3f9b2e7d09bdfaa40da95d3cd8380cc0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f9b2e7d09bdfaa40da95d3cd8380cc0_JaffaCakes118
Size

3.6MB
MD5

3f9b2e7d09bdfaa40da95d3cd8380cc0
SHA1

4a92299967b4edfbb3ab24ccdc8c29233b9126ac
SHA256

e6a309635d7e3dfff44f216f57152fccec9b5197069f18b9c6b8ba319bbdca01
SHA512

957efb5a63506619b7de20f28a023d3b0e2cac4c953c93e4d6934f862aad60deb87114ac0121773f55d31b7a85844a27f624af7c2d4d6fc4313965746ac06446
SSDEEP

98304:EbBKd/OSiUPR/lWJRv8Kpm6mX9qoJiidYjW8:mKd/OSioWJRvg6mk2sD

Score

3^/10

Malware Config

Signatures

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/atl71.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/KanKan/IDesktop.dll
unpack002/KanKan/zlib.dll
unpack001/$WINDIR/msgctl.dll
unpack001/52hxw.exe
unpack001/Feedback.dll
unpack001/FlashWordGeneral.dll
unpack001/HttpDownLoad.exe
unpack001/Message.dll
unpack001/PPLive.dll
unpack001/Uninstall.dll
unpack001/WeiRuan/HttpDownLoad.exe
unpack001/YouDao/HttpDownLoad.exe
unpack001/atl71.dll
unpack001/hxw.dll
unpack001/msgctl.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/KanKan_1020.exe	nsis_installer_1

Files

3f9b2e7d09bdfaa40da95d3cd8380cc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

38:69:6b:e0:cf:97:8f:29:66:2e:7c:f7:ba:4e:60:a9:0b:c3:a9:c5
Signer

Actual PE Digest

38:69:6b:e0:cf:97:8f:29:66:2e:7c:f7:ba:4e:60:a9:0b:c3:a9:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$FAVORITES/520ҳ_www.520.net.url
$FAVORITES/뷨ٷվ 52hxw.com.url
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PPLive.ini
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/win.bmp
$SYSDIR/atl71.dll
.dll windows:4 windows x86 arch:x86

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
HeapFree
GetProcessHeap
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
GetProcAddress
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind
VirtualQuery
LocalAlloc
LoadLibraryA

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/KanKan_1020.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0f:f7:7c:80:01:5e:8c:5b:c5:5c:85:1e:67:04:a6:d7:88:bb:57:81
Signer

Actual PE Digest

0f:f7:7c:80:01:5e:8c:5b:c5:5c:85:1e:67:04:a6:d7:88:bb:57:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Chose.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/introduce.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/meituWel.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
KanKan/CrashReport.exe
.exe windows:4 windows x86 arch:x86

f7dc88092f14e9c00b269e3f1bb86651

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

38:e5:d3:6a:8b:b5:4c:57:d4:8d:32:af:15:d0:93:5b:f0:86:2c:b9
Signer

Actual PE Digest

38:e5:d3:6a:8b:b5:4c:57:d4:8d:32:af:15:d0:93:5b:f0:86:2c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord800
ord815
ord540
ord561
ord825
ord641
ord609
ord2514
ord2621
ord1134
ord858
ord4278
ord2764
ord4277
ord860
ord617
ord537
ord2818
ord2915
ord5214
ord296
ord5265
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2976
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord6199
ord5953
ord4160
ord2863
ord2379
ord3571
ord3626
ord3663
ord2414
ord686
ord2096
ord384
ord1641
ord755
ord470
ord2642
ord3092
ord941
ord939
ord535
ord3089
ord4476
ord823
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2055
ord4673
ord1576

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
_acmdln
strncpy
strtoul
sprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
malloc
free
_vsnwprintf
wcslen
_vsnprintf
_setmbcp
_stricmp
exit
_XcptFilter
_strnicmp
__CxxFrameHandler
_mbscmp
_beginthreadex
_exit
_mbsnicmp

kernel32

GetLastError
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetFilePointer
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CloseHandle
WaitForSingleObject
OutputDebugStringA
GetFileSize
GetCommandLineA
GetModuleFileNameA

user32

SendMessageA
AppendMenuA
IsIconic
GetClientRect
GetSystemMetrics
EnableWindow
LoadIconA
PostMessageA
GetSystemMenu
DrawIcon
LoadBitmapA

gdi32

GetObjectA

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked

ole32

CoTaskMemFree
CoCreateGuid

urlmon

FindMimeFromData

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/IDesktop.dll
.dll windows:4 windows x86 arch:x86

ffb2886f5e6066ed5273077a2b573535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
MultiByteToWideChar

user32

LoadCursorA
GetCursor
SetCursor

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

SetWallPaper

Sections

.text
Size: 4KB - Virtual size: 670B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/ImgFmt.dll
.dll windows:4 windows x86 arch:x86

96a8ec412858a637750b430c36c75b02

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

98:35:6d:2f:63:28:14:11:17:d5:0c:e5:6d:d2:2e:5d:43:30:d8:52
Signer

Actual PE Digest

98:35:6d:2f:63:28:14:11:17:d5:0c:e5:6d:d2:2e:5d:43:30:d8:52

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Sections

.text
Size: 4KB - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 520KB - Virtual size: 516KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/KanKan.exe
.exe windows:4 windows x86 arch:x86

