359a40dfaea2a753f88d1d435fb1a20c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

359a40dfaea2a753f88d1d435fb1a20c_JaffaCakes118
Size

1.6MB
MD5

359a40dfaea2a753f88d1d435fb1a20c
SHA1

880d5c199e8d1a2c1c9f190e052420b485ec2fb6
SHA256

d666f70c5799e05a6778da906e4c18c7926c383304c603ef88a2ce3aeb2a3689
SHA512

c3ed151b6ae1a732bd3532f976acd245ce760c9ad1898ce749df8de8a21a65f7bc504ebad4312c2f3e0002d5fe26ebc0222e2abe47dee4cf30e0387b86c8418c
SSDEEP

24576:pmJF3Zi64jWDUI1mKOLL/jiYYumpI8Aq8pEbjyoe5gTfg5iuldFlQNEaLjC0Hl:pUZi+QumKOLjjiRzhA7XlcfVu6EaLjCM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
359a40dfaea2a753f88d1d435fb1a20c_JaffaCakes118

Files

359a40dfaea2a753f88d1d435fb1a20c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 580KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/DownloadProxyPS.dll
.dll regsvr32 windows:4 windows x86 arch:x86

b177dcb186702f9a4775e053e2fa1e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1f:b8:77:c1:e1:24:e1:31:6a:64:11:b7:87:33:88:37:4b:94:f1:7b
Signer

Actual PE Digest

1f:b8:77:c1:e1:24:e1:31:6a:64:11:b7:87:33:88:37:4b:94:f1:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
MultiByteToWideChar
HeapSize
RtlUnwind
HeapReAlloc
VirtualAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSection
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent

rpcrt4

NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
CStdStubBuffer_QueryInterface
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
CStdStubBuffer_AddRef

oleaut32

BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Extract.dll
.dll windows:4 windows x86 arch:x86

102033a12b8cf17a451a9e9760020138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e
Signer

Actual PE Digest

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vcoutput\Release\7z\Extract.pdb

Imports

kernel32

GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
GetLastError
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
WaitForMultipleObjects
VirtualAlloc
VirtualFree
GetProcAddress
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
SetCurrentDirectoryA
AreFileApisANSI
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
GetSystemDirectoryA
GetWindowsDirectoryW
GetSystemDirectoryW
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryW
DeleteFileW
GetShortPathNameA
lstrlenA
GetFullPathNameA
GetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetFullPathNameW
SearchPathW
FindClose
FindCloseChangeNotification
FindFirstChangeNotificationA
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindFirstChangeNotificationW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetFileSize
SetFilePointer
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
CreateFileA
CompareFileTime
GetSystemInfo
GlobalMemoryStatus
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
CompareStringW
CompareStringA
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
ExitThread
CreateThread
GetCommandLineA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
FatalAppExitA
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
SetEnvironmentVariableA

user32

CharPrevA
CharToOemA
CharNextA
CharLowerW
CharUpperW
CharLowerA
CharUpperA
CharPrevExA

oleaut32

VariantCopy
SysFreeString
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 274KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/MiniQQDL.exe
.exe windows:4 windows x86 arch:x86

1000863657fcf757933b6f5b5bef7871

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5c:b6:2f:d6:9e:e4:f6:80:35:a8:9b:9e:48:8c:fd:35:f2:e1:97:ea
Signer

Actual PE Digest

5c:b6:2f:d6:9e:e4:f6:80:35:a8:9b:9e:48:8c:fd:35:f2:e1:97:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MyDocuments\Projects\GameDownloader\Trunk\Src\bin\QQGameDown.pdb

