329ae7cf3969dd3026eda9b561397679_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

329ae7cf3969dd3026eda9b561397679_JaffaCakes118
Size

831KB
MD5

329ae7cf3969dd3026eda9b561397679
SHA1

b9a27eb8a39936aee5d67e757ae9709373adc883
SHA256

34071cbe302c4425989fc9ea275ad650d6fcec9da3f891a216daae8ac79901eb
SHA512

76ab6eef46b2c6c2718df3d677dd848ad1ca2d2d803ba3a669f2d81146ff80fd8d54c62108defbdb2692d1f835b4d1a843995b54c36c0f8c9c967625de3dc0ef
SSDEEP

24576:7NIzc9lRnMxkdOkY9UoGhzrh9FKwjjoziQV3tr6k:7KA9l6x9kG1IJ9Fzjozi+3Mk

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/ruyitao/3.1.5.4/sqlite3.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/ruyitao/3.1.5.4/sqlite3.dll	upx

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/ruyitao/3.1.5.4/sqlite3.dll
unpack002/out.upx

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

329ae7cf3969dd3026eda9b561397679_JaffaCakes118
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/05/2010, 00:00

Not After

30/05/2012, 23:59

Subject

CN=TaoBao(china) Software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TaoBao(china) Software Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:fb:15:76:7e:2d:72:ef:c0:cd:fc:2d:d3:ae:7b:37:18:65:53:a1
Signer

Actual PE Digest

ea:fb:15:76:7e:2d:72:ef:c0:cd:fc:2d:d3:ae:7b:37:18:65:53:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/show1.bmp
$PLUGINSDIR/show2.bmp
ruyitao/3.1.5.4/Extensions/chrome.manifest
ruyitao/3.1.5.4/Extensions/chrome/content/assets/css/searchbox-patch.css
ruyitao/3.1.5.4/Extensions/chrome/content/assets/icons/logo-19.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/icons/logo-32.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/btn-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/close-icon-32bit.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/close-icon-8bit.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/close-icon-hover.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/feedback_icon.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/hide-icon.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/loading.gif
.gif
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/no_image_available.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/option-logo-en.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/option-logo-zh.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/author.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/compare-disabled.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/compare.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/etao.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/market-item-hover-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/products/market-list-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/arrow-down.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/arrow-down2.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/controller-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/func-icon-hover.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/ju-active.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/ju.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/loading.gif
.gif
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/logo-hover.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/logo.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/next-page-btn-active.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/next-page-btn-default.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/option-icons.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/option-item-hover.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/plus-active.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/plus.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/prev-page-btn-active.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/prev-page-btn-default.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/product-item-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/product-item-hover-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazon.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazonca.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazoncn.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazonde.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazonfr.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazonit.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/amazonuk.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/coo8.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/dangdang.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebay.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebayca.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebayde.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebayfr.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebayit.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/ebayuk.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/etao.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/icson.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/jingdong.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/neweggcn.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/taobao.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/walmart.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/se-icons/yihaodian.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-active.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-bar-bg.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-btn-cn.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-btn-en.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-cn-blue.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-cn.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/search-en.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/separator-small.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/teaching-cn.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search/teaching-en.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/search_pic.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/share_to_microblog_btn.gif
.gif
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/show-icon.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/images/weibo_logo.png
.png
ruyitao/3.1.5.4/Extensions/chrome/content/assets/js/jquery-1.7.1.min.js
.js
ruyitao/3.1.5.4/Extensions/chrome/content/browser.xul
.xml
ruyitao/3.1.5.4/Extensions/chrome/content/main.js
.js
ruyitao/3.1.5.4/Extensions/chrome/content/views/options.html
.html .js polyglot
ruyitao/3.1.5.4/Extensions/chrome/content/views/products.html
ruyitao/3.1.5.4/Extensions/chrome/content/views/ruyitao-site.js
ruyitao/3.1.5.4/Extensions/chrome/content/views/searchbox.html
ruyitao/3.1.5.4/Extensions/chrome/content/views/shoppingassist.js
.js
ruyitao/3.1.5.4/Extensions/install.rdf
.xml
ruyitao/3.1.5.4/Extensions/modules/background.js
.js
ruyitao/3.1.5.4/Extensions/modules/browser.js
.js
ruyitao/3.1.5.4/Extensions/modules/cache.js
.js
ruyitao/3.1.5.4/Extensions/modules/console.js
.js
ruyitao/3.1.5.4/Extensions/modules/constants.js
.js
ruyitao/3.1.5.4/Extensions/modules/encode.js
.js
ruyitao/3.1.5.4/Extensions/modules/factory.js
.js
ruyitao/3.1.5.4/Extensions/modules/options.js
.js
ruyitao/3.1.5.4/Extensions/modules/search-engine.js
.js
ruyitao/3.1.5.4/Extensions/modules/service.js
.js
ruyitao/3.1.5.4/Extensions/modules/site.js
.js
ruyitao/3.1.5.4/Extensions/modules/sqlite-storage.js
.js
ruyitao/3.1.5.4/Extensions/modules/storage.js
.js
ruyitao/3.1.5.4/Extensions/modules/upgrader.js
.js
ruyitao/3.1.5.4/Extensions/modules/util.js
.js
ruyitao/3.1.5.4/ShoppingAssistant.dll
.dll regsvr32 windows:5 windows x86 arch:x86

25e909c5293a1bf8af3caed29e914f8e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/05/2010, 00:00

Not After

30/05/2012, 23:59

Subject

CN=TaoBao(china) Software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TaoBao(china) Software Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

31:6b:b5:90:9d:27:52:62:38:78:6b:8e:69:26:6d:d6:2d:59:fa:5c
Signer

Actual PE Digest

31:6b:b5:90:9d:27:52:62:38:78:6b:8e:69:26:6d:d6:2d:59:fa:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\ruyitao\ext\ruyi\ie\Release\ShoppingAssistant.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
IsBadStringPtrW
lstrlenW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
DeleteFileW
GetTickCount
CreateThread
WaitForSingleObject
GetExitCodeThread
CreateEventW
GetPrivateProfileStringW
GetLocalTime
GetProcAddress
GetModuleHandleW
lstrcmpiW
GetModuleFileNameW
FreeLibrary
SizeofResource
DeleteCriticalSection
FindResourceW
LoadLibraryExW
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetTempPathW
CreateMutexW
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
QueryPerformanceCounter
GetEnvironmentStringsW
lstrlenA
CloseHandle
MultiByteToWideChar
GlobalAlloc
DeviceIoControl
GlobalFree
CreateFileW
LoadResource
GetVersionExW
GetFileType
WriteConsoleW
FreeEnvironmentStringsW
GetStartupInfoW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
HeapQueryInformation
GetStdHandle
LCMapStringW
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetCPInfo
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetModuleFileNameA
GetCommandLineA
GetSystemTimeAsFileTime
IsBadReadPtr
HeapValidate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
HeapReAlloc
HeapAlloc
GetStringTypeW
LoadLibraryW
SetEvent
OpenEventA
OutputDebugStringA
OutputDebugStringW
GetCurrentProcessId
GetCurrentThreadId
VirtualAlloc
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
CreateFileMappingA
GetCurrentThread
RtlUnwind
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
ExitProcess

user32

GetDesktopWindow
KillTimer
SetTimer
UnregisterClassW
wvsprintfW
CharNextW
DialogBoxParamW
GetDlgItem
SetWindowTextW
EndDialog
DefWindowProcW
EnableWindow
IsWindow
MoveWindow
GetWindowRect

advapi32

RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
SetThreadToken
RevertToSelf
OpenThreadToken
RegEnumKeyExW

shell32

ShellExecuteW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CLSIDFromString

oleaut32

VarBstrCmp
SysFreeString
SysStringLen
SysAllocString
LoadRegTypeLi
DispCallFunc
VariantClear
SysAllocStringLen
LoadTypeLi
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi

shlwapi

SHSetValueW
SHGetValueW
PathFileExistsW
PathAppendW

netapi32

Netbios

wininet

InternetSetOptionW
InternetOpenW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle
InternetOpenUrlW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ruyitao/3.1.5.4/ShoppingAssistant.wsc
.xml
ruyitao/3.1.5.4/all.js
.js
ruyitao/3.1.5.4/logo.ico
ruyitao/3.1.5.4/ruyiUpdate.exe
.exe windows:4 windows x86 arch:x86

c01350d5e12858bbfc08f74b25d448f6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

31/05/2010, 00:00

Not After

30/05/2012, 23:59

Subject

CN=TaoBao(china) Software Co.\, Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=TaoBao(china) Software Co.\, Ltd,L=Hangzhou,ST=Zhejiang,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

50:0b:58:98:ec:64:5c:4b:b5:e2:42:f8:e4:ab:b3:b8:b6:a0:7b:ec
Signer

Actual PE Digest

50:0b:58:98:ec:64:5c:4b:b5:e2:42:f8:e4:ab:b3:b8:b6:a0:7b:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc42

ord3738
ord561
ord815
ord641
ord2514
ord2621
ord1134
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord540
ord6376
ord4424
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord1146
ord1168
ord4160
ord2863
ord2379
ord755
ord470
ord2645
ord926
ord5710
ord4129
ord6663
ord6215
ord3092
ord6197
ord6379
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord922
ord3749
ord860
ord537
ord2818
ord535
ord823
ord800
ord825
ord858
ord2055
ord1576

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
strpbrk
_ftol
memmove
_CxxThrowException
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
sscanf
_mbscmp
_snwprintf
_mbsrchr
_mbsnbcmp
exit
_mbsnbcat
_mbslwr
_mbsicmp
realloc
atoi
free
malloc
_purecall
fputs
fopen
fseek
ftell
fread
fclose
__CxxFrameHandler
_snprintf
_setmbcp
sprintf

kernel32

CloseHandle
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
LeaveCriticalSection
EnterCriticalSection
CreateThread
WaitForSingleObject
GetExitCodeThread
WriteFile
CreateFileA
DeleteFileA
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
Sleep
GetCurrentProcess
ReadFile
GetFileSize
GetLongPathNameA
GetModuleFileNameA
GetCommandLineA
CopyFileW
CreateDirectoryW
GetModuleFileNameW
DeleteFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
GetStartupInfoA
CreateEventA

user32

GetSystemMetrics
IsIconic
DrawIcon
GetSystemMenu
AppendMenuA
LoadIconA
EnableWindow
SendMessageA
SetTimer
KillTimer
InvalidateRect
GetClientRect

gdi32

BitBlt
DeleteObject
CreateCompatibleDC
SelectObject

advapi32

AdjustTokenPrivileges
RegOpenKeyExA
RegQueryValueExA
LookupPrivilegeValueA
OpenProcessToken
GetUserNameW

shell32

SHGetSpecialFolderPathW
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize
CreateStreamOnHGlobal

msvcp60

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??_7runtime_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?_Xlen@std@@YAXXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0runtime_error@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??1?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1runtime_error@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@

wininet

HttpQueryInfoA
InternetSetOptionA
InternetCloseHandle
InternetOpenUrlA
InternetReadFile
InternetOpenA

shlwapi

PathAppendA
UrlCreateFromPathA
StrStrIA
PathFileExistsW
PathFileExistsA
SHSetValueA
SHGetValueA

gdiplus

GdipFree
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdiplusShutdown
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdipCloneImage
GdipAlloc

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ruyitao/3.1.5.4/sqlite3.dll
.dll regsvr32 windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_held
sqlite3_mutex_leave
sqlite3_mutex_notheld
sqlite3_mutex_try
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_register_blob_functions
sqlite3_register_unacc_functions
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_sql
sqlite3_step
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_unregister_unacc_functions
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf

Sections

UPX0
Size: - Virtual size: 364KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 422KB - Virtual size: 421KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ruyitao/3.1.5.4/uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89Certificate

Extended Key Usages

Key Usages

ea:fb:15:76:7e:2d:72:ef:c0:cd:fc:2d:d3:ae:7b:37:18:65:53:a1Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 12KB - Virtual size: 12KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

25e909c5293a1bf8af3caed29e914f8e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

ea:fb:15:76:7e:2d:72:ef:c0:cd:fc:2d:d3:ae:7b:37:18:65:53:a1
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 12KB - Virtual size: 12KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

31:6b:b5:90:9d:27:52:62:38:78:6b:8e:69:26:6d:d6:2d:59:fa:5c
Signer

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 159KB - Virtual size: 158KB

.reloc
Size: 21KB - Virtual size: 20KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5a:1e:7e:8d:b4:43:bf:3d:03:fb:fe:ca:27:c3:97:89
Certificate

50:0b:58:98:ec:64:5c:4b:b5:e2:42:f8:e4:ab:b3:b8:b6:a0:7b:ec
Signer

.text
Size: 100KB - Virtual size: 96KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 48KB - Virtual size: 44KB

UPX0
Size: - Virtual size: 364KB