e5166805cdf16f4d004084b12a93b89b

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

4a:1e:db:94:1e:3b:bf:b1:5a:f5:c3:99:fc:36:b6:60:80:8c:f9:e8
Signer

Actual PE Digest

4a:1e:db:94:1e:3b:bf:b1:5a:f5:c3:99:fc:36:b6:60:80:8c:f9:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5781
ord1099
ord6877
ord2862
ord5834
ord2044
ord2863
ord1146
ord4242
ord4467
ord3059
ord3369
ord3623
ord674
ord5282
ord4083
ord4457
ord2233
ord5655
ord5054
ord4413
ord4793
ord1270
ord1232
ord924
ord926
ord4129
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord5714
ord3738
ord815
ord561
ord617
ord2092
ord551
ord3337
ord3811
ord6876
ord5214
ord296
ord1134
ord1199
ord1205
ord3953
ord4698
ord4357
ord2764
ord861
ord4278
ord3400
ord3737
ord2714
ord2535
ord2100
ord922
ord5710
ord2381
ord2580
ord4400
ord2568
ord6271
ord3225
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord2259
ord4836
ord4440
ord6148
ord4284
ord3779
ord3092
ord3571
ord5785
ord1768
ord665
ord1979
ord547
ord3318
ord5186
ord354
ord6270
ord1175
ord1180
ord6756
ord2629
ord2463
ord1568
ord5718
ord2860
ord5805
ord2763
ord6874
ord4133
ord4297
ord562
ord5782
ord2243
ord4530
ord5685
ord3274
ord2582
ord4402
ord3640
ord686
ord384
ord439
ord3293
ord3216
ord4042
ord3910
ord736
ord5495
ord2096
ord2408
ord6242
ord2558
ord1980
ord668
ord3181
ord3310
ord3319
ord3178
ord2781
ord2770
ord356
ord3301
ord6762
ord6901
ord3996
ord6007
ord3286
ord729
ord2504
ord1706
ord430
ord5148
ord2513
ord293
ord6567
ord3499
ord4167
ord556
ord809
ord1088
ord2122
ord2639
ord2431
ord2546
ord291
ord2256
ord1265
ord4287
ord5949
ord1158
ord5861
ord6335
ord1176
ord663
ord348
ord536
ord6929
ord5788
ord472
ord4125
ord6676
ord3914
ord6222
ord1601
ord539
ord2302
ord692
ord489
ord768
ord3639
ord4401
ord4219
ord2024
ord2413
ord3706
ord1771
ord4835
ord5287
ord4854
ord4377
ord4358
ord4948
ord4976
ord4742
ord4905
ord5160
ord5162
ord5161
ord2581
ord1907
ord783
ord3711
ord932
ord3938
ord5153
ord2681
ord4454
ord4230
ord1716
ord298
ord6369
ord1709
ord1803
ord1153
ord533
ord6493
ord5631
ord6662
ord3903
ord4285
ord3657
ord4658
ord4816
ord4797
ord4795
ord4810
ord4995
ord4701
ord5053
ord6320
ord1858
ord2097
ord6825
ord6594
ord6802
ord6565
ord6603
ord620
ord6491
ord2444
ord5248
ord6860
ord5279
ord6931
ord5234
ord6593
ord2448
ord500
ord5860
ord5606
ord2405
ord772
ord4123
ord3813
ord5278
ord2642
ord5937
ord3061
ord3874
ord781
ord3708
ord3579
ord2623
ord2380
ord2567
ord1168
ord6442
ord2450
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5873
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord5012
ord4151
ord542
ord6569
ord802
ord6905
ord5683
ord4277
ord2820
ord941
ord6282
ord6283
ord939
ord2919
ord2614
ord5030
ord6215
ord2884
ord3797
ord5484
ord5252
ord1644
ord2438
ord3654
ord2584
ord4220
ord4427
ord4436
ord1665
ord2649
ord5237
ord4077
ord2878
ord2879
ord3403
ord5472
ord975
ord3350
ord6862
ord2389
ord4121
ord5471
ord4303
ord1576
ord4056
ord4364
ord2530
ord5103
ord5100
ord2390
ord2723
ord4160
ord3138
ord4021
ord656
ord3353
ord5460
ord6571
ord4508
ord2713
ord3920
ord2864
ord289
ord613
ord470
ord323
ord1640
ord2753
ord640
ord755
ord6880
ord6605
ord6197
ord521
ord6307
ord803
ord567
ord543
ord818
ord5261
ord3584
ord4275
ord1949
ord535
ord6394
ord5450
ord6383
ord5440
ord2754
ord4464
ord2915
ord5572
ord560
ord813
ord4432
ord5260
ord1726
ord6055
ord3748
ord5240
ord4108
ord4961
ord4964
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4890
ord4723
ord4349
ord4341
ord5076
ord4892
ord4370
ord4899
ord4588
ord4589
ord4273
ord1945
ord2859
ord6172
ord5789
ord355
ord2515
ord3452
ord6883
ord641
ord5981
ord858
ord860
ord6199
ord2252
ord3481
ord5910
ord1106
ord801
ord541
ord4202
ord4204
ord2726
ord817
ord565
ord4622
ord5715
ord5289
ord5307
ord6154
ord6779
ord857
ord6572
ord2890
ord879
ord878
ord876
ord882
ord463
ord886
ord884
ord1777
ord3986
ord4205
ord6393
ord5449
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord823
ord6453
ord2379
ord4299
ord540
ord2818
ord5875
ord537
ord800
ord1641
ord3619
ord2414
ord3626
ord3663
ord825
ord3742
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136

msvcrt

wcscmp
wcsstr
_wcslwr
qsort
_ismbcalpha
wcslen
mbstowcs
_mbctype
wcsncpy
calloc
strtod
floor
wcschr
strrchr
atof
_ismbcdigit
printf
strncpy
__CxxFrameHandler
_filbuf
isprint
_swab
_setjmp3
__CxxLongjmpUnwind
longjmp
strncmp
getenv
fprintf
_iob
_stricmp
putc
strchr
_getcwd
_pctype
__mb_cur_max
_isctype
fgetc
perror
mktime
tmpfile
sprintf
_purecall
fclose
fread
_strnicmp
gmtime
puts
abort
_snprintf
strlen
strcpy
exp
log
sqrt
fabs
atan2
toupper
tolower
localtime
_mbclen
_mbsnbcmp
wctomb
mbtowc
strerror
_vsnprintf
_vsnwprintf
wcscpy
swprintf
strtoul
wcscat
_CIpow
_wcsnicmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_wcsicmp
memset
strcat
strcmp
memcmp
memcpy
_setmbcp
fwrite
fseek
ftell
fflush
fputc
getc
fgets
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_wcsdup
sscanf
_strcmpi
strtol
_makepath
_mbsnbicmp
_mbslen
_strdup
_atoi64
atol
vsprintf
strstr
_mbsnbcpy
_mkdir
malloc
_stat
rename
_errno
_mbsstr
_endthreadex
_beginthreadex
free
realloc
time
srand
rand
_sleep
atoi
_mbsicmp
_mbscmp
fopen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memmove
_ftol
_splitpath
_mbschr
_mbsrchr
_mbslwr
_mbsupr
fscanf
wcstoul

kernel32

IsDBCSLeadByteEx
FlushInstructionCache
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTimeAsFileTime
GetSystemTime
GetFullPathNameW
GetFullPathNameA
LockFileEx
LockFile
UnlockFile
GetFileSize
SetEndOfFile
FlushFileBuffers
WriteFile
GetTempPathW
CreateFileW
GetFileAttributesW
DeleteFileW
InterlockedDecrement
LocalSize
LoadLibraryExW
LoadLibraryW
VirtualQuery
VirtualProtect
LoadLibraryExA
FormatMessageA
GetTempPathA
GetTempFileNameA
GetPrivateProfileSectionNamesA
GetCurrentDirectoryA
CompareStringA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
FindFirstChangeNotificationA
FindNextChangeNotification
FindCloseChangeNotification
WaitForMultipleObjects
GetVersion
SetFilePointer
FindResourceA
InterlockedIncrement
GetLocalTime
GetDateFormatA
GetTimeFormatA
SizeofResource
LoadResource
LockResource
lstrcmpA
lstrlenW
FileTimeToDosDateTime
ReadFile
FindFirstFileA
FileTimeToLocalFileTime
FindClose
FileTimeToSystemTime
GetSystemInfo
CreateFileA
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
GetExitCodeThread
OutputDebugStringA
LocalFree
SetLastError
LocalAlloc
SuspendThread
GetTickCount
MulDiv
GetFileTime
GetCommandLineA
CreateSemaphoreA
GetLastError
GetCurrentProcessId
SetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileSectionA
WritePrivateProfileStringA
CopyFileA
DeleteFileA
GetStartupInfoA
CreateProcessA
GetShortPathNameA
lstrcmpiA
MultiByteToWideChar
GetFileAttributesA
SetFileAttributesA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
lstrcatA
WinExec
GetLocaleInfoA
GetNumberFormatA
GetPrivateProfileIntA
TerminateThread
SetEvent
ResetEvent
CreateEventA
ResumeThread
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
OpenProcess
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
GetVersionExA
WideCharToMultiByte
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
SetThreadPriority
CloseHandle
CreateThread
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateDirectoryA
lstrcpynA
DeviceIoControl