Imports

comctl32

_TrackMouseEvent
InitCommonControlsEx

kernel32

GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetLocaleInfoA
EnumResourceLanguagesA
ConvertDefaultLocale
GetCPInfo
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentDirectoryA
SetErrorMode
MoveFileA
LockFile
UnlockFile
SetEndOfFile
DuplicateHandle
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetShortPathNameA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
GetFileTime
FindFirstFileW
GetSystemDirectoryW
SetEnvironmentVariableA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetTimeZoneInformation
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
VirtualFree
HeapCreate
HeapDestroy
SetCurrentDirectoryA
GetFullPathNameW
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
FatalAppExitA
GetConsoleMode
GetConsoleCP
GetStdHandle
IsValidCodePage
GetACP
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
GetDateFormatA
GetTimeFormatA
CreateDirectoryA
GetDriveTypeA
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
GetSystemTimeAsFileTime
MoveFileW
GetStartupInfoW
CreateThread
ExitThread
ExitProcess
RtlUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
RaiseException
InterlockedCompareExchange
TerminateThread
OutputDebugStringW
IsBadReadPtr
ExpandEnvironmentStringsW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetLocalTime
GetModuleFileNameA
GetModuleHandleW
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcpynW
GetPrivateProfileStringW
GetPrivateProfileIntW
SetThreadLocale
CloseHandle
DeviceIoControl
CreateFileW
GetLastError
CreateMutexW
GetCommandLineW
GetCurrentThread
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetFileAttributesW
GetVersionExW
GetTempPathA
GetProcAddress
LoadLibraryA
CreateDirectoryW
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
WaitForSingleObject
HeapFree
GetProcessHeap
SetEvent
CreateEventW
HeapAlloc
MultiByteToWideChar
GetFileSize
FlushFileBuffers
GetVolumeInformationW
WriteFile
ReadFile
SetFilePointer
FindClose
DeleteFileW
CopyFileW
Sleep
GetTickCount
CreateEventA
ResetEvent
InterlockedExchange
GetVersion
CompareStringA
CompareStringW
lstrcmpiA
lstrcmpiW
lstrlenA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetStringTypeExA
GetStringTypeExW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetSystemDirectoryA
CreateFileA
OutputDebugStringA
WritePrivateProfileStringA
DeleteFileA
SetUnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
GetThreadContext
GetThreadSelectorEntry
ReadProcessMemory
LoadLibraryW
GlobalUnlock
GlobalLock
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
SetLastError
MulDiv
FindResourceA
LocalFree
FormatMessageA
GlobalSize
CopyFileA
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
GetModuleHandleA
InterlockedDecrement
InterlockedIncrement
lstrcmpA
SetThreadPriority
ResumeThread
SuspendThread
GlobalFlags
GlobalGetAtomNameA
GetAtomNameA
GetThreadLocale
FileTimeToSystemTime
SystemTimeToFileTime
GetVersionExA
lstrcmpW

user32

CheckMenuItem
GetWindowTextLengthA
GetFocus
GetDesktopWindow
GetDlgCtrlID
GetClassNameA
GetWindowTextA
SetWindowTextA
UnregisterClassA
SetWindowsHookExA
GetMessageA
DispatchMessageA
GetKeyState
PeekMessageA
ValidateRect
LoadCursorA
GetSysColor
GetSysColorBrush
GetWindowThreadProcessId
SendMessageA
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetMenuItemCount
RemoveMenu
DrawIcon
EnumThreadWindows
DialogBoxParamW
CreateDialogParamW
EndDialog
WindowFromPoint
IsZoomed
SetWindowRgn
GetActiveWindow
RedrawWindow
GetClassInfoExW
GetSystemMetrics
DrawIconEx
GetSystemMenu
GetMenuState
GetWindowTextW
SetDlgItemTextA
IsDialogMessageA
MoveWindow
LoadCursorW
ShowWindow
IsIconic
SetCursor
FindWindowExW
IsWindowVisible
GetClassInfoW
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
GetWindow
SystemParametersInfoW
MapWindowPoints
DrawFocusRect
GetParent
ClientToScreen
DefWindowProcW
RegisterClassExW
EnableMenuItem
GetWindowLongW
IntersectRect
CreateWindowExW
InvalidateRect
GetWindowDC
GetCapture
SetCapture
ScreenToClient
ReleaseCapture
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindowPlacement
SystemParametersInfoA
SetWindowLongA
CallWindowProcA
DefWindowProcA
SetWindowPlacement
SetScrollInfo
FindWindowA
SendMessageTimeoutW
SendMessageW
UpdateWindow
BringWindowToTop
SetForegroundWindow
FindWindowW
DispatchMessageW
TranslateMessage
GetMessageW
wsprintfW
SetRect
LoadImageW
GetWindowRect
GetClassNameW
DrawAnimatedRects
EnumChildWindows
MessageBoxW
PostMessageW
GetClassInfoA
GetClassInfoExA
CreateWindowExA
PostMessageA
GetMenu
ShowScrollBar
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenuEx
ScrollWindow
GetMessagePos
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
SetActiveWindow
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassLongA
IsChild
WinHelpA
SendDlgItemMessageA
LoadIconA
RegisterWindowMessageA
CheckRadioButton
GetDialogBaseUnits
CreateDialogIndirectParamA
GetNextDlgTabItem
DestroyIcon
DeleteMenu
ShowOwnedPopups
GrayStringA
DrawTextExA
DrawTextA
GetScrollInfo
RegisterClassA
CopyRect
DeferWindowPos
EqualRect
AdjustWindowRectEx
SetWindowLongW
PostQuitMessage
DestroyWindow
IsWindow
CallWindowProcW
FlashWindow
SetWindowPos
SetWindowTextW
RegisterWindowMessageW
EndPaint
GetClientRect
BeginPaint
EnableWindow
GetDlgItem
IsDlgButtonChecked
SetDlgItemInt
GetDlgItemInt
SetDlgItemTextW
SetFocus
CheckDlgButton
SendDlgItemMessageW
GetDlgItemTextW
SetTimer
KillTimer
LoadIconW
DestroyMenu
TrackPopupMenu
GetCursorPos
GetSubMenu
LoadMenuW
CharLowerA
CharLowerW
CharUpperA
CharUpperW
PtInRect
ReleaseDC
GetDC
DrawTextW
OffsetRect
InflateRect
ScrollWindowEx
GetMenuItemInfoA
FillRect
TabbedTextOutA
GetDlgItemTextA

