpecA

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_AddMasked
ImageList_GetImageCount
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo

msimg32

TransparentBlt
GradientFill

Sections

.text
Size: 636KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Funshop2.ico
GetMACAddress.dll
.dll windows:4 windows x86 arch:x86

63db1edf9502ffaa36498ff9a96fa7ad

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

6b:8b:7e:a1:c0:56:77:76:5b:24:f1:3a:78:03:f7:c6:30:6d:82:32
Signer

Actual PE Digest

6b:8b:7e:a1:c0:56:77:76:5b:24:f1:3a:78:03:f7:c6:30:6d:82:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\GetMACAddress-vc80-mt.pdb

Imports

iphlpapi

GetBestRoute
GetBestInterface
GetIpAddrTable
GetIfTable

ws2_32

gethostbyname
gethostname
htons
htonl

kernel32

SetEndOfFile
CreateFileW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapFree
EnterCriticalSection
HeapAlloc
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
LCMapStringA
LCMapStringW
GetCPInfo
GetProcAddress
GetModuleHandleA
ExitProcess
ReadFile
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
HeapSize
LoadLibraryA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA

Exports

Exports

GetCurrUsedIPUL
GetCurrUsedIPUL2
GetMACAddress
GetMACAddress2
getGatewayIP

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LangResEnAmerican.dll
.dll windows:4 windows x86 arch:x86

22b98c5c8c68a5c45b232e3b1c1c06e3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

4f:a1:42:09:0c:4c:c9:b6:11:c2:eb:d2:fb:04:67:4d:ea:8d:6f:25
Signer

Actual PE Digest

4f:a1:42:09:0c:4c:c9:b6:11:c2:eb:d2:fb:04:67:4d:ea:8d:6f:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\LangResEnAmerican.pdb

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RouterSetting.dll
.dll windows:4 windows x86 arch:x86

c20102683ed71504e085607217e86e2c

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

49:1e:85:6f:19:94:1f:aa:e7:df:91:cc:ea:4b:89:7e:06:61:30:85
Signer

Actual PE Digest

49:1e:85:6f:19:94:1f:aa:e7:df:91:cc:ea:4b:89:7e:06:61:30:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\RouterSetting.pdb

Imports

kernel32

GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetTickCount
Sleep
SetEndOfFile
GetLocaleInfoW
CreateFileW
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
LoadLibraryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
GetCurrentThreadId
GetCommandLineA
GetProcAddress
GetModuleHandleA
ExitProcess
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
CloseHandle
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
VirtualAlloc
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointer
ReadFile
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

shell32

SHGetSpecialFolderPathA

wininet

InternetCloseHandle
InternetOpenW
InternetConnectW
InternetQueryOptionW
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile

user32

UnregisterClassA

Exports

Exports

_AutoSettingRouter@16

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe.nsis
cook.dll
.dll windows:4 windows x86 arch:x86

7186ef18b8145b9efacd73914d40cee0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

free
??3@YAXPAX@Z
memmove
_purecall
_CIpow
malloc
??2@YAPAXI@Z
_ftol
_initterm
_adjust_fdiv

Exports

Exports

RACloseCodec
RACreateEncoderInstance
RADecode
RAEncode
RAFlush
RAFreeDecoder
RAFreeEncoder
RAGetBackend
RAGetDecoderBackendGUID
RAGetFlavorProperty
RAGetGUID
RAGetNumberOfFlavors
RAGetNumberOfFlavors2
RAInitDecoder
RAInitEncoder
RAOpenCodec
RAOpenCodec2
RASetComMode
RASetFlavor
_RASetPwd@8

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
coreavc.ax
.dll regsvr32 windows:5 windows x86 arch:x86

a51dab6f4a70c7f5108331c3fee35df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
VirtualAlloc
VirtualFree

shell32

ShellExecuteA

advapi32

RegEnumKeyExA

ole32

CLSIDFromString

oleaut32

SafeArrayAccessData

user32

GetSystemMenu

version

GetFileVersionInfoA

comctl32

InitCommonControlsEx

gdi32

SetTextColor

Exports

Exports

Configure
DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 255KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
dbghelp.dll
.dll windows:7 windows x86 arch:x86

f7cb4432172d116632abc77471a1a600

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10-01-1997 07:00

Not After

31-12-2020 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

61:06:bf:fe:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-06-2007 21:56

Not After

22-09-2008 22:06

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:14:2c:a7:00:00:00:00:00:06
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-06-2007 23:54

Not After

13-06-2012 00:04

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:27F4-D440-54F3,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16-09-2006 01:04

Not After

15-09-2019 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25-01-2006 23:22

Not After

25-01-2017 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

a1:03:2f:43:6a:f5:0c:26:23:9e:70:3c:b2:4f:25:d8:64:c5:09:6e
Signer

Actual PE Digest

a1:03:2f:43:6a:f5:0c:26:23:9e:70:3c:b2:4f:25:d8:64:c5:09:6e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