user32

SetCursor
ReleaseCapture
DispatchMessageA
GetMessageA
GetCapture
SetCapture
SetTimer
ClientToScreen
UpdateWindow
PeekMessageA
LoadAcceleratorsA
DestroyAcceleratorTable
GetClassNameA
DestroyIcon
LoadIconA
CreatePopupMenu
InsertMenuA
GetMenuItemCount
IsMenu
DeleteMenu
GetMenuStringA
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatA
EmptyClipboard
TabbedTextOutA
GrayStringA
IsRectEmpty
PtInRect
InflateRect
LoadCursorA
GetParent
GetWindowThreadProcessId
SendMessageTimeoutA
EnumWindows
GetSystemMetrics
GetNextDlgGroupItem
FindWindowExA
GetClipboardFormatNameA
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
DefWindowProcW
CallWindowProcW
IsWindowUnicode
GetWindowLongW
SetWindowLongW
EndPaint
BeginPaint
AdjustWindowRectEx
AppendMenuA
EnableMenuItem
GetDoubleClickTime
DeferWindowPos
SetClassLongA
IsWindow
OffsetRect
SetRect
DrawTextA
SendMessageA
GetCursor
ShowWindow
GetWindowRect
KillTimer
SetFocus
GetClientRect
InvalidateRect
CopyRect
GetWindowTextA
IsZoomed
GetWindowLongA
PostThreadMessageA
GetFocus
PostMessageA
SetWindowTextA
SetWindowLongA
InvertRect
UnionRect
IsChild
GetMenu
GetMenuItemID
DrawIconEx
GetWindow
SetMenuDefaultItem
RegisterWindowMessageA
GetMessagePos
CallWindowProcA
GetPropA
GetWindowDC
RemovePropA
SetPropA
GetCursorPos
BringWindowToTop
GetKeyState
SystemParametersInfoA
DrawFocusRect
SetWindowRgn
IsWindowEnabled
MessageBeep
GetSystemMenu
GetActiveWindow
SetActiveWindow
IntersectRect
BeginDeferWindowPos
EndDeferWindowPos
LoadStringA
GetDesktopWindow
SetWindowPos
RedrawWindow
GetDlgCtrlID
CreateMenu
SetForegroundWindow
LoadImageA
EnableScrollBar
ShowScrollBar
SetScrollRange
GetScrollRange
GetScrollPos
SetScrollPos
GetScrollInfo
SetScrollInfo
GetDC
ReleaseDC
FindWindowA
DestroyMenu
SetClipboardData
MessageBoxA
SetWindowPlacement
GetWindowPlacement
GetClassInfoA
DefWindowProcA
wsprintfA
IsIconic
SetMenu
LoadMenuA
GetSubMenu
RemoveMenu
TranslateMessage
SetRectEmpty
EqualRect
IsWindowVisible
ScreenToClient
ShowCursor
MonitorFromWindow
GetMonitorInfoA
DrawStateA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
WindowFromPoint
GetDCEx
LockWindowUpdate
GetLastActivePopup
GetForegroundWindow
GetMenuItemInfoA
GetMenuDefaultItem
MapVirtualKeyA
GetNextDlgTabItem
ShowCaret
HideCaret
GetWindowRgn
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
LoadBitmapA
TrackPopupMenu
IsClipboardFormatAvailable
IsDialogMessageA
MapWindowPoints
SetParent
GetSysColor
SetCursorPos
MoveWindow
TranslateAcceleratorA
CopyAcceleratorTableA
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
GetKeyboardLayout
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperA
CreateAcceleratorTableA
EnumChildWindows
DrawAnimatedRects
CheckMenuItem
GetMenuState
GetClassLongA
DrawFrameControl
FillRect
LookupIconIdFromDirectoryEx
LoadMenuIndirectA
DrawEdge
GetDlgItem
EnableWindow

gdi32

GetBitmapBits
GetTextExtentPoint32A
SetRectRgn
GetDIBits
SetStretchBltMode
ExcludeClipRect
SelectClipRgn
StretchDIBits
StretchBlt
SetBkColor
SetDIBitsToDevice
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
CreateDIBSection
BitBlt
DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
GetObjectA
CreateFontIndirectA
SetPixel
GetTextColor
GetStockObject
GetTextMetricsA
GetDeviceCaps
GetPixel
GetCurrentObject
RestoreDC
SaveDC
CreateSolidBrush
CreateRoundRectRgn
SetEnhMetaFileBits
GetEnhMetaFileHeader
SetWinMetaFileBits
DeleteEnhMetaFile
SetBkMode
SetBrushOrgEx
Ellipse
PatBlt
ExtFloodFill
OffsetRgn
GetBkColor
GetTextCharsetInfo
Rectangle
CreateFontA
GetViewportOrgEx
SelectPalette
CreateDIBitmap
CreatePalette
ExtCreateRegion
CreatePatternBrush
RoundRect
CreatePolygonRgn
GetRgnBox
GetObjectType
GetTextAlign
GetMapMode
CombineRgn
SetDIBits
SetTextColor
CreateBitmap
CreateRectRgn
PtInRegion
Polygon
EnumFontFamiliesExA
CreatePen

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegDeleteValueA
RegCloseKey
RegEnumValueA
RegDeleteKeyA

shell32

SHBrowseForFolderA
SHFreeNameMappings
DragQueryFileA
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteExA
SHAppBarMessage
SHGetFolderLocation
Shell_NotifyIconA

comctl32

_TrackMouseEvent
ImageList_DrawEx
ImageList_GetImageInfo
ord17
ImageList_Draw
ImageList_SetBkColor
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_Destroy
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
PropertySheetA
ImageList_Remove
FlatSB_GetScrollProp
ImageList_GetBkColor
ImageList_GetIcon

ole32

CoCreateGuid
CreateStreamOnHGlobal
OleRun
OleUninitialize
CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleInitialize

oleaut32

VariantChangeType
SetErrorInfo
GetErrorInfo
OleLoadPicturePath
VariantClear
VariantChangeTypeEx
SysFreeString
SysAllocString
SysAllocStringLen
VariantInit
CreateErrorInfo

urlmon

URLDownloadToFileA
FindMimeFromData

gdiplus

GdipDeleteFontFamily
GdipCreateFont
GdipCreateFontFamilyFromName
GdipDeleteFont
GdipBitmapUnlockBits
GdiplusShutdown
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromStreamICM
GdipGetImageGraphicsContext
GdipCreateImageAttributes
GdipSetImageAttributesColorMatrix
GdipDrawImageRectRectI
GdipDisposeImageAttributes
GdipDisposeImage
GdipCloneBrush
GdipAlloc
GdipSetTextRenderingHint
GdipSetStringFormatAlign
GdipSetStringFormatLineAlign
GdipSetStringFormatTabStops
GdipCreateSolidFill
GdipDrawString
GdipDeleteBrush
GdipCreateFromHDC
GdipStringFormatGetGenericDefault
GdipCloneStringFormat
GdipSetStringFormatHotkeyPrefix
GdipSetStringFormatFlags
GdipMeasureString
GdipFree
GdipCloneImage
GdipDeleteStringFormat
GdipDeleteGraphics
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePixelFormat
GdipCreateBitmapFromStream
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipGetPropertyItemSize
GdipGetPropertyItem
GdiplusStartup
GdipBitmapLockBits
GdipGetStringFormatFlags
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipSetImagePalette
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGraphicsClear
GdipImageSelectActiveFrame
GdipCloneBitmapAreaI
GdipImageRotateFlip
GdipDeletePath
GdipDeleteMatrix
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetInterpolationMode
GdipGetPathWorldBounds
GdipRotateMatrix
GdipCreateMatrix
GdipAddPathRectangle
GdipCreatePath
GdipDrawImageRectI
GdipGetImageThumbnail
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipSaveImageToStream

msvcp60

??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetOpenW
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
InternetReadFile
InternetSetOptionW
HttpQueryInfoW
HttpSendRequestExW
HttpSendRequestW
InternetConnectW
InternetGetConnectedState
InternetSetOptionA
HttpQueryInfoA
HttpEndRequestA
InternetWriteFile
HttpSendRequestExA
HttpSendRequestA
HttpAddRequestHeadersA

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

imm32

ImmAssociateContext

dbghelp

ImageDirectoryEntryToData

winmm

PlaySoundA

ws2_32

ntohs
htonl
htons
ntohl

iphlpapi

GetAdaptersInfo

Exports

Exports

??0CxExifInfo@@QAE@ABV0@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxExifInfo@@6B@
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxMemFile@@QAEXXZ
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetBuffer@CxFile@@UAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetFilePath@CxMemFile@@UAEPBDXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/KanKanGengxin.exe
.exe windows:4 windows x86 arch:x86

b6b06aa79db4fdf6ce1fda2c6a301b2e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03/12/2009, 00:00

Not After

01/02/2012, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

f3:04:f9:a4:6b:21:4d:9d:64:d5:d6:d5:c7:ca:aa:d9:8a:ca:2c:24
Signer

Actual PE Digest

f3:04:f9:a4:6b:21:4d:9d:64:d5:d6:d5:c7:ca:aa:d9:8a:ca:2c:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1979
ord6385
ord5186
ord354
ord860
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord2614
ord4277
ord2763
ord2092
ord5484
ord941
ord5572
ord2621
ord1134
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord665
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord4627
ord4427
ord366
ord674
ord2820
ord3811
ord1106
ord4457
ord5252
ord4413
ord2379
ord1270
ord1232
ord1168
ord5442
ord2726
ord2818
ord537
ord6877
ord924
ord922
ord858
ord535
ord2915
ord5683
ord4129
ord825
ord565
ord1576
ord540
ord817
ord800
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord3403
ord823

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fclose
fseek
ftell
fwrite
fread
fopen
_strnicmp
strtoul
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcslen
_vsnprintf
sprintf
_ftol
realloc
_except_handler3
_mbsrchr
malloc
_mbsstr
_stat
_mbschr
_mbsnbcpy
_mkdir
_makepath
_splitpath
_setmbcp
_stricmp
strncpy
__CxxFrameHandler
_mbsicmp
_mbscmp
_strdup
strrchr
free
atoi

kernel32

CloseHandle
WriteFile
CreateFileA
lstrlenA
WaitForSingleObject
GetVersionExA
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
CreateSemaphoreA
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CreateDirectoryA
GetLastError
CopyFileA
Sleep
ResumeThread
DeleteFileA

user32

SetTimer
GetClassInfoA
PostThreadMessageA
PostMessageA
KillTimer
DefWindowProcA
LoadCursorA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateGuid

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetConnectA
InternetReadFile

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/Skin/Default/control/box_bg2.png
.png
KanKan/Skin/Default/control/button_hover.png
.png
KanKan/Skin/Default/control/button_normal.png
.png
KanKan/Skin/Default/control/bx_bg.png
.png
KanKan/Skin/Default/control/bx_close.png
.png
KanKan/Skin/Default/control/bx_close_hover.png
.png
KanKan/Skin/Default/control/checkbox_1.png
.png
KanKan/Skin/Default/control/checkbox_1_hover.png
.png
KanKan/Skin/Default/control/checkbox_2.png
.png
KanKan/Skin/Default/control/checkbox_2_hover.png
.png
KanKan/Skin/Default/control/combolistbg.png
.png
KanKan/Skin/Default/control/doing.png
.png
KanKan/Skin/Default/control/edit.png
.png
KanKan/Skin/Default/control/edit_dis.png
.png
KanKan/Skin/Default/control/edit_hover.png
.png
KanKan/Skin/Default/control/fcit.hover.png
.png
KanKan/Skin/Default/control/fcit.pressed.png
.png
KanKan/Skin/Default/control/fcparent.hover.png
.png
KanKan/Skin/Default/control/fcparent.png
.png
KanKan/Skin/Default/control/fcsepr.png
.png
KanKan/Skin/Default/control/fcsepr1.png
.png
KanKan/Skin/Default/control/filmctrlbg.png
.png
KanKan/Skin/Default/control/folderctrl.png
.png
KanKan/Skin/Default/control/history.png
.png
KanKan/Skin/Default/control/history_hover.png
.png
KanKan/Skin/Default/control/layerclose.hover.png
.png
KanKan/Skin/Default/control/layerclose.png
.png
KanKan/Skin/Default/control/left.png
.png
KanKan/Skin/Default/control/left_hover.png
.png
KanKan/Skin/Default/control/list.dragover.png
.png
KanKan/Skin/Default/control/list.nor.png
.png
KanKan/Skin/Default/control/list.sel.png
.png
KanKan/Skin/Default/control/mainframe.png
.png
KanKan/Skin/Default/control/menuItem_bg_hover.png
.png
KanKan/Skin/Default/control/mover.png
.png
KanKan/Skin/Default/control/mover_hover.png
.png
KanKan/Skin/Default/control/ok.png
.png
KanKan/Skin/Default/control/panetab_bg.png
.png
KanKan/Skin/Default/control/pgbg.png
.png
KanKan/Skin/Default/control/pgface.png
.png
KanKan/Skin/Default/control/question.png
.png
KanKan/Skin/Default/control/radio_1.png
.png
KanKan/Skin/Default/control/radio_1_hover.png
.png
KanKan/Skin/Default/control/radio_2.png
.png
KanKan/Skin/Default/control/radio_2_hover.png
.png
KanKan/Skin/Default/control/right.png
.png
KanKan/Skin/Default/control/right_hover.png
.png
KanKan/Skin/Default/control/shadow.png
.png
KanKan/Skin/Default/control/sidebar_tab_active.png
.png
KanKan/Skin/Default/control/sidebar_tab_hover.png
.png
KanKan/Skin/Default/control/sidebar_tab_inactive.png
.png
KanKan/Skin/Default/control/sliderchannel.png
.png
KanKan/Skin/Default/control/sliderthumb_hover.png
.png
KanKan/Skin/Default/control/sliderthumb_nor.png
.png
KanKan/Skin/Default/control/splitter.png
.png
KanKan/Skin/Default/control/status_bar_bg.png
.png
KanKan/Skin/Default/control/tab_active.png
.png
KanKan/Skin/Default/control/tab_hover.png
.png
KanKan/Skin/Default/control/tab_normal.png
.png
KanKan/Skin/Default/control/tbut_bg_checked.png
.png
KanKan/Skin/Default/control/tbut_bg_hover.png
.png
KanKan/Skin/Default/control/tbut_bg_pressed.png
.png
KanKan/Skin/Default/control/title_bg.png
.png
KanKan/Skin/Default/control/viewdockbar_bg.png
.png
KanKan/Skin/Default/control/vschannel.png
.png
KanKan/Skin/Default/control/vsdown.hover.png
.png
KanKan/Skin/Default/control/vsdown.png
.png
KanKan/Skin/Default/control/vsdown.pressed.png
.png
KanKan/Skin/Default/control/vsthumb.hover.png
.png
KanKan/Skin/Default/control/vsthumb.png
.png
KanKan/Skin/Default/control/vsthumb.pressed.png
.png
KanKan/Skin/Default/control/vsup.hover.png
.png
KanKan/Skin/Default/control/vsup.png
.png
KanKan/Skin/Default/control/vsup.pressed.png
.png
KanKan/Skin/Default/control/warn.png
.png
KanKan/Skin/Default/control/win_close.png
.png
KanKan/Skin/Default/control/win_close_hover.png
.png
KanKan/Skin/Default/control/win_maximum.png
.png
KanKan/Skin/Default/control/win_maximum_hover.png
.png
KanKan/Skin/Default/control/win_minimize.png
.png
KanKan/Skin/Default/control/win_minimize_hover.png
.png
KanKan/Skin/Default/control/win_restore.png
.png
KanKan/Skin/Default/control/win_restore_hover.png
.png
KanKan/Skin/Default/fmt/bmp.png
.png
KanKan/Skin/Default/fmt/emf.png
.png
KanKan/Skin/Default/fmt/gif.PNG
.png
KanKan/Skin/Default/fmt/icon.png
.png
KanKan/Skin/Default/fmt/jpg.png
.png
KanKan/Skin/Default/fmt/pcx.png
.png
KanKan/Skin/Default/fmt/png.png
.png
KanKan/Skin/Default/fmt/psd.png
.png
KanKan/Skin/Default/fmt/raf.png
.png
KanKan/Skin/Default/fmt/tga.png
.png
KanKan/Skin/Default/fmt/tiff.png
.png
KanKan/Skin/Default/fmt/wmf.png
.png
KanKan/Skin/Default/plugin/adaptwin.png
.png
KanKan/Skin/Default/plugin/add.png
.png
KanKan/Skin/Default/plugin/back.png
.png
KanKan/Skin/Default/plugin/batch.png
.png
KanKan/Skin/Default/plugin/delete.png
.png
KanKan/Skin/Default/plugin/front.png
.png
KanKan/Skin/Default/plugin/max.hover.png
.png
KanKan/Skin/Default/plugin/max.png
.png
KanKan/Skin/Default/plugin/reduce.png
.png
KanKan/Skin/Default/plugin/restore.hover.png
.png
KanKan/Skin/Default/plugin/restore.png
.png
KanKan/Skin/Default/plugin/trimsize.png
.png
KanKan/Skin/Default/plugin/warn.png
.png
KanKan/Skin/Default/plugin/xiuxiu.png
.png
KanKan/Skin/Default/plugin/zoomin.png
.png
KanKan/Skin/Default/plugin/zoomout.png
.png
KanKan/Skin/Default/setting/about.png
.png
KanKan/Skin/Default/setting/opitem.hover.png
.png
KanKan/Skin/Default/setting/opitem.nor.png
.png
KanKan/Skin/Default/setting/opitem.sel.png
.png
KanKan/Skin/Default/setting/optionctrbg.png
.png
KanKan/Skin/Default/setting/sepr.png
.png
KanKan/Skin/Default/setting/sheetbg.png
.png
KanKan/Skin/Default/skin.ini
KanKan/Skin/Default/toolbar/anticlockwise.hover.png
.png
KanKan/Skin/Default/toolbar/anticlockwise.png
.png
KanKan/Skin/Default/toolbar/batchadd.hover.png
.png
KanKan/Skin/Default/toolbar/batchadd.png
.png
KanKan/Skin/Default/toolbar/deasil.hover.png
.png
KanKan/Skin/Default/toolbar/deasil.png
.png
KanKan/Skin/Default/toolbar/edit.png
.png
KanKan/Skin/Default/toolbar/film.hover.png
.png
KanKan/Skin/Default/toolbar/film.png
.png
KanKan/Skin/Default/toolbar/filmeffect.hover.png
.png
KanKan/Skin/Default/toolbar/filmeffect.png
.png
KanKan/Skin/Default/toolbar/filmexit.hover.png
.png
KanKan/Skin/Default/toolbar/filmexit.png
.png
KanKan/Skin/Default/toolbar/filmlay.hover.png
.png
KanKan/Skin/Default/toolbar/filmlay.png
.png
KanKan/Skin/Default/toolbar/folder.png
.png
KanKan/Skin/Default/toolbar/head.png
.png
KanKan/Skin/Default/toolbar/mffilm.png
.png
KanKan/Skin/Default/toolbar/moremenu.hover.png
.png
KanKan/Skin/Default/toolbar/moremenu.png
.png
KanKan/Skin/Default/toolbar/see_adaptwin.hover.png
.png
KanKan/Skin/Default/toolbar/see_adaptwin.png
.png
KanKan/Skin/Default/toolbar/see_back.hover.png
.png
KanKan/Skin/Default/toolbar/see_back.png
.png
KanKan/Skin/Default/toolbar/see_browse.hover.png
.png
KanKan/Skin/Default/toolbar/see_browse.png
.png
KanKan/Skin/Default/toolbar/see_delete.hover.png
.png
KanKan/Skin/Default/toolbar/see_delete.png
.png
KanKan/Skin/Default/toolbar/see_front.hover.png
.png
KanKan/Skin/Default/toolbar/see_front.png
.png
KanKan/Skin/Default/toolbar/see_trimsize.hover.png
.png
KanKan/Skin/Default/toolbar/see_trimsize.png
.png
KanKan/Skin/Default/toolbar/separator.png
.png
KanKan/Skin/Default/toolbar/spinner+.hover.png
.png
KanKan/Skin/Default/toolbar/spinner+.png
.png
KanKan/Skin/Default/toolbar/spinner-.hover.png
.png
KanKan/Skin/Default/toolbar/spinner-.png
.png
KanKan/Skin/Default/toolbar/spinnerbg.png
.png
KanKan/Skin/Default/toolbar/upparent.png
.png
KanKan/Skin/Default/toolbar/xiuxiu.hover.png
.png
KanKan/Skin/Default/toolbar/xiuxiu.png
.png
KanKan/Skin/Default/toolbar/zoomin.hover.png
.png
KanKan/Skin/Default/toolbar/zoomin.png
.png
KanKan/Skin/Default/toolbar/zoomout.hover.png
.png
KanKan/Skin/Default/toolbar/zoomout.png
.png
KanKan/uninst.exe.nsis
KanKan/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