gdi32

GetTextMetricsA
DPtoLP
PatBlt
GetMapMode
SetRectRgn
CreateHatchBrush
ExtCreatePen
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
SelectPalette
CreatePatternBrush
CreateDIBPatternBrushPt
ExtSelectClipRgn
PolyBezierTo
PolylineTo
PolyDraw
ArcTo
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutA
RectVisible
PtVisible
StartDocA
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipPath
GetClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
OffsetClipRgn
IntersectClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
RestoreDC
SaveDC
GetTextExtentPoint32A
ExtTextOutA
CreateFontIndirectA
GetObjectA
GetDCOrgEx
CreateBitmap
CreateDCA
CopyMetaFileA
GetDeviceCaps
CreateSolidBrush
CreateFontIndirectW
CombineRgn
CreateRoundRectRgn
CreateRectRgn
ExcludeClipRect
CreateDIBSection
GetClipBox
CreateCompatibleBitmap
StretchBlt
CreateCompatibleDC
BitBlt
DeleteDC
Rectangle
SetBkColor
ExtTextOutW
CreateRectRgnIndirect
SelectClipRgn
RoundRect
MoveToEx
CreatePen
LineTo
SelectObject
GetTextExtentPoint32W
GetStockObject
DeleteObject
SetTextColor
SetBkMode

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

GetFileTitleA

advapi32

RegOpenKeyA
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyA
RegQueryValueA
RegEnumKeyA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueA
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
GetFileSecurityW
ImpersonateSelf
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck

shell32

SHGetFileInfoA
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetSpecialFolderPathW
ShellExecuteExW
ExtractIconA
ShellExecuteW
SHGetSpecialFolderPathA
Shell_NotifyIconW

ole32

ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemAlloc
CreateStreamOnHGlobal
OleDuplicateData
CoDisconnectObject
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitializeEx
CLSIDFromProgID
CoLoadLibrary
CoFreeLibrary
CoCreateGuid
CoInitialize
StringFromGUID2
CLSIDFromString
CoTaskMemFree

oleaut32

VariantInit
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarDateFromStr
SysReAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
VariantCopy
VariantChangeType
SafeArrayRedim
VariantClear
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
wnsprintfW
PathRemoveExtensionA
PathFindExtensionA

version

GetFileVersionInfoSizeW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW

imagehlp

StackWalk
SymSetOptions
SymInitialize
SymFunctionTableAccess
SymGetModuleInfo
SymLoadModule

gdiplus

GdipCloneBitmapAreaI
GdipDrawImageRectRectI
GdipDrawString
GdipCreateFromHDC
GdipSetStringFormatTrimming
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCloneBrush
GdipLoadImageFromStreamICM
GdipDrawImageRectI
GdipGetPropertyItemSize
GdipGetPropertyItem
GdipImageSelectActiveFrame
GdipImageGetFrameCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameDimensionsCount
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipCreateFont
GdipCloneImage

ws2_32

htons
gethostbyname
inet_addr
closesocket
ioctlsocket
setsockopt
ntohs
ntohl
htonl
recvfrom
socket
sendto
bind
send
recv
connect
listen
WSAGetLastError
getpeername
accept
inet_ntoa
__WSAFDIsSet
select
WSAStartup
WSACleanup