_write
_lseeki64
_fileno
_read
__pioinfo
__badioinfo
ferror
wctomb
_snprintf
isleadbyte
mbtowc
isdigit
_onexit
_lock
__dllonexit
_unlock
_ismbblead
_amsg_exit
_initterm
_XcptFilter
memmove
_iob
__mb_cur_max
strchr
_vsnwprintf
iswprint
atol
??3@YAXPAX@Z
__unDName
_CxxThrowException
bsearch
fread
fseek
_wfsopen
_fsopen
wcstol
_fullpath
_wfullpath
_wgetenv
_get_osfhandle
_chsize
_close
_open_osfhandle
ftell
_memicmp
_mbscmp
??1type_info@@UAE@XZ
_errno
__CxxFrameHandler
iswspace
calloc
_itoa
_wcsdup
towlower
tolower
_wcslwr
time
_wctime
_ltoa
_wcsnicmp
_purecall
ctime
malloc
strncmp
isspace
_isatty
fclose
_stricmp
_strlwr
free
wcsrchr
strstr
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
iswxdigit
memset
??2@YAPAXI@Z
_wsopen
_sopen

kernel32

ExpandEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
DeviceIoControl
DeleteFileA
CopyFileA
SetFileAttributesA
LCMapStringA
InterlockedIncrement
InterlockedDecrement
LocalFree
MapViewOfFileEx
FlushViewOfFile
GetFileType
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryA
Sleep
GetVersion
GetSystemInfo
ReadProcessMemory
GetProcessHeap
GetFileAttributesA
SetErrorMode
WriteFile
OutputDebugStringA
VirtualFree
OpenProcess
GetCurrentProcessId
CreateFileMappingA
MapViewOfFile
FindClose
LocalAlloc
SetLastError
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
DeleteCriticalSection
HeapDestroy
FreeLibrary
HeapCreate
InitializeCriticalSection
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
GetModuleHandleA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 936KB - Virtual size: 935KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
drvc.dll
.dll windows:4 windows x86 arch:x86

5d841dc9603dda4e7058b842c1dedbfc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

__CxxFrameHandler
memmove
_ftol
_purecall
malloc
free
??3@YAXPAX@Z
_initterm
_adjust_fdiv
_beginthreadex
??2@YAPAXI@Z

kernel32

WaitForMultipleObjects
CreateThread
LeaveCriticalSection
EnterCriticalSection
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
WaitForSingleObject
GetSystemInfo
CreateEventA
QueryPerformanceCounter
SetEvent
QueryPerformanceFrequency
ResetEvent

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

Exports

Exports

?GetGUID@@YGJPAE@Z
RV40toYUV420CustomMessage
RV40toYUV420Free
RV40toYUV420HiveMessage
RV40toYUV420Init
RV40toYUV420Transform

Sections

.text
Size: 192KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fpsrv.dll
.dll windows:4 windows x86 arch:x86

08f8ed6c3bc44907eabaa1af43fcdad1

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

e0:61:fc:e4:37:18:e8:68:fd:b3:5f:23:de:1e:4f:fd:e7:83:67:af
Signer

Actual PE Digest

e0:61:fc:e4:37:18:e8:68:fd:b3:5f:23:de:1e:4f:fd:e7:83:67:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\Tracker\server_visitor\1.0.1\bin\lib\fpsrv.pdb

Imports

shlwapi

PathRemoveFileSpecW

kernel32

GetModuleHandleA
CompareStringW
FreeLibrary
GetProcAddress
CloseHandle
HeapFree
WaitForSingleObject
SetEvent
Sleep
GetProcessHeap
GetSystemTimeAsFileTime
HeapAlloc
CreateEventA
WideCharToMultiByte
GetModuleFileNameW
LoadLibraryA
ReleaseMutex
TlsAlloc
CreateMutexA
GetCurrentProcessId
TlsGetValue
TlsSetValue
ResetEvent
ResumeThread
GetTickCount
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RaiseException
RtlUnwind
ExitThread
GetLastError
CreateThread
WriteFile
GetStdHandle
GetModuleFileNameA
SetEnvironmentVariableA
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetTimeZoneInformation
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
HeapSize
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
GetLocaleInfoA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA

Exports

Exports

dllcreate_interface
dlldestroy
dllinitialize
dllrelease_interface

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
fptassrv.dll
.dll windows:4 windows x86 arch:x86

5b0d730dd3fdf2f2fcbc36ec81043f2b

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

8c:6f:a6:c1:8f:58:77:28:27:75:f9:0b:13:b2:08:eb:70:8b:cc:7a
Signer

Actual PE Digest

8c:6f:a6:c1:8f:58:77:28:27:75:f9:0b:13:b2:08:eb:70:8b:cc:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\Tracker\server_visitor\1.0.1\bin\lib\fptassrv.pdb

Imports

ws2_32

recvfrom
sendto
send
WSAGetLastError
recv
socket
connect
shutdown
select
inet_ntoa
ioctlsocket
gethostbyname
__WSAFDIsSet
closesocket
ntohl
ntohs
htonl
htons

kernel32

GetStdHandle
CreateFileA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetConsoleMode
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
CreateEventA
CloseHandle
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
RaiseException
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
FlushFileBuffers
GetModuleFileNameA
WideCharToMultiByte
GetTimeZoneInformation
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
GetLocaleInfoA
SetFilePointer
GetConsoleCP

Exports

Exports

dllget_objectptr
dllrelease_object

Sections

.text
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
funshionplugin2.dll
.dll windows:4 windows x86 arch:x86

dfe8c69493dfff98de890e37e919ccfc

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

3d:5c:dd:7b:2b:c4:5d:2c:9e:fd:e6:ca:b0:8b:18:bc:36:93:b0:40
Signer

Actual PE Digest

3d:5c:dd:7b:2b:c4:5d:2c:9e:fd:e6:ca:b0:8b:18:bc:36:93:b0:40

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\funshionplugin2.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