82d76e97a8c09b8d3c0b101350f716a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
FlushInstructionCache
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
EnterCriticalSection
OutputDebugStringA
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
GetModuleHandleA
GetProcAddress
lstrcpyA
lstrcmpA
lstrcpynA
lstrlenA
GetShortPathNameA

user32

wvsprintfA
LoadImageA
InvalidateRect
SetFocus
UpdateWindow
SetRectEmpty
CallWindowProcA
CharNextA
GetParent
LoadStringA
CharLowerA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
EndPaint
CreateWindowExA
DefWindowProcA
SetWindowPos
SetWindowTextA
IsWindowEnabled
DestroyWindow
GetCapture
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetWindowRect
GetCursorPos
ScreenToClient
GetClassInfoExA
SetCursor
SetWindowRgn
ReleaseCapture
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecA
PathIsURLA
PathFileExistsA

msvcrt

memset
_vsnprintf
_purecall
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/wann.ico
52hxw.exe
.exe windows:4 windows x86 arch:x86

586e2e9a63152b60d413ce559d99013b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\mitta\Desktop\公司项目\火星文软件\Release\52hxw.pdb

Imports

kernel32

GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
HeapFree
FreeEnvironmentStringsA
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
RtlUnwind
ExitProcess
InterlockedExchange
GetEnvironmentStrings
HeapReAlloc
SetErrorMode
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetCurrentDirectoryA
GetProfileIntA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomA
SetLastError
GlobalFree
GlobalSize
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetFileSize
ReadFile
CreateThread
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
lstrlenW
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
InterlockedDecrement
Sleep
InterlockedIncrement
DeviceIoControl
GetPrivateProfileIntA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetModuleHandleA
GetProcAddress
GetTempFileNameA
MoveFileExA
MulDiv
FormatMessageA
LocalFree
OutputDebugStringA
GetPrivateProfileSectionNamesA
GetLastError
RaiseException
GetPrivateProfileSectionA
WritePrivateProfileSectionA
MultiByteToWideChar
CreateFileA
SetFilePointer
WriteFile
CloseHandle
CreateDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
lstrcatA
GetPrivateProfileStringA
lstrlenA
lstrcpynA
lstrcmpiA
lstrcpyA
CopyFileA
lstrcmpA
WritePrivateProfileStringA
LoadLibraryA
FreeLibrary
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnhandledExceptionFilter

user32

DestroyMenu
EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckRadioButton
CheckDlgButton
WinHelpA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
EqualRect
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
GetWindow
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetFocus
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
PostQuitMessage
ShowScrollBar
MessageBoxA
PostMessageA
FindWindowA
ReleaseCapture
DrawFocusRect
IsRectEmpty
PtInRect
OffsetRect
LoadBitmapA
EnableMenuItem
SendMessageA
GetSystemMenu
IsIconic
CreateWindowExA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetParent
UnregisterClassA
CharUpperA
GetDC
UpdateLayeredWindow
RegisterWindowMessageA
GetMenuStringA
DestroyIcon
LoadImageA
BringWindowToTop
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
DrawTextA
MessageBeep
TrackPopupMenu
IsCharAlphaA
AnimateWindow
IsWindow
DestroyWindow
KillTimer
SetTimer
RedrawWindow
UpdateWindow
GetDlgItem
IsWindowVisible
PostThreadMessageA
RegisterClipboardFormatA
IsWindowEnabled
SetWindowRgn
GetWindowRect
GetClientRect
ClientToScreen
SetCapture
SetForegroundWindow
EnableWindow
LoadIconA
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
SystemParametersInfoA
GetDCEx
InflateRect
GetSubMenu
LoadMenuA
InvalidateRect
TrackMouseEvent
SetWindowPos
CopyRect
ReleaseDC
GetWindowDC
GetSysColor
FillRect
GetSysColorBrush
SetRect
ScreenToClient
GetCapture
GetDesktopWindow
GetClassInfoA
SetCursor
LoadCursorA
GetCursorPos
CreatePopupMenu
DeleteMenu
AppendMenuA
CheckMenuItem
ModifyMenuA
wsprintfA

gdi32

CreateRectRgnIndirect
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontIndirectA
MoveToEx
LineTo
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CopyMetaFileA
GetDeviceCaps
Rectangle
GetTextExtentPoint32A
EnumFontFamiliesExA
CreateSolidBrush
CreatePen
SelectObject
GetObjectA
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
DeleteObject
DeleteDC
GetStockObject
BitBlt
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateCompatibleBitmap

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

comctl32

ord17
InitCommonControlsEx
ImageList_Destroy

shlwapi

PathFileExistsA
PathFindExtensionA
PathUnquoteSpacesA
PathStripPathA
PathRemoveExtensionA
SHDeleteValueA
SHGetValueA
PathRemoveFileSpecA
SHSetValueA
PathRemoveArgsA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
SHDeleteKeyA

oledlg

ord8

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
CoUninitialize
CoInitialize
StgOpenStorage
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemFree
CoRevokeClassObject
ReleaseStgMedium
OleDuplicateData
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

hxw

EnableConversion

gdiplus

GdiplusStartup
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCloneImage
GdipFree
GdipCreateFromHDC

wininet

InternetOpenA
HttpOpenRequestA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetGetConnectedState

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

Netbios

Sections

.text
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Feedback.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6f5b5480168178e32945d7e7fff86ab4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
SizeofResource
LoadResource
GlobalAlloc
GlobalFree
MulDiv
GlobalLock
GlobalUnlock
FreeResource
GetCurrentThreadId
lstrlenA
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
InterlockedIncrement
DisableThreadLibraryCalls
OutputDebugStringA
DebugBreak
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
FindResourceA

user32

SetWindowPos
AdjustWindowRectEx
GetMenu
MapWindowPoints
GetWindow
wvsprintfA
CharNextA
LoadStringA
LoadCursorA
DialogBoxParamA
GetActiveWindow
GetSystemMetrics
DrawFocusRect
EndPaint
GetWindowLongA
SetWindowLongA
KillTimer
ClientToScreen
PtInRect
GetDlgCtrlID
GetParent
ReleaseCapture
SetCapture
CallWindowProcA
InflateRect
ScreenToClient
SetWindowRgn
OffsetRect
GetClientRect
DrawEdge
CreateWindowExA
GetCapture
SystemParametersInfoA
SetTimer
DestroyWindow
InvalidateRect
UpdateWindow
GetWindowRect
GetDlgItem
EndDialog
SetCursor
MessageBoxA
GetDlgItemTextA
FrameRect
IsWindow
DefWindowProcA
SendMessageA
BeginPaint
IsWindowEnabled

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
GetStockObject
CreateRoundRectRgn
DeleteObject
CreateSolidBrush

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

OleLoadPicture

comctl32

ImageList_LoadImageA
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize
ImageList_Draw

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

msvcrt

??3@YAXPAX@Z
memset
_mbsicoll
memcpy
??2@YAPAXI@Z
wcslen
_ismbcdigit
atoi
_mbsstr
free
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowFeedbackDialog

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashWordGeneral.dll
.dll windows:4 windows x86 arch:x86