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

netapi32

Netbios
NetWkstaTransportEnum
NetApiBufferFree

Sections

.text
Size: 668KB - Virtual size: 667KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/TNProxy.dll
.dll regsvr32 windows:4 windows x86 arch:x86

5b6be223aae9558de13dd3a8d5d553f3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b9:30:e9:58:b6:b6:9e:50:34:77:30:46:b9:49:1a:ea:e0:66:aa:a2
Signer

Actual PE Digest

b9:30:e9:58:b6:b6:9e:50:34:77:30:46:b9:49:1a:ea:e0:66:aa:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryA
InterlockedIncrement
GetProcAddress
FreeLibrary
GetTickCount
CloseHandle
Sleep
TlsSetValue
TlsFree
TlsAlloc
TlsGetValue

ws2_32

htonl
sendto
connect
htons
ntohs
ntohl
gethostbyname
WSAStartup
WSACleanup
select
closesocket
ioctlsocket
setsockopt
socket
bind
recvfrom
recv
send
getpeername
listen
accept
inet_ntoa
__WSAFDIsSet
WSAGetLastError
gethostname
inet_addr

msvcrt

memcmp
strcmp
??1type_info@@UAE@XZ
isdigit
memchr
fgetc
malloc
_adjust_fdiv
__dllonexit
_ftol
atoi
_CxxThrowException
strncpy
strstr
memmove
free
calloc
memset
rand
srand
_beginthreadex
memcpy
strlen
_initterm
_onexit
time
strcpy
_iob
fputc
sprintf
printf
_purecall
__CxxFrameHandler
??3@YAXPAX@Z
??2@YAPAXI@Z

msvcp60

??1_Winit@std@@QAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xran@std@@YAXXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?_Xlen@std@@YAXXZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ

iphlpapi

GetAdaptersInfo
GetIfEntry

wininet

InternetGetConnectedState

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/Tencentdl.exe
.exe windows:4 windows x86 arch:x86

7da95fdbf2af3880629ddacaa64e058c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:ed:dc:6c:9e:6a:22:5d:cf:d3:49:7c:ad:eb:a6:80:d7:d3:91:44
Signer

Actual PE Digest

e7:ed:dc:6c:9e:6a:22:5d:cf:d3:49:7c:ad:eb:a6:80:d7:d3:91:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\XF Code\DLPlugins_proj\branches\Tencentdl_version\Tencentdl_v113\Output\Release\Tencentdl.pdb

Imports

kernel32

PostQueuedCompletionStatus
HeapAlloc
QueueUserAPC
TerminateThread
WaitForMultipleObjects
GetQueuedCompletionStatus
CreateIoCompletionPort
SetLastError
InterlockedCompareExchange
FlushInstructionCache
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
SleepEx
CreateEventW
CreateWaitableTimerW
DeleteFileW
lstrcpynW
OpenProcess
CreateToolhelp32Snapshot
CopyFileW
Sleep
CreateThread
GetCommandLineW
LoadLibraryW
GetVersionExW
lstrlenA
DeviceIoControl
CreateFileW
RemoveDirectoryW
SetFileAttributesW
MoveFileW
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
WideCharToMultiByte
ResetEvent
WritePrivateProfileStringW
GetPrivateProfileIntW
lstrcmpW
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleA
GetSystemInfo
VirtualQuery
ExitThread
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
GetVersionExA
GetStartupInfoW
GetCurrentThread
GetStdHandle
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetFullPathNameW
GetCurrentDirectoryA
SetWaitableTimer
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
LoadLibraryA
GetLocaleInfoA
GetLocaleInfoW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
SetStdHandle
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetDriveTypeA
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
FormatMessageA
LocalFree
CreateWaitableTimerA
SystemTimeToFileTime
ResumeThread
OpenEventA
GetThreadLocale
IsProcessorFeaturePresent
ReadProcessMemory
GetThreadSelectorEntry
VirtualQueryEx
DeleteFileA
WritePrivateProfileStringA
OutputDebugStringA
GetSystemDirectoryA
TlsSetValue
SetFileTime
TlsGetValue
InitializeCriticalSectionAndSpinCount
GetProcessHeap
HeapFree
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
TlsAlloc
InterlockedExchangeAdd
GetCurrentThreadId
SetEvent
WaitForSingleObject
CreateEventA
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
TlsFree
InterlockedExchange
CloseHandle
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetSystemDirectoryW
GetModuleHandleW
GetProcAddress
InterlockedIncrement
lstrlenW
InterlockedDecrement