waveOutGetVolume

dsound

ord3

kernel32

lstrlenA
IsDBCSLeadByteEx
CreateSemaphoreA
RaiseException
GetVersion
GetVolumeInformationW
FindFirstFileW
FindClose
GetLocaleInfoA
VirtualAlloc
GetCurrentProcess
DuplicateHandle
VirtualFree
GetSystemInfo
ReleaseSemaphore
lstrcmpW
CreateSemaphoreW
CreateThread
GetTickCount
GetCurrentThread
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GetTempPathW
GetTempFileNameW
DeleteFileW
SetThreadPriority
InterlockedExchange
CreateEventW
ResetEvent
DisableThreadLibraryCalls
TerminateThread
GetCurrentThreadId
WaitForSingleObject
SetEvent
DeleteFileA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
GetVersionExW
GetLastError
UnmapViewOfFile
OpenFileMappingW
MapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileStringW
MultiByteToWideChar
Sleep
MulDiv
OutputDebugStringW
CreateFileW
CloseHandle
GetFileSize
SetFilePointer
ReadFile
GetCurrentProcessId
GetModuleFileNameW
LoadLibraryW
GetProcAddress
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetTimeZoneInformation
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
GetStartupInfoA
SetHandleCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
HeapDestroy
GetStdHandle
HeapSize
GetFileType
SetStdHandle
VirtualQuery
VirtualProtect
ExitProcess
GetSystemTimeAsFileTime
QueryPerformanceCounter
ExitThread
GetProcessHeap
GetCommandLineA
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
LocalAlloc
LocalFree
LoadLibraryA
GetVersionExA
SetLastError
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
GetModuleHandleA
GlobalUnlock
GlobalLock
lstrcmpA
FormatMessageW
GlobalAlloc
GlobalFree
ResumeThread
SuspendThread
GlobalGetAtomNameW
CompareStringA
GetLocaleInfoW
EnumResourceLanguagesW
ConvertDefaultLocale
GetThreadLocale
WriteFile
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesW
GetFileTime
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
SetErrorMode
GlobalFlags

user32

SetWindowLongW
GetWindowLongW
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
PtInRect
DeferWindowPos
ScreenToClient
AdjustWindowRectEx
GetSysColor
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
UpdateWindow
SetForegroundWindow
GetKeyState
TrackPopupMenu
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
DestroyWindow
GetTopWindow
GetDlgItem
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetLastActivePopup
GetForegroundWindow
GetWindowTextW
SetFocus
GetFocus
RemovePropW
GetPropW
SetPropW
GetClassLongW
CallNextHookEx
SetWindowsHookExW
GetCapture
IsChild
WinHelpW
SendDlgItemMessageA
SendDlgItemMessageW
LoadIconW
ReleaseDC
SetRectEmpty
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ClientToScreen
GetWindowDC
BeginPaint
EndPaint
SetWindowPos
IsDialogMessageW
SetWindowTextW
MoveWindow
ShowWindow
IsWindowEnabled
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuW
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
GetActiveWindow
TranslateMessage
GetMessageW
TranslateAcceleratorW
GetDesktopWindow
BringWindowToTop
CreatePopupMenu
InsertMenuItemW
InvalidateRect
LoadAcceleratorsW
ReleaseCapture
SetCursor
DestroyMenu
LoadMenuW
ReuseDDElParam
UnpackDDElParam
MapDialogRect
SetWindowContextHelpId
ShowOwnedPopups
CharNextW
CharUpperW
UnregisterClassW
GetMenuItemInfoW
SystemParametersInfoW
GetSysColorBrush
CopyAcceleratorTableW
InvalidateRgn
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
MessageBeep
RegisterClipboardFormatW
EndDialog
CreateDialogIndirectParamW
UnregisterClassA
SetMenu
SetTimer
KillTimer
PostThreadMessageW
PostQuitMessage
IsRectEmpty
PeekMessageW
RegisterWindowMessageW
DispatchMessageW
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetParent
GetWindowRect
UnionRect
OffsetRect
EqualRect
CopyRect
SendMessageW
EnableWindow
GetParent
PostMessageW
IsWindowVisible
MapWindowPoints
GetClientRect
GetWindow
IsWindow
SetRect
InflateRect
MessageBoxW
GetClassNameW
MonitorFromWindow
EnumWindows
GetWindowThreadProcessId
LoadCursorW
GetDC

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegQueryValueW
RegEnumKeyW
RegOpenKeyW
RegEnumKeyExW
RegOpenKeyExW

shell32

DragQueryFileW
DragFinish
SHGetFolderPathW

ole32

OleUninitialize
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoGetClassObject
StringFromGUID2
CoFreeLibrary
CoFreeUnusedLibraries
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromCLSID
GetRunningObjectTable
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CreateItemMoniker

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
OleCreateFontIndirect
SysStringLen
VariantChangeType
SysAllocStringLen
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear

shlwapi

PathRemoveFileSpecW
PathRemoveFileSpecA
PathAddBackslashA
PathStripToRootW
PathFindFileNameW
PathIsUNCW
PathFindExtensionW

oledlg

OleUIBusyW

ws2_32

inet_addr
htons
WSAGetLastError
send
recv
ioctlsocket
socket
closesocket
connect

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

GetDeviceCaps
GetMapMode
DeleteObject
CreatePatternBrush
CreateBitmap
SaveDC
RestoreDC
SetBkMode
ExtTextOutW
SetMapMode
ExcludeClipRect
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
Escape
SelectObject
GetObjectW
SetBkColor
SetTextColor
GetClipBox
CreateRectRgnIndirect
TranslateCharsetInfo
CreateFontIndirectW
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetRgnBox
GetTextExtentPoint32W
GetTextColor
GetBkColor
CreateCompatibleBitmap
CreateSolidBrush
GetStockObject
CreateCompatibleDC
DeleteDC

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

comdlg32

GetFileTitleW

Exports

Exports

FunPlayerPluginExports

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT64
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text.un
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 632KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
nicdescr.dat
pncrt.dll
.dll windows:4 windows x86 arch:x86