7902ef2ab2bc6f616724a9c6683c70c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
FindResourceExA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetModuleFileNameA
GetLastError
SizeofResource
GetPrivateProfileStringA
WriteFile
ReadFile
CloseHandle
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
SetFilePointer
lstrlenA
MultiByteToWideChar
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetPrivateProfileIntA
VirtualAlloc
VirtualProtect
GetStringTypeW
GetSystemTimeAsFileTime
GetStringTypeA
SetEndOfFile
LoadLibraryA
GetCPInfo
GetOEMCP
SetStdHandle
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
VirtualFree
HeapCreate
FlushFileBuffers
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

GetDC
ReleaseDC
wvsprintfA

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetObjectA

ole32

CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen

atl71

ord61
ord23
ord64

shlwapi

PathRemoveFileSpecA

gdiplus

GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCloneBrush
GdipCreateFont
GdipDrawString
GdipFillRectangleI
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipFree
GdipAlloc

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_FCxIOFile@@QAEXXZ
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
FlashWord

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HttpDownLoad.exe
.exe windows:4 windows x86 arch:x86

04ed8bf66faba42abf3761e8da86bc42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860
ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord641
ord609
ord795
ord765
ord2414
ord6215
ord2086
ord2621
ord1134
ord5265
ord4853
ord4998
ord4710
ord2514
ord535
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord823
ord1146
ord1168
ord567
ord2302
ord2379
ord755
ord470
ord3092
ord5953
ord4224
ord2645
ord858
ord6199
ord1641
ord939
ord2818
ord941
ord537
ord940
ord5710
ord5683
ord6453
ord5186
ord800
ord665
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord6052
ord5651
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_setmbcp
_initterm

kernel32

WaitForSingleObject
CreateProcessA
lstrlenA
DeleteFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsIconic
ShowWindow
LoadImageA
GetSystemMetrics
EnableWindow
GetClientRect
SetDlgItemTextA
DrawIcon
PostMessageA
LoadIconA
IsWindowVisible
SendMessageA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Message.dll
.dll regsvr32 windows:4 windows x86 arch:x86

10ad169f55307776d7ced68ee453178a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionNamesA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
lstrlenW
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetTickCount
WideCharToMultiByte
lstrcatA
GetModuleFileNameA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetLocalTime
GetPrivateProfileStringA
lstrcmpiA
GetPrivateProfileIntA
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateThread

user32

PostQuitMessage
wsprintfA
GetClassNameA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
KillTimer
GetDesktopWindow
wvsprintfA
CharNextA
LoadStringA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
SetTimer
ShowWindow
MessageBoxA
PostMessageA
CharLowerA
DispatchMessageA
SystemParametersInfoA
GetWindowRect
OffsetRect
AnimateWindow
GetMessageA
TranslateMessage
GetDC
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
IsWindow
GetSysColor
SetFocus
IsChild
GetFocus
CallWindowProcA
EndPaint
ReleaseDC
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
SetWindowRgn

gdi32

CreateRoundRectRgn
CombineRgn
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
DispCallFunc
OleCreateFontIndirect
SysFreeString

shlwapi

PathIsURLA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

msvcrt

time
_mbscmp
difftime
abs
??3@YAXPAX@Z
__CxxFrameHandler
atoi
memset
_vsnprintf
_ftol
memcpy
??2@YAPAXI@Z
_mbsstr
wcslen
_ismbcdigit
realloc
free
memcmp
_mbschr
atol
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PPLive.dll
.dll windows:4 windows x86 arch:x86

c99f1cdce31bccdd41ab23762c76a41c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
atol
free
_initterm
malloc
_adjust_fdiv

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

PPlive
Uninstall
Uninstall2

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftUpdate.dll
.dll windows:4 windows x86 arch:x86

7a1ecdc0d45651cd7d33a946c9103a57

Code Sign

5f:d2:26:25:cb:3f:82:5b:d0:72:62:43:f1:7f:19:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/12/2008, 00:00

Not After

24/12/2009, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\自动升级系统\SoftUpdate\Release\SoftUpdate.pdb

Imports

kernel32

CreateFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WritePrivateProfileStringA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileA
MoveFileExA
DeleteFileA
CreateDirectoryA
GetShortPathNameA
FlushFileBuffers
SetStdHandle
SetFilePointer
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
SHDeleteKeyA

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetPEFileVersion
RebootUpdate
SetReplaceFileMode
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.dll
.dll windows:4 windows x86 arch:x86

c99f1cdce31bccdd41ab23762c76a41c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
atol
free
_initterm
malloc
_adjust_fdiv

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Uninstall

Sections

.text
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WeiRuan/HttpDownLoad.exe
.exe windows:4 windows x86 arch:x86

04ed8bf66faba42abf3761e8da86bc42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860
ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord641
ord609
ord795
ord765
ord2414
ord6215
ord2086
ord2621
ord1134
ord5265
ord4853
ord4998
ord4710
ord2514
ord535
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord823
ord1146
ord1168
ord567
ord2302
ord2379
ord755
ord470
ord3092
ord5953
ord4224
ord2645
ord858
ord6199
ord1641
ord939
ord2818
ord941
ord537
ord940
ord5710
ord5683
ord6453
ord5186
ord800
ord665
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord6052
ord5651
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_setmbcp
_initterm

kernel32

WaitForSingleObject
CreateProcessA
lstrlenA
DeleteFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsIconic
ShowWindow
LoadImageA
GetSystemMetrics
EnableWindow
GetClientRect
SetDlgItemTextA
DrawIcon
PostMessageA
LoadIconA
IsWindowVisible
SendMessageA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WeiRuan/setupinfo.ini
WeiRuan/youdao.bmp
YouDao/HttpDownLoad.exe
.exe windows:4 windows x86 arch:x86

04ed8bf66faba42abf3761e8da86bc42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860
ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord641
ord609
ord795
ord765
ord2414
ord6215
ord2086
ord2621
ord1134
ord5265
ord4853
ord4998
ord4710
ord2514
ord535
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord823
ord1146
ord1168
ord567
ord2302
ord2379
ord755
ord470
ord3092
ord5953
ord4224
ord2645
ord858
ord6199
ord1641
ord939
ord2818
ord941
ord537
ord940
ord5710
ord5683
ord6453
ord5186
ord800
ord665
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord6052
ord5651
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_setmbcp
_initterm

kernel32

WaitForSingleObject
CreateProcessA
lstrlenA
DeleteFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsIconic
ShowWindow
LoadImageA
GetSystemMetrics
EnableWindow
GetClientRect
SetDlgItemTextA
DrawIcon
PostMessageA
LoadIconA
IsWindowVisible
SendMessageA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
YouDao/setupinfo.ini
YouDao/youdao.bmp
atl71.dll
.dll windows:4 windows x86 arch:x86

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
HeapFree
GetProcessHeap
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
GetProcAddress
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind
VirtualQuery
LocalAlloc
LoadLibraryA