user32

FindWindowW
RedrawWindow
SetWindowLongW
GetWindowLongW
DrawTextW
LoadBitmapW
EndDialog
GetDlgItem
GetClientRect
GetWindowRect
PostMessageW
GetActiveWindow
DialogBoxParamW
GetWindow
SystemParametersInfoW
MapWindowPoints
GetSysColor
WindowFromPoint
SetWindowTextW
LoadStringW
GetCapture
ReleaseCapture
DestroyWindow
IsWindow
SendMessageW
CharNextW
CreateDialogParamW
PostThreadMessageW
CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
CreateWindowExW
PtInRect
SetRect
GetParent
CallWindowProcW
DefWindowProcW
ShowWindow
EnableWindow
GetSystemMetrics
IsIconic
MoveWindow
BringWindowToTop
ClientToScreen
InvalidateRect
IsWindowVisible
ShowOwnedPopups
LoadIconW
GetLastActivePopup
DrawIconEx
LoadMenuW
DestroyMenu
GetMonitorInfoW
GetWindowTextW
LoadImageW
GetCursorPos
GetSubMenu
UnregisterClassA
SetWindowPos
GetIconInfo
DestroyIcon
TrackPopupMenu
MonitorFromPoint
SetForegroundWindow

gdi32

RestoreDC
SaveDC
DeleteDC
CreateCompatibleDC
SelectObject
SetBkMode
SetTextColor
BitBlt
StretchBlt
CreateCompatibleBitmap
DeleteObject
CreateFontW
GetObjectW
ExtTextOutW
SetBkColor
CreateSolidBrush

advapi32

RegOpenKeyExA
RegQueryValueExA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegOpenKeyW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
IsTextUnicode

shell32

ShellExecuteW
SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW

ole32

CoFreeLibrary
CoLoadLibrary
CoCreateGuid
CoInitializeEx
StringFromGUID2
CoRegisterClassObject
CoRevokeClassObject
CoCreateInstance
CoInitialize
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromProgID

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString

shlwapi

wnsprintfW

comctl32

_TrackMouseEvent

ws2_32

recvfrom
htonl
ntohl
WSAStartup
WSACleanup
closesocket
htons
gethostbyname
inet_addr
select
__WSAFDIsSet
ntohs
inet_ntoa
accept
getpeername
WSAGetLastError
listen
connect
recv
ioctlsocket
bind
sendto
socket
send
setsockopt

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

netapi32

NetApiBufferFree
NetWkstaTransportEnum
Netbios

psapi

GetModuleFileNameExW

imagehlp

SymLoadModule
SymGetModuleInfo
SymFunctionTableAccess
SymInitialize
SymSetOptions
StackWalk

Sections

.text
Size: 636KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_2_/config.ini
$_2_/dlcore.dll
.dll regsvr32 windows:4 windows x86 arch:x86

11add409ada29fc8e34b7647fbd766e8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

76:66:b8:e8:7d:b1:e0:95:0a:03:b0:70:b2:fb:98:b8:2b:eb:8b:76
Signer

Actual PE Digest

76:66:b8:e8:7d:b1:e0:95:0a:03:b0:70:b2:fb:98:b8:2b:eb:8b:76

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vcoutput\ReleaseStatic\xdownload\dlcore.pdb

Imports

ws2_32

gethostbyname
inet_addr
bind
sendto
socket
recvfrom
send
recv
setsockopt
WSACleanup
gethostname
WSAGetLastError
connect
ioctlsocket
closesocket
inet_ntoa
ntohl
ntohs
htonl
getpeername
WSAStartup
accept
__WSAFDIsSet
select
getsockname
listen
WSASetLastError
htons

kernel32

SetEndOfFile
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
OutputDebugStringA
GetTickCount
CloseHandle
FindClose
FindFirstFileW
GetFileAttributesW
CreateEventA
SetEvent
ResetEvent
WaitForSingleObject
TerminateThread
DeleteFileW
GetDriveTypeA
MultiByteToWideChar
InterlockedDecrement
lstrlenA
InterlockedIncrement
InterlockedExchangeAdd
ReleaseSemaphore
GetCurrentThreadId
CreateSemaphoreA
GetModuleFileNameA
WaitForMultipleObjects
MoveFileW
CreateFileW
InterlockedExchange
OpenMutexA
GetLastError
CreateMutexA
ReleaseMutex
RemoveDirectoryW
WideCharToMultiByte
lstrlenW
RaiseException
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
SetThreadLocale
GetThreadLocale
GetStringTypeW
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetFilePointerEx
GetVolumeInformationA
CopyFileW
GetStringTypeA
GetLocaleInfoA
SetStdHandle
GetTimeZoneInformation
GetFullPathNameW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
HeapSize
SetLastError
TlsFree
GetVersionExA
GetModuleFileNameW
GetCurrentDirectoryA
GetTempPathA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
GetVolumeInformationW
GetProcAddress
CreateFileA
MapViewOfFileEx
CreateFileMappingA
UnmapViewOfFile
DeviceIoControl
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalAlloc
FindNextFileA
FindFirstFileA
HeapFree
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
GetCommandLineA
GetProcessHeap
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
TlsGetValue
TlsAlloc
TlsSetValue

user32

CharNextA
UnregisterClassA

advapi32

OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
IsTextUnicode
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA

ole32

CoFreeLibrary
CoLoadLibrary
CoInitialize
CoCreateGuid
CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance
OleRun

oleaut32

SafeArrayDestroy
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysStringLen
VarUI4FromStr
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VariantClear
VariantInit
SafeArrayCreate
SafeArrayCreateVector
GetErrorInfo
SafeArrayPutElement

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

wininet

InternetOpenUrlA
InternetOpenA
InternetCloseHandle
InternetReadFile

shell32

SHGetSpecialFolderPathA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ReleaseCommLib

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/image/button.png
.png
$_2_/image/checked.png
.png
$_2_/image/close.png
.png
$_2_/image/loading.png
.png
$_2_/image/mainbnd.png
.png
$_2_/image/mainwnd.jpg
.jpg
$_2_/image/min.png
.png
$_2_/image/unchecked.png
.png
$_2_/image/xf.png
.png
$_2_/predown.dll
.dll windows:4 windows x86 arch:x86

5fb8f9f4f5552f9cfdfe6e7c2a2df9e7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

26/01/2010, 00:00

Not After

25/01/2013, 23:59

Subject

CN=Tencent Technology(Shenzhen) Company Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Tencent Technology(Shenzhen) Company Limited,L=shenzhen,ST=guangdong,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:71:66:81:95:7f:7f:d2:f4:bb:46:43:f0:c8:d8:ce:c1:78:d1:98
Signer

Actual PE Digest

b2:71:66:81:95:7f:7f:d2:f4:bb:46:43:f0:c8:d8:ce:c1:78:d1:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\XFCode\DLPlugins_proj\branches\Tencentdl_version\PreDownload\Release\predown.pdb

Imports

ws2_32

ioctlsocket
closesocket
htonl
ntohs
setsockopt
recvfrom
connect
listen
WSAGetLastError
getpeername
accept
__WSAFDIsSet
socket
sendto
bind
send
recv
gethostname
inet_ntoa
inet_addr
htons
gethostbyname
ntohl
WSAStartup
select
WSACleanup

kernel32

InterlockedExchangeAdd
CreateEventA
InterlockedExchange
TlsFree
WaitForSingleObject
SetEvent
TlsAlloc
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetCurrentThreadId
GetLastError
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
EnterCriticalSection
GetLocalTime
LeaveCriticalSection
GetModuleFileNameA
GetModuleHandleW
GetQueuedCompletionStatus
SleepEx
TerminateThread
GetProcessHeap
CreateWaitableTimerW
HeapAlloc
SetWaitableTimer
WaitForMultipleObjects
HeapFree
GetFileAttributesW
PostQueuedCompletionStatus
GetSystemTimeAsFileTime
InterlockedCompareExchange
SetLastError
TlsGetValue
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
CreateEventW
CreateMutexW
CompareStringW
TlsSetValue
DeleteFileA
GetFileAttributesA
FindClose
FindFirstFileA
GetTickCount
GetLogicalDrives
GetDiskFreeSpaceExW
MultiByteToWideChar
GetVersionExA
GetSystemDefaultLangID
RemoveDirectoryW
FindNextFileW
DeleteFileW
FindFirstFileW
SetFileAttributesW
GetModuleFileNameW
MoveFileA
GetFileSize
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
CreateFileW
GetVolumeInformationW
CopyFileA
CreateFileA
DeviceIoControl
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
Sleep
SetThreadLocale
ResetEvent
CompareStringA
GetFullPathNameA
GetDriveTypeA
SetEndOfFile
GetTimeZoneInformation
SetEnvironmentVariableA
lstrcpynW
OutputDebugStringW
IsBadReadPtr
lstrlenW
GetThreadLocale
QueueUserAPC
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
SetConsoleCtrlHandler
SetHandleCount
HeapReAlloc
VirtualAlloc
VirtualFree
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFullPathNameW
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
LocalFree
FormatMessageA
GetSystemInfo
GetCurrentProcessId
OpenEventA
ResumeThread
SystemTimeToFileTime
CreateWaitableTimerA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitThread
CreateThread
GetCommandLineA
RaiseException
RtlUnwind
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
CreateDirectoryW
LCMapStringA
LCMapStringW
GetCPInfo
GetModuleHandleA
GetCurrentThread
HeapSize
ExitProcess
GetStdHandle
GetConsoleCP
GetConsoleMode
FatalAppExitA
HeapDestroy
HeapCreate
GetFileType

user32

ShowWindow
IsIconic
SendMessageTimeoutW
FindWindowA

advapi32

RegOpenKeyW
RegQueryValueExW
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
CoCreateInstance
CLSIDFromProgID
CoInitializeEx
CoFreeLibrary
CoLoadLibrary
CoCreateGuid
CoUninitialize

netapi32

NetWkstaTransportEnum
NetApiBufferFree
Netbios

shlwapi

wnsprintfW

oleaut32

SysAllocStringByteLen
SysFreeString

Exports

Exports

GetPreDownloadObj

Sections

.text
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_2_/xzqdl.ico

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 580KB

.rsrc Size: 15KB - Virtual size: 15KB

b177dcb186702f9a4775e053e2fa1e17

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

1f:b8:77:c1:e1:24:e1:31:6a:64:11:b7:87:33:88:37:4b:94:f1:7bSigner

Headers

File Characteristics

Imports

kernel32

rpcrt4

oleaut32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 25KB

.orpc Size: 4KB - Virtual size: 576B

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

102033a12b8cf17a451a9e9760020138

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0Certificate

Extended Key Usages

Key Usages

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2eSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

oleaut32

Exports

Exports

Sections

.text Size: 274KB - Virtual size: 273KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 580KB

.rsrc
Size: 15KB - Virtual size: 15KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

1f:b8:77:c1:e1:24:e1:31:6a:64:11:b7:87:33:88:37:4b:94:f1:7b
Signer

.text
Size: 28KB - Virtual size: 25KB

.orpc
Size: 4KB - Virtual size: 576B

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

67:aa:51:35:62:bb:5c:b1:19:94:ea:25:f5:78:37:54:5f:40:c7:2e
Signer

.text
Size: 274KB - Virtual size: 273KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 10KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

5c:b6:2f:d6:9e:e4:f6:80:35:a8:9b:9e:48:8c:fd:35:f2:e1:97:ea
Signer

.text
Size: 668KB - Virtual size: 667KB

.rdata
Size: 124KB - Virtual size: 120KB

.data
Size: 20KB - Virtual size: 35KB

.tls
Size: 4KB - Virtual size: 13B

.rsrc
Size: 4KB - Virtual size: 2KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5d:06:88:f9:04:0a:d5:22:87:fc:32:ad:ec:eb:85:b0
Certificate

b9:30:e9:58:b6:b6:9e:50:34:77:30:46:b9:49:1a:ea:e0:66:aa:a2
Signer