828907b7a8ec04c9c4031e40ef2f76ec

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
RtlUnwind
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
SetUnhandledExceptionFilter
GetModuleFileNameA
GetModuleFileNameW
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetCurrentThreadId
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapAlloc
HeapReAlloc
HeapValidate
HeapSize
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetCommandLineW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WideCharToMultiByte
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetEnvironmentVariableW
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
RaiseException
SetStdHandle
Sleep
CompareStringA
CompareStringW
GetLocaleInfoA
GetLocaleInfoW
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
GetUserDefaultLCID
GetVersionExA
GetTimeZoneInformation
SetEnvironmentVariableA
Beep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
GetExitCodeProcess
WaitForSingleObject
FreeLibrary
CreateProcessA
CreateProcessW
HeapCompact
HeapWalk
ReadConsoleA
SetConsoleMode
GetConsoleMode
SetEndOfFile
WriteConsoleA
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
LockFile
UnlockFile
CreateFileA
CreatePipe
ReadFile
CreateFileW
GetLocalTime
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
GetSystemTime
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@@QAE@ABV0@@Z
??0__non_rtti_object@@QAE@PBD@Z
??0bad_cast@@QAE@ABQBD@Z
??0bad_cast@@QAE@ABV0@@Z
??0bad_typeid@@QAE@ABV0@@Z
??0bad_typeid@@QAE@PBD@Z
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1__non_rtti_object@@UAE@XZ
??1bad_cast@@UAE@XZ
??1bad_typeid@@UAE@XZ
??1exception@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??3@YAXPAX@Z
??4__non_rtti_object@@QAEAAV0@ABV0@@Z
??4bad_cast@@QAEAAV0@ABV0@@Z
??4bad_typeid@@QAEAAV0@ABV0@@Z
??4exception@@QAEAAV0@ABV0@@Z
??8type_info@@QBEHABV0@@Z
??9type_info@@QBEHABV0@@Z
??_7__non_rtti_object@@6B@
??_7bad_cast@@6B@
??_7bad_typeid@@6B@
??_7exception@@6B@
??_E__non_rtti_object@@UAEPAXI@Z
??_Ebad_cast@@UAEPAXI@Z
??_Ebad_typeid@@UAEPAXI@Z
??_Eexception@@UAEPAXI@Z
??_G__non_rtti_object@@UAEPAXI@Z
??_Gbad_cast@@UAEPAXI@Z
??_Gbad_typeid@@UAEPAXI@Z
??_Gexception@@UAEPAXI@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDXZ
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@@UBEPBDXZ
SetUserHeapAlloc
SetUserHeapCalloc
SetUserHeapFree
SetUserHeapReAlloc
SetUserHeapSize
SetUserHeapValidate
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CrtHeapAlloc
_CrtHeapCalloc
_CrtHeapFree
_CrtHeapReAlloc
_CrtHeapSize
_CrtHeapValidate
_CxxThrowException
_EH_prolog
_Getdays
_Getmonths
_Gettnames
_HUGE
_Strftime
_XcptFilter
__CxxFrameHandler
__CxxLongjmpUnwind
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__argc
__argv
__badioinfo
__crtCompareStringA
__crtGetLocaleInfoW
__crtLCMapStringA
__dllonexit
__doserrno
__fpecode
__getmainargs
__initenv
__isascii
__iscsym
__iscsymf
__lc_codepage
__lc_handle
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fileinfo
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pioinfo
__pxcptinfoptrs
__set_app_type
__setlc_active
__setusermatherr
__threadhandle
__threadid
__toascii
__unDName
__unguarded_readlc_active
__wargv
__wgetmainargs
__winitenv
_abnormal_termination
_access
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_amsg_exit
_assert
_atodbl
_atoi64
_atoldbl
_beep
_beginthread
_beginthreadex
_c_exit
_cabs
_callnewh
_cexit
_cgets
_chdir
_chdrive
_chgsign
_chmod
_chsize
_clearfp
_close
_commit
_commode
_control87
_controlfp
_copysign
_cprintf
_cputs
_creat
_cscanf
_ctype
_cwait
_daylight
_dstbias
_dup
_dup2
_ecvt
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fcloseall
_fcvt
_fdopen
_fgetchar
_fgetwchar
_filbuf
_fileinfo
_filelength
_filelengthi64
_fileno
_findclose
_findfirst
_findfirsti64
_findnext
_findnexti64
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fputchar
_fputwchar
_fsopen
_fstat
_fstati64
_ftime
_ftol
_fullpath
_futime
_gcvt
_get_osfhandle
_get_sbh_threshold
_getch
_getche
_getcwd
_getdcwd
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getsystime
_getw
_getws
_global_unwind2
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_i64toa
_i64tow
_initterm
_inp
_inpd
_inpw
_iob
_isatty
_isctype
_ismbbalnum
_ismbbalpha
_ismbbgraph
_ismbbkalnum
_ismbbkana
_ismbbkprint
_ismbbkpunct
_ismbblead
_ismbbprint
_ismbbpunct
_ismbbtrail
_ismbcalnum
_ismbcalpha
_ismbcdigit
_ismbcgraph
_ismbchira
_ismbckata
_ismbcl0
_ismbcl1
_ismbcl2
_ismbclegal
_ismbclower
_ismbcprint
_ismbcpunct
_ismbcspace
_ismbcsymbol
_ismbcupper
_ismbslead
_ismbstrail
_isnan
_itoa
_itow
_j0
_j1
_jn
_kbhit
_lfind
_loaddll
_local_unwind2
_lock
_locking
_logb
_longjmpex
_lrotl
_lrotr
_lsearch
_lseek
_lseeki64
_ltoa
_ltow
_makepath
_mbbtombc
_mbbtype
_mbcasemap
_mbccpy
_mbcjistojms
_mbcjmstojis
_mbclen
_mbctohira
_mbctokata
_mbctolower
_mbctombb
_mbctoupper
_mbctype
_mbsbtype
_mbscat
_mbschr
_mbscmp
_mbscoll
_mbscpy
_mbscspn
_mbsdec
_mbsdup
_mbsicmp
_mbsicoll
_mbsinc
_mbslen
_mbslwr
_mbsnbcat
_mbsnbcmp
_mbsnbcnt
_mbsnbcoll
_mbsnbcpy
_mbsnbicmp
_mbsnbicoll
_mbsnbset
_mbsncat
_mbsnccnt
_mbsncmp
_mbsncoll
_mbsncpy
_mbsnextc
_mbsnicmp
_mbsnicoll
_mbsninc
_mbsnset
_mbspbrk
_mbsrchr
_mbsrev
_mbsset
_mbsspn
_mbsspnp
_mbsstr
_mbstok
_mbstrlen
_mbsupr
_memccpy
_memicmp
_mkdir
_mktemp
_msize
_nextafter
_onexit
_open
_open_osfhandle
_osver
_outp
_outpd
_outpw
_pclose
_pctype
_pgmptr
_pipe
_popen
_purecall
_putch
_putenv
_putw
_putws
_pwctype
_read
_rmdir
_rmtmp
_rotl
_rotr
_safe_fdiv
_safe_fdivr
_safe_fprem
_safe_fprem1
_scalb
_searchenv
_seh_longjmp_unwind
_set_error_mode
_set_sbh_threshold
_seterrormode
_setjmp
_setjmp3
_setmaxstdio
_setmbcp
_setmode
_setsystime
_sleep
_snprintf
_snwprintf
_sopen
_spawnl
_spawnle
_spawnlp
_spawnlpe
_spawnv
_spawnve
_spawnvp
_spawnvpe
_splitpath
_stat
_stati64
_statusfp
_strcmpi
_strdate
_strdup
_strerror
_stricmp
_stricoll
_strlwr
_strncoll
_strnicmp
_strnicoll
_strnset
_strrev
_strset
_strtime
_strupr
_swab
_sys_errlist
_sys_nerr
_tell
_telli64
_tempnam
_timezone
_tolower
_toupper
_tzname
_tzset
_ui64toa
_ui64tow
_ultoa
_ultow
_umask
_ungetch
_unlink
_unloaddll
_unlock
_utime
_vsnprintf
_vsnwprintf
_waccess
_wasctime
_wchdir
_wchmod
_wcmdln
_wcreat
_wcsdup
_wcsicmp

Sections

.text
Size: 212KB - Virtual size: 211KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pndx5016.dll
pndx5032.dll
.dll windows:4 windows x86 arch:x86

3dff24d172f5031d837d000fcf3a81f8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc
SMapLS_IP_EBP_8
SUnMapLS_IP_EBP_8
SMapLS_IP_EBP_12
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GlobalFree
GetVersion
GlobalAlloc

pncrt

free
_adjust_fdiv
malloc
_initterm

Exports

Exports

GetDevNodeStatus32Call
thk_ThunkData32

Sections

.text
Size: 1024B - Virtual size: 790B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 494B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
quality.dll
.dll windows:4 windows x86 arch:x86

68f5ac5c2c983471887f7563667523f3

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

a3:7a:6b:45:7b:f6:df:6c:3d:cd:d7:ad:de:65:6b:97:30:ee:db:5a
Signer

Actual PE Digest

a3:7a:6b:45:7b:f6:df:6c:3d:cd:d7:ad:de:65:6b:97:30:ee:db:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\quality.pdb

Imports

ws2_32

gethostname
inet_ntoa
htons
inet_addr
gethostbyname
closesocket
ioctlsocket
select
connect
recv
send
socket
htonl

psapi

GetProcessMemoryInfo

dump

svalue
lvalue_of
ulvalue_of
svalue_of

dbghelp

MakeSureDirectoryPathExists

wininet

HttpQueryInfoA
InternetOpenUrlW
HttpQueryInfoW
InternetReadFile

kernel32

WriteConsoleW
GetConsoleOutputCP
ReadFile
FreeEnvironmentStringsW
GetEnvironmentStrings
CreateFileA
FlushFileBuffers
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
IsValidLocale
EnumSystemLocalesA
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetLocaleInfoA
GetUserDefaultLCID
ExitProcess
InterlockedExchange
GlobalMemoryStatus
InterlockedExchangeAdd
GetTickCount
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SizeofResource
LockResource
FindResourceW
LoadResource
LoadLibraryA
GetVersionExW
lstrcmpiW
CreateFileW
FindResourceExW
GetProcAddress
GetLastError
WriteFile
DeleteFileW
QueryPerformanceCounter
GetModuleFileNameA
GetThreadLocale
GetEnvironmentStringsW
GetCurrentProcess
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
GetStdHandle

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shlwapi

PathFileExistsA

user32

UnregisterClassA

Exports

Exports

DllGetInterface
DllReleaseReporter
report_agent
report_hs
report_initialize
report_mem_info
report_ms_flow
report_nat_traversal
report_open_inline_page
report_play_buffering
report_playing_pausing
report_something
report_system_info
report_task_detail
report_task_state
report_tcp
report_torrent_download
report_track
report_udpt
report_uninitialize
set_run_mode

Sections

.text
Size: 212KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rmoc3260.dll
.dll regsvr32 windows:4 windows x86 arch:x86

856609e709a6cabc2acd456e10aed0e4

Code Sign

01
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

01-08-1996 00:00

Not After

31-12-2020 23:59

Subject

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:ee:97:f7:6b:56:99:e3:2b:08:af:5d:f8:3a:20:30
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

30-08-2006 20:44

Not After

15-09-2007 17:25

Subject

CN=RealNetworks\, Inc.,OU=Software Product Development,O=RealNetworks\, Inc.,L=Seattle,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04-12-2003 00:00

Not After

03-12-2008 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b
Signer

Actual PE Digest

f0:21:3e:b1:a9:b6:37:1f:ff:1c:dd:ce:74:f4:d0:f5:35:ad:7d:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

pncrt

_initterm
_adjust_fdiv
_ismbcspace
_open
_chsize
_fstat
_onexit
_read
_unlink
_putenv
_write
_sopen
_tell
_lseek
__dllonexit
malloc
_errno
_telli64
_lseeki64
memmove
_vsnprintf
strchr
isdigit
_stricmp
strncmp
printf
getenv
realloc
strstr
_snprintf
atol
atoi
sprintf
strncat
_purecall
??2@YAPAXI@Z
wcslen
wcsncpy
strncpy
strrchr
??3@YAXPAX@Z
free
_strnicmp
_strcmpi
_close
_creat

ole32

CoTaskMemAlloc
CreateBindCtx
CreateOleAdviseHolder
CoTaskMemFree
CoCreateInstance
CoGetMalloc

kernel32

CreateThread
InitializeCriticalSection
GetModuleFileNameA
GetTempPathA
GetTempFileNameA
CloseHandle
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetVersionExA
GetSystemInfo
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetEnvironmentVariableA
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
lstrlenW
lstrcpyA
lstrlenA
lstrcmpA
MultiByteToWideChar
DeleteFileA
WinExec
GetProcAddress
LoadLibraryA
FreeLibrary
SetErrorMode
DeleteCriticalSection
GetLocaleInfoA
GetVersion
GetLastError

user32

CreateDialogParamA
wsprintfA
CharNextA
CharPrevA
IsDialogMessageA
ReleaseDC
GetDC
PtInRect
SendMessageA
SetFocus
BeginPaint
EndPaint
SetParent
IsWindowVisible
GetParent
DefWindowProcA
UnregisterClassA
WinHelpA
GetWindowLongA
ShowWindow
EqualRect
OffsetRect
SetWindowRgn
SetWindowLongA
DestroyWindow
GetWindowRect
MapWindowPoints
SetWindowPos
GetSystemMetrics
GetActiveWindow
LoadStringA
GetDlgItemTextA
SetDlgItemTextA
GetSysColor
FillRect
IntersectRect
CopyRect
GetClientRect
EnumChildWindows
UpdateWindow
LoadCursorA
RegisterClassA
CreateWindowExA
GetKeyState
InvalidateRect
GetClipboardFormatNameA

advapi32

RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueA
RegSetValueA
RegEnumKeyA
RegCloseKey

gdi32

LPtoDP
CreateSolidBrush
CreateRectRgnIndirect
DeleteDC
SetMapMode
SetWindowOrgEx
DeleteObject
SetViewportOrgEx
GetDeviceCaps
CreateDCA

oleaut32

VariantClear
VariantInit
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysFreeString
OleCreatePropertyFrame
SetErrorInfo
SysAllocStringLen
RegisterTypeLi
VariantChangeType

urlmon

URLDownloadToCacheFileA
HlinkSimpleNavigateToString
CreateURLMoniker
RegisterBindStatusCallback

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
skin/Buffering.gif
.gif
skin/CaptionBkgnd.bmp
skin/CaptionCloseBtn.bmp
skin/CaptionMaxBtn.bmp
skin/CaptionMenuBtn.bmp
skin/CaptionMenuBtnEn.bmp
skin/CaptionMenuF.bmp
skin/CaptionMenuFEn.bmp
skin/CaptionMinBtn.bmp
skin/CaptionNormalBtn.bmp
skin/CaptionText.bmp
skin/CaptionTextEn.bmp
skin/ChangeModeBtn.bmp
skin/CheckBox_Box.bmp
skin/CheckBox_Check.bmp
skin/DiskWarnning.bmp
skin/DragCorner.bmp
skin/GetFspFile.gif
.gif
skin/HidePlayInfoBtn.bmp
skin/IErrorReshBtn.bmp
skin/IErrorWndBk.bmp
skin/IeToolBarBack.bmp
skin/IeToolBarBkgnd.bmp
skin/IeToolBarForward.bmp
skin/IeToolBarHomePage.bmp
skin/IeToolBarRefresh.bmp
skin/IntergrateModeBtn.bmp
skin/ListHeaderBkgnd.bmp
skin/ListHeaderSplid.bmp
skin/LoadTeleplayWeb.gif
.gif
skin/MainNcFrameBtm.bmp
skin/MainNcFrameLeft.bmp
skin/MainNcFrameRight.bmp
skin/MainNcFrameTop.bmp
skin/MainNcLeftBtmCorner.bmp
skin/MainNcLeftTopCorner.bmp
skin/MainNcRightBtmCorner.bmp
skin/MainNcRightTopCorner.bmp
skin/OptionBtnArrow.bmp
skin/OptionBtnBk.bmp
skin/OptionSplidBarHead.bmp
skin/OptionSplidBarTrail.bmp
skin/OptionSplideBarBkgnd.bmp
skin/OptionSplideBarThumb.bmp
skin/OptionText.bmp
skin/OptionTextEn.bmp
skin/PauseAdCloseBtn.bmp
skin/PauseFlickerBtn.bmp
skin/PlayBarSplidLineBk.bmp
skin/PlayBarSplidRgn.bmp
skin/PlayBarVolumeBarBkgnd.bmp
skin/PlayBarVolumeBarBkgndRight.bmp
skin/PlayBarVolumeBarBkgndRightSmall.bmp
skin/PlayBarVolumeBarBkgndSmall.bmp
skin/PlayBarVolumeBarThumb.bmp
skin/PlayBarVolumeBarThumbSmall.bmp
skin/PlayBufferInfoWndBkgnd.bmp
skin/PlayBufferInfoWndLeft.bmp
skin/PlayBufferInfoWndRight.bmp
skin/PlayInfoBkgnd.bmp
skin/PlayInfoBkgndSel.bmp
skin/PlayInfoBtmBar.bmp
skin/PlayInfoBtnMenu.bmp
skin/PlayInfoCurPlay.bmp
skin/PlayInfoHeaderBkgnd.bmp
skin/PlayInfoItemTextBk.bmp
skin/PlayInfoItemTextHover.bmp
skin/PlayInfoTitle.bmp
skin/PlayInfoTitleBk.bmp
skin/PlayInfoTitleEn.bmp
skin/PlayListAddBtn.bmp
skin/PlayListRemove.bmp
skin/PlayListVerSplid.bmp
skin/PlayListVerSplidMark.bmp
skin/PlaySplidBarBefore.bmp
skin/PlaySplidBarBeforeSmall.bmp
skin/PlaySplidBarBkgnd.bmp
skin/PlaySplidBarBkgndSmall.bmp
skin/PlaySplidBarDownload.bmp
skin/PlaySplidBarDownloadSmall.bmp
skin/PlaySplidBarHead.bmp
skin/PlaySplidBarHeadSmall.bmp
skin/PlaySplidBarThumb.bmp
skin/PlaySplidBarThumbSmall.bmp
skin/PlaySplidBarTrail.bmp
skin/PlaySplidBarTrailSmall.bmp
skin/PlayerBarBkgnd.bmp
skin/PlayerBarBtnFullView.bmp
skin/PlayerBarBtnMute.bmp
skin/PlayerBarBtnMuteSmall.bmp
skin/PlayerBarBtnNext.bmp
skin/PlayerBarBtnNextSmall.bmp
skin/PlayerBarBtnNonTop.bmp
skin/PlayerBarBtnNormal.bmp
skin/PlayerBarBtnPause.bmp
skin/PlayerBarBtnPauseSmall.bmp
skin/PlayerBarBtnPlay.bmp
skin/PlayerBarBtnPlayList.bmp
skin/PlayerBarBtnPlaySmall.bmp
skin/PlayerBarBtnPre.bmp
skin/PlayerBarBtnPreSmall.bmp
skin/PlayerBarBtnSetting.bmp
skin/PlayerBarBtnSimple.bmp
skin/PlayerBarBtnStop.bmp
skin/PlayerBarBtnStopSmall.bmp
skin/PlayerBarBtnTop.bmp
skin/PlayerBarBtnVolume.bmp
skin/PlayerBarBtnVolumeSmall.bmp
skin/PlayerBarLeftBk.bmp
skin/PlayerBarRightBk.bmp
skin/PlayerBarSplid.bmp
skin/PlayerHideBtn.bmp
skin/PlayerHideBtnEn.bmp
skin/PlayerTipCloseBtn.bmp
skin/RadioBtnBox.bmp
skin/RadioBtnPt.bmp
skin/RpcLoading.gif
.gif
skin/RpcStartDlgBk.bmp
skin/ScrollBarDownArrow.bmp
skin/ScrollBarDownArrowL.bmp
skin/ScrollBarDownArrowRound.bmp
skin/ScrollBarUpArrow.bmp
skin/ScrollBarUpArrowL.bmp
skin/ScrollBarUpArrowRound.bmp
skin/ScrollBarVerBkgnd.bmp
skin/ScrollBarVerBkgndL.bmp
skin/ScrollBarVerWidgetBkgnd.bmp
skin/ScrollBarVerWidgetBkgndHover.bmp
skin/ScrollBarVerWidgetBkgndL.bmp
skin/ScrollBarVerWidgetHead.bmp
skin/ScrollBarVerWidgetHeadHover.bmp
skin/ScrollBarVerWidgetHeadL.bmp
skin/ScrollBarVerWidgetMid.bmp
skin/ScrollBarVerWidgetMidHover.bmp
skin/ScrollBarVerWidgetMidL.bmp
skin/ScrollBarVerWidgetTrail.bmp
skin/ScrollBarVerWidgetTrailHover.bmp
skin/ScrollBarVerWidgetTrailL.bmp
skin/ScrollLinkBkgnd.bmp
skin/ScrollLinkFrm.bmp
skin/ShowPlayInfoBtn.bmp
skin/SplidBarBkgnd.bmp
skin/SplidBarMark.bmp
skin/StatusBarBkgnd.bmp
skin/StatusBarLeft.bmp
skin/StatusBarRight.bmp
skin/StatusBarSplid.bmp
skin/TabModeBtn.bmp
skin/TaskBarBtnMenu.bmp
skin/TaskBarBtnOpenLcl.bmp
skin/TaskBarTipDownArrow.bmp
skin/TaskListBtnHide.bmp
skin/TaskListBtnShow.bmp
skin/TaskListRePlayBtn.bmp
skin/TaskListRightLine.bmp
skin/TaskListStatIcons.bmp
skin/TaskListStatSelIcon.bmp
skin/TaskManagerCloseBtn.bmp
skin/TaskManagerCloseTxtBtn.bmp
skin/TaskMgnBarBk.bmp
skin/TaskMgnBarItem.bmp
skin/TaskMgnBarLScrollBtn.bmp
skin/TaskMgnBarRScrollBtn.bmp
skin/TaskMgnTitleBkgnd.bmp
skin/TaskMgnTitleLeft.bmp
skin/TaskMgnTitleRight.bmp
skin/TaskMngBtnIcon.bmp
skin/TaskTabBkgnd.bmp
skin/TaskTabBtnPopIcon.bmp
skin/TaskText.bmp
skin/TaskTextEn.bmp
skin/TaskToolBarBk.bmp
skin/TaskToolBarBk000.bmp
skin/TaskToolBarBkgnd.bmp
skin/TaskToolBarDelete.bmp
skin/TaskToolBarDiskClear.bmp
skin/TaskToolBarDownload.bmp
skin/TaskToolBarMoveDown.bmp
skin/TaskToolBarMoveUp.bmp
skin/TaskToolBarPlay.bmp
skin/TaskToolBarRestore.bmp
skin/TaskToolBarShowWeb.bmp
skin/TaskToolBarShowWebEn.bmp
skin/TaskToolBarSplid.bmp
skin/TaskToolBarStop.bmp
skin/TextBtnBk.bmp
skin/TipBottomArrow.bmp
skin/TipRightArrow.bmp
skin/TipTopArrow.bmp
skin/UpdateBtmBkgnd.bmp
skin/UpdateBtmCloseBtn.bmp
skin/UpdateBtmIgoreBtn.bmp
skin/UpdateBtmUpdateBtn.bmp
skin/UpdateCapBkgnd.bmp
skin/UpdateCapCloseBtn.bmp
skin/UpdateCaption.bmp
skin/UpdateIconFail.bmp
skin/UpdateIconInit.bmp
skin/UpdateIconSuc.bmp
skin/WebCloseBtn.bmp
skin/WebCloseBtnRgn.bmp
skin/WebToolBarBk.bmp
skin/bmpCleanFile.bmp
skin/bmpClearDisk.bmp
skin/bmpError.bmp
skin/bmpListHeaderBk.bmp
skin/bmpMenuBk.bmp
skin/bmpPlayBarTip.bmp
skin/bmpPrompt.bmp
skin/bmpQuestion.bmp
skin/bmpTimerClose.bmp
skin/imgCleanFileBtn.bmp
skin/list_expend.bmp
skin/vodPlay.gif
.gif
skin/vodPlayEn.gif
.gif
skin/vodWeb.gif
.gif
skin/vodWebEn.gif
.gif
upnp.dll
.dll windows:4 windows x86 arch:x86

37013afcc619ecaecbcd4d8f47d16faa

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

14-07-2010 00:00

Not After

02-08-2012 23:59

Subject

CN=Beijing Funshion Online Technologies Ltd.,OU=SECURE APPLICATION DEVELOPMENT,O=Beijing Funshion Online Technologies Ltd.,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

ff:b9:04:cc:4e:c2:93:47:2c:fa:53:48:98:1d:98:c6:52:5d:1d:31
Signer

Actual PE Digest

ff:b9:04:cc:4e:c2:93:47:2c:fa:53:48:98:1d:98:c6:52:5d:1d:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\build2.4.1\symbols\upnp.pdb

Imports

ws2_32

recv
send
connect
setsockopt
socket
inet_addr
sendto
htons
closesocket
ntohl

iphlpapi

GetIpAddrTable
GetBestInterface
GetBestRoute

kernel32

FlushFileBuffers
CreateFileA
WriteConsoleW
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
SetFilePointer
GetConsoleOutputCP
CreateThread
FindResourceExW
WideCharToMultiByte
SetThreadPriority
MultiByteToWideChar
CloseHandle
GetTickCount
FindResourceW
Sleep
SizeofResource
LockResource
LoadResource
LoadLibraryA
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
ExitThread
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
RtlUnwind
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
VirtualFree
VirtualAlloc
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetOEMCP
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleCP

user32

UnregisterClassA

Exports

Exports

AddUPnP
ReleaseUPnP

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7Certificate

Extended Key Usages

6c:ff:a6:38:23:ac:cd:2f:f8:03:d1:6f:61:39:32:49:bb:ac:98:17Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 256KB

.rsrc Size: 31KB - Virtual size: 31KB

0ece15e7d9bb35972aec701f46192460

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.data Size: 512B - Virtual size: 128B

.reloc Size: 512B - Virtual size: 220B

bf44c9fb48bb8c36b3e2527e7252350d

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 802B

.data Size: 512B - Virtual size: 142B

.reloc Size: 512B - Virtual size: 200B

2dfc6a992d004b736e85c64219a88b4a

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 172B

.reloc Size: 512B - Virtual size: 266B

c480ee4d2a64d4a16edee43fdfe35079

Headers

File Characteristics

Imports

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

6c:54:c3:bd:23:b7:b9:94:98:2b:2d:a0:fa:1e:29:f7
Certificate

6c:ff:a6:38:23:ac:cd:2f:f8:03:d1:6f:61:39:32:49:bb:ac:98:17
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 256KB

.rsrc
Size: 31KB - Virtual size: 31KB

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.data
Size: 512B - Virtual size: 128B

.reloc
Size: 512B - Virtual size: 220B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 802B

.data
Size: 512B - Virtual size: 142B

.reloc
Size: 512B - Virtual size: 200B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 172B

.reloc
Size: 512B - Virtual size: 266B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 10KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 836B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B