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bk.bmp
fh.dat
fh_tj.html
.html .vbs polyglot
filter.dat
flash.ini
ft.bin
html/help.html
.html
html/hxw.js
.js
html/hxw_ui.css
html/images/Thumbs.db
html/images/bg_00.gif
.gif
html/images/bg_01.gif
.gif
html/images/bg_02.gif
.gif
html/images/bg_03.gif
.gif
html/images/bg_04.gif
.gif
html/images/bg_05.gif
.gif
html/images/bg_06.gif
.gif
html/images/bg_07.gif
.gif
html/images/bg_08.gif
.gif
html/images/bg_09.gif
.gif
html/images/bg_10.gif
.gif
html/images/button_bg_01.gif
.gif
html/images/button_bg_02.gif
.gif
html/images/button_bg_03.gif
.gif
html/images/button_bg_04.gif
.gif
html/images/button_tool_01_a.gif
.gif
html/images/button_tool_01_b.gif
.gif
html/images/button_tool_02_a.gif
.gif
html/images/button_tool_02_b.gif
.gif
html/images/button_tool_03_a.gif
.gif
html/images/button_tool_03_b.gif
.gif
html/images/button_tool_04_a.gif
.gif
html/images/button_tool_04_b.gif
.gif
html/images/button_tool_more.gif
.gif
html/images/greyline.gif
.gif
html/images/ico_arrow_01.gif
.gif
html/images/ico_arrow_02.gif
.gif
html/images/ico_bbs_01.gif
.gif
html/images/ico_feedback.gif
.gif
html/images/ico_help_a.gif
.gif
html/images/ico_help_b.gif
.gif
html/images/ico_home.gif
.gif
html/images/ico_light.gif
.gif
html/images/ico_settings_a.gif
.gif
html/images/ico_settings_b.gif
.gif
html/images/ico_tool_a.gif
.gif
html/images/ico_tool_b.gif
.gif
html/images/ico_update.gif
.gif
html/images/logo_hxw.gif
.gif
html/images/pic_question.jpg
.jpg
html/main.html
.html
html/tool_01.html
.html .js polyglot
html/tool_02.html
.html .js polyglot
html/tool_03.html
.html .js polyglot
html/tool_04.html
.html .js polyglot
hxw.bin
hxw.dll
.dll windows:4 windows x86 arch:x86

9ca78f69dad8f44090dc1a2e4a67739e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpyA
GetPrivateProfileSectionA
lstrcmpA
MultiByteToWideChar
GetPrivateProfileStringA
WideCharToMultiByte
FreeLibrary
DeleteFileA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileSectionA
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
Sleep
SetStdHandle
SetConsoleCtrlHandler
GetOEMCP
GetCurrentThreadId
GetCPInfo
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
HeapSize
LocalAlloc
LocalLock
LocalUnlock
GlobalSize
GetFileSize
ReadFile
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
FormatMessageA
LocalFree
CreateFileA
SetFilePointer
lstrlenA
WriteFile
CloseHandle
GetModuleHandleA
OutputDebugStringA
GetProcessHeap
HeapAlloc
HeapFree
VirtualProtect
GetModuleFileNameA
GetLastError
FlushInstructionCache
VirtualQuery
lstrcmpiA
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcAddress
LoadLibraryExW
LoadLibraryExA
TerminateProcess
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetCurrentThread
LoadLibraryW
LoadLibraryA
GetACP
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
RaiseException
HeapReAlloc
GetLocalTime
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocaleInfoW

user32

SetCursor
GetDC
LoadCursorA
ReleaseDC
RegisterWindowMessageA
SendMessageTimeoutA
IsRectEmpty
GetWindowRect
ClientToScreen
GetClientRect
ScreenToClient
FindWindowA
CallNextHookEx
CallWindowProcA
IsCharAlphaNumericA
CallWindowProcW
IsWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetWindowLongA
SetWindowLongA
MessageBoxA
keybd_event
GetClassNameA
RegisterClipboardFormatA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus

gdi32

CreateHalftonePalette
GetDIBits
GetObjectA
CreatePen
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
GetNearestPaletteIndex
SetSystemPaletteUse
ResizePalette
SetPaletteEntries
CreateSolidBrush
Rectangle
StretchDIBits
CreateDCA
CreateCompatibleBitmap
GetDIBColorTable
GetPaletteEntries
CreateDIBSection
CreateCompatibleDC
SelectObject
SetDIBColorTable
SetStretchBltMode
StretchBlt
BitBlt
DeleteDC
GdiFlush
DeleteObject
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette

ole32

CoInitialize
StgCreateDocfile
CoUninitialize
CreateStreamOnHGlobal
StgOpenStorage

oleaut32

SysFreeString
OleLoadPicture
SysAllocStringLen

shlwapi

PathFindFileNameA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecA

imm32

ImmGetCompositionStringW
ImmGetCompositionStringA

imagehlp

ImageDirectoryEntryToData

oleacc

ObjectFromLresult

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

EnableConversion

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hxw_old.bin
messageconfig.ini
msgSkin.ini
msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

82d76e97a8c09b8d3c0b101350f716a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
FlushInstructionCache
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
EnterCriticalSection
OutputDebugStringA
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
GetModuleHandleA
GetProcAddress
lstrcpyA
lstrcmpA
lstrcpynA
lstrlenA
GetShortPathNameA

user32

wvsprintfA
LoadImageA
InvalidateRect
SetFocus
UpdateWindow
SetRectEmpty
CallWindowProcA
CharNextA
GetParent
LoadStringA
CharLowerA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
EndPaint
CreateWindowExA
DefWindowProcA
SetWindowPos
SetWindowTextA
IsWindowEnabled
DestroyWindow
GetCapture
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetWindowRect
GetCursorPos
ScreenToClient
GetClassInfoExA
SetCursor
SetWindowRgn
ReleaseCapture
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecA
PathIsURLA
PathFileExistsA

msvcrt

memset
_vsnprintf
_purecall
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pf.ini
skins/HELLO KITTY.hxws
skins/ĬƤ.hxws
skins/ȫ.hxws
skins/ɫ.hxws
skins/ʥ.hxws
skins/ˮƿ.hxws
skins/ϲ.hxws
skins/Ԫ.hxws
skins/.hxws
skins/.hxws
skins/ں.hxws
skins/С.hxws
skins/чӭ.hxws
skins/̫.hxws
skins/ţ.hxws
skins/.hxws
skins/Ϸ籭.hxws
skins/.hxws
skins/.hxws
th.exe
.exe windows:4 windows x86 arch:x86

12b5598c39f5e57d5b1b7d20d90fb178

Code Sign

5f:d2:26:25:cb:3f:82:5b:d0:72:62:43:f1:7f:19:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24/12/2008, 00:00

Not After

24/12/2009, 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06/08/2003, 00:00

Not After

05/08/2013, 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
CloseHandle
WriteFile
lstrlenA
SetFilePointer
LocalFree
FormatMessageA
GetLastError
DeleteFileA
GetPrivateProfileSectionNamesA
Sleep
lstrcatA
GetModuleFileNameA
MoveFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileExA
GetTempFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
FlushFileBuffers

user32

PostMessageA
FindWindowA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6bCertificate

Extended Key Usages

38:69:6b:e0:cf:97:8f:29:66:2e:7c:f7:ba:4e:60:a9:0b:c3:a9:c5Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 60KB

.rsrc Size: 30KB - Virtual size: 29KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 14KB - Virtual size: 13KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

38:69:6b:e0:cf:97:8f:29:66:2e:7c:f7:ba:4e:60:a9:0b:c3:a9:c5
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 60KB

.rsrc
Size: 30KB - Virtual size: 29KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

0f:f7:7c:80:01:5e:8c:5b:c5:5c:85:1e:67:04:a6:d7:88:bb:57:81
Signer

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 27KB - Virtual size: 26KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB