5ed63d3f08cda15f66d53b23a8c9e54c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ed63d3f08cda15f66d53b23a8c9e54c_JaffaCakes118
Size

1.6MB
MD5

5ed63d3f08cda15f66d53b23a8c9e54c
SHA1

e81e411a1c28e6412109456f7324ca86321bf47b
SHA256

59f039d4f16aa0e0f57dca642fc22dd022a85839754d6beb35d66a9ca53dfbaf
SHA512

0e3f8c32f54bf2f6b58e9bd6baa9cbf8c881b8c147b40eaa53d4d4ca865d4234468be0eca0c1c00d264f0cf6532564c7eed06845694e23e3db5930bf5ecffd9c
SSDEEP

49152:I33t5nvd6UQrWA/U8Xf5Qb+coUI9SMHqxAv/Zu:83t5IUQrWA/luR16xqx/

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/InetLoad.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/plugins/DuomiDownI_V212.exe	nsis_installer_1
static1/unpack001/$TEMP/plugins/DuomiDownI_V212.exe	nsis_installer_2

Files

5ed63d3f08cda15f66d53b23a8c9e54c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d9:f5:9a:83:27:81:a3:b4:b8:63:1c:b8:71:28:27:68:e6:24:ec:25
Signer

Actual PE Digest

d9:f5:9a:83:27:81:a3:b4:b8:63:1c:b8:71:28:27:68:e6:24:ec:25

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DOCUMENTS/ldt/Browser.dll
.dll windows:4 windows x86 arch:x86

361e38c9011d5d9739616a6f4a8c8316

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33
Signer

Actual PE Digest

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\来点团\WebBrowserFramework\bin\release\Browser.pdb

Imports

kernel32

GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapFree
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
GetVolumeInformationA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
RaiseException
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
FileTimeToSystemTime
SetLastError
MulDiv
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
FreeResource
GlobalFree
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathA
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WaitForSingleObject
CloseHandle
LoadLibraryA
IsBadWritePtr
GetProcAddress

user32

MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadCursorA
SendDlgItemMessageA
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetLastActivePopup
IsWindowEnabled
SendMessageA
SetCursor
PostQuitMessage
CharUpperBuffA
UpdateWindow
GetClientRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
CharUpperA
EnableWindow
CallWindowProcA
CallNextHookEx
GetClassNameA
GetWindow
SetWindowsHookExA
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
SetWindowLongA
ReleaseCapture
SetCapture
InvalidateRgn
IsWindow
UnhookWindowsHookEx
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
LoadIconA

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysFreeString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

ref_webform

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$DOCUMENTS/ldt/MainFrame.dll
.dll windows:4 windows x86 arch:x86

796966cba17ddc2aacc15aa6ab4d2720

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d9:04:d8:3c:03:f8:2d:e2:ec:81:34:63:6b:72:3c:28:44:99:55:e1
Signer

Actual PE Digest

d9:04:d8:3c:03:f8:2d:e2:ec:81:34:63:6b:72:3c:28:44:99:55:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\ddst_ldt\Release\ddst.pdb

Imports

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCPInfo
GetOEMCP
GetFileAttributesA
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
GlobalGetAtomNameA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
CreateThread
CreateToolhelp32Snapshot
Process32First
GetLastError
Process32Next
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempFileNameA
CreateProcessA
GetCurrentProcess
TerminateProcess
CreateFileA
GetFileSize
ReadFile
CloseHandle
DeleteFileA
Sleep
GetPrivateProfileStringA
GetModuleFileNameA
GetLocalTime
SystemTimeToFileTime
WideCharToMultiByte
GetTempPathA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
WinHelpA
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
RegisterWindowMessageA
GetMessageA
TranslateMessage
DestroyMenu
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
ReleaseDC

gdi32

DeleteDC
GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$DOCUMENTS/ldt/MainFrame.exe
.exe windows:4 windows x86 arch:x86

70119dc3b86ad7126ed2753a85d4c2c9

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

80:65:a6:45:5a:2a:a0:de:7b:be:2b:06:2b:f9:9f:06:00:10:0e:62
Signer

Actual PE Digest

80:65:a6:45:5a:2a:a0:de:7b:be:2b:06:2b:f9:9f:06:00:10:0e:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\ldttray\Release\ldttray.pdb

Imports

kernel32

ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetTickCount
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
GetCommandLineA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetTempPathA
Sleep
CreateDirectoryA
DeleteFileA
WaitForSingleObject
OpenMutexA
CreateMutexA
GetTempFileNameA
MoveFileA
MoveFileExA
GetLocalTime
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStdHandle
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
PostThreadMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
wsprintfA
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
RegisterClipboardFormatA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
PostMessageA
CharUpperA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
GetMessagePos

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateBitmap
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
CommandLineToArgvW
SHGetFolderPathA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DOCUMENTS/ldt/Toaster.exe
.exe windows:4 windows x86 arch:x86

f1dc0db544993ff1d5a6c2134ef2f2b3

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

c5:ba:ed:05:90:bb:b3:08:5d:e4:53:e2:9e:72:f3:3b:f1:ea:6d:17
Signer

Actual PE Digest

c5:ba:ed:05:90:bb:b3:08:5d:e4:53:e2:9e:72:f3:3b:f1:ea:6d:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\来点团\bin\release\Toaster.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

GetLastError
GetTickCount
FreeLibrary
LoadLibraryW
SetStdHandle
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetFilePointer
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetVersionExA
GetStartupInfoA
CreateThread
ResumeThread
ExitThread
RaiseException
RtlUnwind
HeapFree
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
CreateFileW
GetLocaleInfoW
GetFileSize
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetModuleHandleA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
DeleteFileA
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
GetPrivateProfileIntA
Sleep
ExitProcess
SetEndOfFile
UnhandledExceptionFilter

user32

ShowCaret
SetFocus
GetFocus
WindowFromPoint
GetWindowTextW
GetWindowTextLengthW
SetClassLongW
KillTimer
SetTimer
HideCaret
CreateCaret
SetCapture
ReleaseCapture
GetParent
IsZoomed
IsIconic
IsWindowVisible
InvalidateRect
ShowWindowAsync
DestroyWindow
GetWindowThreadProcessId
ClientToScreen
CreateWindowExW
GetClientRect
GetSystemMetrics
DrawIconEx
LoadImageW
GetIconInfo
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxA
ScreenToClient
SetActiveWindow
SetForegroundWindow
SetCaretPos
DestroyCaret
UpdateWindow
GetWindowRect
MoveWindow
SetWindowPos
SetWindowTextW
BeginPaint
EndPaint
PostQuitMessage
GetCursorPos
DefWindowProcW
GetWindow
GetDesktopWindow
EnableWindow
IsWindow
PeekMessageW
WaitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetKeyState
PostMessageW
GetDC
ReleaseDC
FillRect
FrameRect
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
SendMessageW
SystemParametersInfoW
ShowWindow

gdi32

SetBkMode
GetDeviceCaps
CreateCompatibleDC
DeleteDC
BitBlt
CreatePen
SelectObject
MoveToEx
LineTo
CreateCompatibleBitmap
SetPixel
SetTextColor
TextOutW
GetTextExtentPoint32W
SetDIBitsToDevice
StretchDIBits
CreateHatchBrush
CreateSolidBrush
DeleteObject
CreateFontIndirectW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA

shell32

SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
DragAcceptFiles
SHGetFileInfoW
DragQueryPoint
DragQueryFileW
DragFinish
ShellExecuteA

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$DOCUMENTS/ldt/ico/favbar/defweb.ico
$DOCUMENTS/ldt/res/Browser.dll
.dll windows:4 windows x86 arch:x86

361e38c9011d5d9739616a6f4a8c8316

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33
Signer

Actual PE Digest

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\来点团\WebBrowserFramework\bin\release\Browser.pdb

Imports

kernel32

GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapFree
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
GetVolumeInformationA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
RaiseException
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
FileTimeToSystemTime
SetLastError
MulDiv
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
FreeResource
GlobalFree
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathA
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WaitForSingleObject
CloseHandle
LoadLibraryA
IsBadWritePtr
GetProcAddress

user32

MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadCursorA
SendDlgItemMessageA
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetLastActivePopup
IsWindowEnabled
SendMessageA
SetCursor
PostQuitMessage
CharUpperBuffA
UpdateWindow
GetClientRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
CharUpperA
EnableWindow
CallWindowProcA
CallNextHookEx
GetClassNameA
GetWindow
SetWindowsHookExA
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
SetWindowLongA
ReleaseCapture
SetCapture
InvalidateRgn
IsWindow
UnhookWindowsHookEx
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
LoadIconA

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysFreeString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

ref_webform

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$DOCUMENTS/ldt/res/close.bmp
$PLUGINSDIR/Processes.dll
.dll windows:4 windows x86 arch:x86

6d84248451fb8da24d95b524056a0778

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

58:7a:55:73:47:34:16:03:09:69:93:14:cb:d4:f9:3e:d6:31:1f:87
Signer

Actual PE Digest

58:7a:55:73:47:34:16:03:09:69:93:14:cb:d4:f9:3e:d6:31:1f:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

h:\back up\mystock\process\Release\process.pdb

Imports

kernel32

SetErrorMode
WritePrivateProfileStringA
InterlockedIncrement
GlobalFlags
RaiseException
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
lstrcatA
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
CreateToolhelp32Snapshot
Process32First
OutputDebugStringA
OpenProcess
GetModuleFileNameA
CloseHandle
Process32Next
TerminateProcess
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcess
GetOEMCP
GetLastError

user32

RegisterWindowMessageA
DestroyMenu
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
ShowWindow
SetWindowLongA
WinHelpA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
GetCapture
CreateWindowExA
GetClassLongA
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
PostQuitMessage
PostMessageA
SetCursor
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

psapi

GetModuleFileNameExA

oleacc

LresultFromObject
CreateStdAccessibleObject

gdi32

OffsetViewportOrgEx
GetDeviceCaps
SaveDC
DeleteDC
GetStockObject
RestoreDC
SetBkColor
SetTextColor
SetMapMode
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
DeleteObject
CreateBitmap
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetViewportExtEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

FindProcess
KillProcess

Sections

.text
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

d83f71e61ee459ee63ca3e829966a9dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
lstrcpyA
lstrcpynA
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
PeekNamedPipe
GetTickCount
CreateProcessA
GetStartupInfoA
CreatePipe
GetVersionExA
GetModuleHandleA
DeleteFileA
lstrcmpiA
lstrlenA
lstrcatA
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetProcAddress
GlobalLock
GetCurrentProcess

user32

SendMessageA
OemToCharBuffA
CharNextA
wsprintfA
CharPrevA
FindWindowExA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 410B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/plugins/DuomiDownI_V212.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:be:0c:8b:50:00:24:b4:11:d3:36:2d:e0:b3:5f:1b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

09/07/1999, 18:31

Not After

09/07/2019, 18:40

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

43:73:c5:9c:4f:32:a9:e5:b5:d3:de:f1:26:9a:12:0d
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

30/04/2007, 00:00

Not After

29/04/2012, 23:59

Subject

CN=WoSign Time Stamping Signer,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

e1:b0:11:df:16:9b:5d:0b:be:a1:3a:02:9e:01:86:e4
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

24/03/2011, 00:00

Not After

23/03/2014, 23:59

Subject

CN=Beijing Rainbow Online Technologies Co.\, Ltd.,OU=WoSign Class 3 Code Signing,O=北京彩云在线技术开发有限公司,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InetLoad.dll
.dll windows:4 windows x86 arch:x86

24a4a671f5cc294ce3543d18a1e873cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

strchr
_adjust_fdiv
malloc
_initterm
free
memset
strstr
strtol
strncmp
strtoul
time
strrchr

kernel32

GlobalFree
lstrcpynA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
lstrcmpA
lstrlenA
MulDiv
WriteFile
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx

user32

GetDlgItem
SendMessageA
SetWindowTextA
wsprintfA
GetWindowTextA
RegisterWindowMessageA
CallWindowProcA
PostMessageA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
MessageBoxA
SendDlgItemMessageA
SetDlgItemTextA
SetTimer
LoadIconA
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindow
CreateDialogParamA
FindWindowExA
RedrawWindow
SetWindowLongA

wininet

InternetErrorDlg
InternetSetFilePointer
HttpQueryInfoA
InternetQueryOptionA
HttpSendRequestA
HttpAddRequestHeadersA
InternetSetOptionA
HttpOpenRequestA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetCloseHandle

comctl32

ord17

Exports

Exports

load

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$TEMP/plugins/rav1540685.exe
.exe windows:4 windows x86 arch:x86

41f06388819ef11b39c25f101f0f8af2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:4d:09:d5:0f:29:97:42:52:72:b7:97:aa:28:a5:57
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/06/2009, 00:00

Not After

22/07/2012, 23:59

Subject

CN=Beijing Rising Information Technology Corporation Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Beijing Rising Information Technology Corporation Limited,L=Beijing,ST=Beijing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:cb:90:d6:dd:9a:5d:06:cb:24:cd:5d:d6:3d:f2:07:78:33:58:46
Signer

Actual PE Digest

c4:cb:90:d6:dd:9a:5d:06:cb:24:cd:5d:d6:3d:f2:07:78:33:58:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
GetLastError
CreateDirectoryA
lstrcpynA
SetLastError
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
MoveFileA
lstrcmpiA
FlushFileBuffers
WriteFile
SetEndOfFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
DeleteFileA
SetFileAttributesA
FileTimeToSystemTime
FindClose
FindFirstFileA
GetLocalTime
lstrcatA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetCurrentThreadId
Sleep
IsBadReadPtr
CreateProcessA
InterlockedIncrement
InterlockedDecrement
ReleaseMutex
CreateMutexA
GetCommandLineA
lstrlenW
MultiByteToWideChar
LoadLibraryExA
IsDBCSLeadByte
RemoveDirectoryA
FindNextFileA
GetFileAttributesA
GetExitCodeProcess
WaitForSingleObject
GetStartupInfoA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempPathA
GetTempFileNameA
CopyFileA
LocalFree
SetStdHandle
IsBadCodePtr
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
lstrlenA
GetVersionExA
LoadLibraryA
GetProcAddress
GlobalAlloc
GlobalFree
lstrcpyA
FreeLibrary
ReadFile
CreateFileA
GetFileSize
CloseHandle
DeleteCriticalSection
InitializeCriticalSection
ExitProcess
RtlUnwind
HeapSize
HeapReAlloc
HeapDestroy
RaiseException

user32

DestroyWindow
SendMessageA
IsWindow
PostMessageA
DefWindowProcA
CharNextA
CharUpperA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
OpenProcessToken
GetTokenInformation
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueExA

shell32

ShellExecuteExA

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CoInitializeSecurity
CoCreateGuid
OleRun
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SafeArrayGetLBound
SafeArrayGetUBound
VarUI4FromStr
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
VarBstrCat
SafeArrayDestroy
SafeArrayGetElement

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathSkipRootA

comctl32

InitCommonControlsEx

rpcrt4

UuidCreate

wininet

HttpSendRequestExA
HttpEndRequestA
InternetSetCookieA
InternetWriteFile
HttpAddRequestHeadersA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetCloseHandle
InternetCrackUrlA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Browser.dll
.dll windows:4 windows x86 arch:x86

361e38c9011d5d9739616a6f4a8c8316

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33
Signer

Actual PE Digest

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\来点团\WebBrowserFramework\bin\release\Browser.pdb

Imports

kernel32

GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapFree
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
GetVolumeInformationA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
RaiseException
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
FileTimeToSystemTime
SetLastError
MulDiv
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
FreeResource
GlobalFree
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathA
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WaitForSingleObject
CloseHandle
LoadLibraryA
IsBadWritePtr
GetProcAddress

user32

MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadCursorA
SendDlgItemMessageA
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetLastActivePopup
IsWindowEnabled
SendMessageA
SetCursor
PostQuitMessage
CharUpperBuffA
UpdateWindow
GetClientRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
CharUpperA
EnableWindow
CallWindowProcA
CallNextHookEx
GetClassNameA
GetWindow
SetWindowsHookExA
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
SetWindowLongA
ReleaseCapture
SetCapture
InvalidateRgn
IsWindow
UnhookWindowsHookEx
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
LoadIconA

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysFreeString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

ref_webform

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IEHelper.dll
.dll regsvr32 windows:4 windows x86 arch:x86

ebd9aa0853289399ed7f3098094649c2

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

67:c6:e2:8c:07:24:8b:da:c8:d8:34:b8:6e:5d:f0:6d:e0:83:f3:ac
Signer

Actual PE Digest

67:c6:e2:8c:07:24:8b:da:c8:d8:34:b8:6e:5d:f0:6d:e0:83:f3:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
GetLastError
lstrlenA
lstrcmpiA
DisableThreadLibraryCalls
lstrcpyA
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
lstrcpynA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CloseHandle
lstrlenW
CreateEventA
OpenEventA
GetPrivateProfileStringA
FlushFileBuffers
SetStdHandle
LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
HeapFree
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetFilePointer
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCPInfo
IsBadCodePtr
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
TlsSetValue
TlsFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
HeapReAlloc
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
ExitProcess
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetProcAddress
TerminateProcess
GetCurrentProcess
HeapSize
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
TlsAlloc
SetLastError

user32

SendMessageA
CharNextA
GetDlgItemTextA
GetDlgItem
SetWindowLongA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyA

shell32

SHGetFolderPathA

ole32

CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

LoadTypeLi
SysFreeString
SysAllocString
VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
SysAllocStringLen
VariantChangeType
VariantCopy
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LdtAppWeb.exe
.exe windows:4 windows x86 arch:x86

bfa32b4c5bca250fa9fa972db9d70db2

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

78:86:c3:52:48:43:97:6f:a4:f7:c8:02:cb:ea:a0:13:7c:26:bc:2c
Signer

Actual PE Digest

78:86:c3:52:48:43:97:6f:a4:f7:c8:02:cb:ea:a0:13:7c:26:bc:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\来点团\bin\release\LdtAppWeb.pdb

Imports

kernel32

SetEndOfFile
GetLocaleInfoW
SetStdHandle
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
SetFilePointer
FlushFileBuffers
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetCurrentProcess
TerminateProcess
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetVersionExA
GetStartupInfoA
RaiseException
ExitProcess
RtlUnwind
HeapFree
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
GetTickCount
CreateFileA
GetModuleFileNameA
WriteFile
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
WideCharToMultiByte
MultiByteToWideChar
CreateFileW
GetFileSize
ReadFile
CloseHandle
GetModuleHandleW
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter

user32

FillRect
FrameRect
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
GetFocus
SetFocus
ShowCaret
HideCaret
CreateCaret
SetCapture
ReleaseCapture
GetParent
IsZoomed
IsIconic
IsWindowVisible
InvalidateRect
ShowWindowAsync
DestroyWindow
GetWindowThreadProcessId
ClientToScreen
CreateWindowExW
GetClientRect
GetSystemMetrics
GetDC
ReleaseDC
DrawIconEx
GetIconInfo
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxA
ScreenToClient
SetActiveWindow
SetForegroundWindow
SetCaretPos
DestroyCaret
UpdateWindow
GetWindowRect
MoveWindow
SetWindowPos
SetWindowTextW
SystemParametersInfoW
BeginPaint
EndPaint
PostQuitMessage
GetCursorPos
DefWindowProcW
GetWindow
GetDesktopWindow
EnableWindow
IsWindow
PeekMessageW
WaitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetKeyState
PostMessageW
ShowWindow
SendMessageW
LoadImageW

gdi32

SelectObject
CreateCompatibleBitmap
SetBkMode
CreateCompatibleDC
DeleteDC
MoveToEx
LineTo
SetPixel
SetTextColor
TextOutW
GetTextExtentPoint32W
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
CreateHatchBrush
CreatePen
DeleteObject
StretchDIBits
SetDIBitsToDevice
BitBlt

shell32

DragFinish
DragQueryFileW
DragQueryPoint
SHGetFileInfoW
DragAcceptFiles
ExtractIconA

Sections

.text
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
MainFrame.dll
.dll windows:4 windows x86 arch:x86

796966cba17ddc2aacc15aa6ab4d2720

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

d9:04:d8:3c:03:f8:2d:e2:ec:81:34:63:6b:72:3c:28:44:99:55:e1
Signer

Actual PE Digest

d9:04:d8:3c:03:f8:2d:e2:ec:81:34:63:6b:72:3c:28:44:99:55:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\ddst_ldt\Release\ddst.pdb

Imports

kernel32

WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetCPInfo
GetOEMCP
GetFileAttributesA
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
HeapReAlloc
HeapSize
GlobalGetAtomNameA
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalAddAtomA
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
MultiByteToWideChar
CreateThread
CreateToolhelp32Snapshot
Process32First
GetLastError
Process32Next
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTempFileNameA
CreateProcessA
GetCurrentProcess
TerminateProcess
CreateFileA
GetFileSize
ReadFile
CloseHandle
DeleteFileA
Sleep
GetPrivateProfileStringA
GetModuleFileNameA
GetLocalTime
SystemTimeToFileTime
WideCharToMultiByte
GetTempPathA
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
QueryPerformanceCounter
InterlockedExchange

user32

GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
WinHelpA
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
RegisterWindowMessageA
GetMessageA
TranslateMessage
DestroyMenu
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostMessageA
PostQuitMessage
ReleaseDC

gdi32

DeleteDC
GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteExA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

ole32

CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MainFrame.exe
.exe windows:4 windows x86 arch:x86

70119dc3b86ad7126ed2753a85d4c2c9

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

80:65:a6:45:5a:2a:a0:de:7b:be:2b:06:2b:f9:9f:06:00:10:0e:62
Signer

Actual PE Digest

80:65:a6:45:5a:2a:a0:de:7b:be:2b:06:2b:f9:9f:06:00:10:0e:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\ldttray\Release\ldttray.pdb

Imports

kernel32

ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
GetTickCount
GetFileTime
GetFileAttributesA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GlobalFlags
InterlockedIncrement
InterlockedDecrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
FreeResource
SetLastError
GlobalFree
MulDiv
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
GetCommandLineA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetTempPathA
Sleep
CreateDirectoryA
DeleteFileA
WaitForSingleObject
OpenMutexA
CreateMutexA
GetTempFileNameA
MoveFileA
MoveFileExA
GetLocalTime
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetStdHandle
InterlockedExchange

user32

MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
CharNextA
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextA
GetForegroundWindow
PostThreadMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
wsprintfA
GetMenuItemID
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
RegisterClipboardFormatA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
SetCursor
PostQuitMessage
PostMessageA
CharUpperA
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
SendMessageA
GetMessagePos

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetWindowExtEx
GetViewportExtEx
DeleteObject
PtVisible
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateBitmap
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
RectVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey

shell32

ShellExecuteExA
CommandLineToArgvW
SHGetFolderPathA

comctl32

ord17

shlwapi

PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoGetClassObject
CoTaskMemFree
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize

oleaut32

OleCreateFontIndirect
SysAllocString
SystemTimeToVariantTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString

urlmon

URLDownloadToFileA

wininet

DeleteUrlCacheEntry

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Toaster.exe
.exe windows:4 windows x86 arch:x86

f1dc0db544993ff1d5a6c2134ef2f2b3

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

c5:ba:ed:05:90:bb:b3:08:5d:e4:53:e2:9e:72:f3:3b:f1:ea:6d:17
Signer

Actual PE Digest

c5:ba:ed:05:90:bb:b3:08:5d:e4:53:e2:9e:72:f3:3b:f1:ea:6d:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\来点团\bin\release\Toaster.pdb

Imports

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

kernel32

GetLastError
GetTickCount
FreeLibrary
LoadLibraryW
SetStdHandle
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
SetFilePointer
FlushFileBuffers
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetVersionExA
GetStartupInfoA
CreateThread
ResumeThread
ExitThread
RaiseException
RtlUnwind
HeapFree
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
CreateFileW
GetLocaleInfoW
GetFileSize
ReadFile
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleW
GetModuleHandleA
GetCurrentThreadId
CreateFileA
WriteFile
CloseHandle
SetCurrentDirectoryA
GetTempPathA
GetCurrentProcess
TerminateProcess
LoadLibraryA
GetProcAddress
DeleteFileA
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
GetPrivateProfileIntA
Sleep
ExitProcess
SetEndOfFile
UnhandledExceptionFilter

user32

ShowCaret
SetFocus
GetFocus
WindowFromPoint
GetWindowTextW
GetWindowTextLengthW
SetClassLongW
KillTimer
SetTimer
HideCaret
CreateCaret
SetCapture
ReleaseCapture
GetParent
IsZoomed
IsIconic
IsWindowVisible
InvalidateRect
ShowWindowAsync
DestroyWindow
GetWindowThreadProcessId
ClientToScreen
CreateWindowExW
GetClientRect
GetSystemMetrics
DrawIconEx
LoadImageW
GetIconInfo
DestroyIcon
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxA
ScreenToClient
SetActiveWindow
SetForegroundWindow
SetCaretPos
DestroyCaret
UpdateWindow
GetWindowRect
MoveWindow
SetWindowPos
SetWindowTextW
BeginPaint
EndPaint
PostQuitMessage
GetCursorPos
DefWindowProcW
GetWindow
GetDesktopWindow
EnableWindow
IsWindow
PeekMessageW
WaitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetKeyState
PostMessageW
GetDC
ReleaseDC
FillRect
FrameRect
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
SendMessageW
SystemParametersInfoW
ShowWindow

gdi32

SetBkMode
GetDeviceCaps
CreateCompatibleDC
DeleteDC
BitBlt
CreatePen
SelectObject
MoveToEx
LineTo
CreateCompatibleBitmap
SetPixel
SetTextColor
TextOutW
GetTextExtentPoint32W
SetDIBitsToDevice
StretchDIBits
CreateHatchBrush
CreateSolidBrush
DeleteObject
CreateFontIndirectW

advapi32

RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryInfoKeyA

shell32

SHGetFileInfoA
ShellExecuteW
Shell_NotifyIconW
DragAcceptFiles
SHGetFileInfoW
DragQueryPoint
DragQueryFileW
DragFinish
ShellExecuteA

Sections

.text
Size: 268KB - Virtual size: 265KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
clinfo_impl.dll
.dll windows:4 windows x86 arch:x86

df6471d8ebf9580b0d458548e78baaa8

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

42:b5:cb:e6:13:e6:53:ae:ba:f0:81:55:05:ff:ed:36:bc:9d:4e:eb
Signer

Actual PE Digest

42:b5:cb:e6:13:e6:53:ae:ba:f0:81:55:05:ff:ed:36:bc:9d:4e:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\clinfo_impl2\Release\clinfo_impl2.pdb

Imports

kernel32

GetCurrentProcess
GetCPInfo
GetOEMCP
GetFileAttributesA
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCommandLineA
HeapReAlloc
ExitThread
CreateThread
TerminateProcess
HeapSize
HeapDestroy
HeapCreate
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GlobalFlags
WritePrivateProfileStringA
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedIncrement
RaiseException
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalAddAtomA
GetCurrentThread
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
CreateEventA
SuspendThread
SetEvent
WaitForSingleObject
GetCurrentThreadId
ResumeThread
SetThreadPriority
CloseHandle
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
GetTempPathA
GetTempFileNameA
DeleteFileA
GetModuleFileNameA
GetPrivateProfileStringA
lstrlenA
lstrcmpiA
GetVersion
FindResourceA
LoadResource
LockResource
SizeofResource
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetExitCodeThread
VirtualFree
TerminateThread

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
ShowWindow
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
DestroyMenu
IsWindowEnabled
EnableWindow
SetCursor
PostMessageA
PostQuitMessage
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SendMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DefWindowProcA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
ExtTextOutA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

shell32

ShellExecuteA
SHGetFolderPathA

comctl32

ord17

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantChangeType
VariantClear

urlmon

URLDownloadToFileA

iphlpapi

GetAdaptersInfo

wininet

DeleteUrlCacheEntry

Exports

Exports

client_info_create
client_info_free

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
general.cfg
html_app.dll
.dll windows:4 windows x86 arch:x86

18cd0abef4632519cc4fccb0f67a40ec

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

62:d9:ff:73:85:77:3e:11:4f:56:05:4e:8e:81:59:75:cf:db:f4:58
Signer

Actual PE Digest

62:d9:ff:73:85:77:3e:11:4f:56:05:4e:8e:81:59:75:cf:db:f4:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\html_app\Release\html_app.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCurrentProcess
FlushFileBuffers
SetFilePointer
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
RaiseException
GlobalFlags
InterlockedIncrement
WritePrivateProfileStringA
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
MultiByteToWideChar
CreateFileA
GetFileSize
ReadFile
CloseHandle
WriteFile
CreateDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LCMapStringA
InterlockedExchange

user32

WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
RegisterWindowMessageA
ShowWindow
SetWindowLongA
GetDlgItem
LoadCursorA
GetSystemMetrics
GetSysColorBrush
GetSysColor
ReleaseDC
GetDC
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
PostQuitMessage
PostMessageA
SetCursor
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetWindowTextA
SetWindowTextA
GetClassNameA
wsprintfA
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
DestroyMenu
SendMessageA
EnableWindow
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
GetParent
MessageBoxA
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
GetMenuItemCount
GetSubMenu
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA

gdi32

DeleteDC
ExtTextOutA
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
CreateBitmap
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
GetDeviceCaps
Escape

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

shell32

SHGetFolderPathA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

html_app_create
html_app_free

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
htmlindex2.exe
.exe windows:4 windows x86 arch:x86

8a209830ad6cbd71737cbc96c21be3c9

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ef:5f:c7:c0:9e:66:eb:db:68:4c:33:6d:98:cb:bc:9c:88:61:bc:ac
Signer

Actual PE Digest

ef:5f:c7:c0:9e:66:eb:db:68:4c:33:6d:98:cb:bc:9c:88:61:bc:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\来点团\htmlindex\Release\htmlindex2.pdb

Imports

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

kernel32

CreateEventA
SetEvent
FreeLibrary
LoadLibraryW
GetLocaleInfoW
ReadFile
SetStdHandle
GetOEMCP
GetACP
LoadLibraryA
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
HeapSize
LeaveCriticalSection
TerminateProcess
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetCurrentProcessId
QueryPerformanceCounter
HeapAlloc
GetCPInfo
LCMapStringW
LCMapStringA
IsBadReadPtr
GetSystemTimeAsFileTime
CreateThread
ExitThread
GetVersionExA
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapFree
ExitProcess
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
CreateFileA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
WaitForSingleObject
CloseHandle
GetCurrentThread
ResumeThread
GetLastError
SuspendThread
GetModuleHandleW
GetModuleHandleA
GetProcAddress
GetModuleFileNameW
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
GetTickCount
CreateDirectoryA
CreateProcessA
Sleep
GetTempPathA
GetPrivateProfileStringA
SetEndOfFile
GetCurrentProcess

user32

SetClassLongW
SendMessageW
GetWindowTextLengthW
GetWindowTextW
WindowFromPoint
GetFocus
ShowCaret
HideCaret
CreateCaret
SetCapture
ReleaseCapture
IsZoomed
IsIconic
IsWindowVisible
InvalidateRect
ShowWindow
ShowWindowAsync
DestroyWindow
GetWindowThreadProcessId
ClientToScreen
CreateWindowExW
GetSystemMetrics
GetDC
ReleaseDC
FillRect
FrameRect
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxA
BeginPaint
EndPaint
GetParent
GetClientRect
SystemParametersInfoW
GetCaretPos
GetDesktopWindow
IsWindow
PeekMessageW
WaitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
EnableWindow
SetActiveWindow
SetForegroundWindow
SetFocus
SetCaretPos
DestroyCaret
UpdateWindow
GetWindowRect
GetWindow
ScreenToClient
MoveWindow
SetWindowPos
SetWindowTextW
PostQuitMessage
DefWindowProcW
GetCursorPos
GetKeyState
PostMessageW
DrawIconEx
LoadImageW
GetIconInfo
DestroyIcon

gdi32

GetTextExtentPoint32W
SetDIBitsToDevice
GetDIBits
CreateFontIndirectW
GetDeviceCaps
CreateSolidBrush
CreateHatchBrush
CreateCompatibleBitmap
SetTextColor
SetBkMode
TextOutW
DeleteDC
GdiFlush
CreatePen
SelectObject
MoveToEx
LineTo
SetPixel
GetTextExtentExPointW
GetObjectW
DeleteObject
CreateCompatibleDC
BitBlt

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegOpenKeyA

shell32

DragQueryFileW
ShellExecuteW
SHGetFolderPathA
SHGetFileInfoW
DragFinish
DragQueryPoint
DragAcceptFiles

Sections

.text
Size: 292KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
inifile.dat
ldtframe.exe
.exe windows:4 windows x86 arch:x86

00e60c3d20629cd40f1462fb7db0f638

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

dc:f1:02:9e:43:6c:8d:02:cc:e5:67:85:41:6e:c9:5e:f4:1b:b3:38
Signer

Actual PE Digest

dc:f1:02:9e:43:6c:8d:02:cc:e5:67:85:41:6e:c9:5e:f4:1b:b3:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Works\来点团\bin\release\winframe.pdb

Imports

wininet

InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

kernel32

WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WriteFile
CreateFileA
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
MulDiv
LoadLibraryW
GetOEMCP
GetACP
IsBadCodePtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
VirtualQuery
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
UnhandledExceptionFilter
MultiByteToWideChar
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetStringTypeW
GetStringTypeA
HeapAlloc
GetCPInfo
LCMapStringW
LCMapStringA
GetVersionExA
GetStartupInfoA
IsBadReadPtr
CreateThread
ResumeThread
ExitThread
RaiseException
RtlUnwind
ExitProcess
HeapFree
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
ReadFile
GetLocaleInfoW
GetModuleHandleW
GetCurrentThreadId
CopyFileA
WaitForSingleObject
SetStdHandle
CloseHandle
GetModuleHandleA
OutputDebugStringW
OutputDebugStringA
CreateMutexA
GetLastError
SetCurrentDirectoryA
GetCommandLineA
GetCurrentThread
SuspendThread
GetLocalTime
GetTempPathA
GetTickCount
Sleep
DeleteFileA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentProcess
TerminateProcess
GetPrivateProfileIntA
GetPrivateProfileStringA
CreateDirectoryA
WritePrivateProfileStringA
GetModuleFileNameA
SetEndOfFile
HeapSize

user32

ReleaseCapture
IsIconic
SetCapture
HideCaret
ShowCaret
WindowFromPoint
GetWindowTextW
GetWindowTextLengthW
KillTimer
SetTimer
IsZoomed
IsWindowVisible
InvalidateRect
DestroyWindow
GetWindowThreadProcessId
ClientToScreen
CreateWindowExW
GetClientRect
GetSystemMetrics
GetClipboardData
GetFocus
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetDC
ReleaseDC
FillRect
FrameRect
SetClassLongW
LoadIconW
LoadCursorW
RegisterClassExW
MessageBoxA
ScreenToClient
SetActiveWindow
SetCaretPos
DestroyCaret
UpdateWindow
GetWindowRect
MoveWindow
SetWindowPos
SetWindowTextW
SystemParametersInfoW
BeginPaint
EndPaint
PostQuitMessage
GetCursorPos
DefWindowProcW
GetWindow
GetDesktopWindow
EnableWindow
IsWindow
PeekMessageW
WaitMessage
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetMessageW
GetKeyState
PostMessageW
DrawIconEx
LoadImageW
GetIconInfo
DestroyIcon
GetParent
FindWindowExA
SetFocus
FindWindowA
ShowWindowAsync
SetForegroundWindow
ShowWindow
SendMessageA
CreateCaret

gdi32

DeleteDC
CreatePen
SelectObject
MoveToEx
LineTo
RoundRect
FrameRgn
SetPixel
SetTextColor
CreateCompatibleDC
GetTextExtentPoint32W
BitBlt
DeleteObject
CreateRoundRectRgn
CreateFontIndirectW
GetDIBits
GetObjectW
SetDIBitsToDevice
StretchDIBits
GetDeviceCaps
SetBkMode
CreateCompatibleBitmap
TextOutW
CreateSolidBrush
CreateHatchBrush

advapi32

RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

Shell_NotifyIconW
DragAcceptFiles
DragQueryPoint
DragQueryFileW
DragFinish
SHGetFileInfoW
ShellExecuteA
SHGetFolderPathA
ExtractIconA
ShellExecuteW

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
res/Browser.dll
.dll windows:4 windows x86 arch:x86

361e38c9011d5d9739616a6f4a8c8316

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33
Signer

Actual PE Digest

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Works\来点团\WebBrowserFramework\bin\release\Browser.pdb

Imports

kernel32

GetFullPathNameA
CreateFileA
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesA
GetFileTime
GetTickCount
HeapFree
RtlUnwind
ExitProcess
ExitThread
CreateThread
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
TerminateProcess
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
GetVolumeInformationA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
SetEnvironmentVariableA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
RaiseException
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
FileTimeToSystemTime
SetLastError
MulDiv
GlobalUnlock
FormatMessageA
LocalFree
InterlockedIncrement
GlobalGetAtomNameA
GlobalFindAtomA
lstrcatA
lstrcmpW
lstrcpynA
FreeResource
GlobalFree
GlobalAddAtomA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentThread
GlobalLock
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
GetModuleHandleA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
CompareStringW
CompareStringA
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathA
GetLocalTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeleteFileA
WaitForSingleObject
CloseHandle
LoadLibraryA
IsBadWritePtr
GetProcAddress

user32

MessageBeep
DestroyMenu
RegisterClipboardFormatA
PostThreadMessageA
SetForegroundWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetClassInfoA
RegisterClassA
UnregisterClassA
DefWindowProcA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
CopyRect
PtInRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
LoadCursorA
SendDlgItemMessageA
GetNextDlgGroupItem
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetDlgItem
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetLastActivePopup
IsWindowEnabled
SendMessageA
SetCursor
PostQuitMessage
CharUpperBuffA
UpdateWindow
GetClientRect
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
GrayStringA
DrawTextExA
CharUpperA
EnableWindow
CallWindowProcA
CallNextHookEx
GetClassNameA
GetWindow
SetWindowsHookExA
GetWindowThreadProcessId
PostMessageA
GetWindowLongA
SetWindowLongA
ReleaseCapture
SetCapture
InvalidateRgn
IsWindow
UnhookWindowsHookEx
InvalidateRect
CopyAcceleratorTableA
SetRect
IsRectEmpty
DrawTextA
TabbedTextOutA
ClientToScreen
wsprintfA
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
IsChild
GetForegroundWindow
SetActiveWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
LoadIconA

gdi32

SetMapMode
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
RestoreDC
SaveDC
DeleteObject
GetTextColor
GetBkColor
GetDeviceCaps
GetStockObject
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
CoTaskMemAlloc
StgCreateDocfileOnILockBytes
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
OleInitialize
OleIsCurrentClipboard
OleFlushClipboard
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

SysFreeString
VarBstrCat
SysAllocStringByteLen
SysStringByteLen
VarBstrCmp
VariantInit
VariantClear
SysAllocStringLen
VariantChangeType
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysAllocString
SysStringLen

wininet

InternetReadFile
InternetCloseHandle
InternetOpenA
InternetOpenUrlA

Exports

Exports

ref_webform

Sections

.text
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
res/addr_left_cor.bmp
res/address.bmp
res/address_after.bmp
res/applet/game.ico
res/applet/ݲѯ.ico
res/applet/.ico
res/applet/.ico
res/applet/_.ico
res/applet/Ƶ.ico
res/applet/Ƶ_.ico
res/applet/.ico
res/applet/_.ico
res/applet/Ϸ.ico
res/applet/Ϸ_.ico
res/applet/Ķ.ico
res/applet/Ķ_.ico
res/bc.bmp
res/buttons.bmp
res/capatool.bmp
res/caption_buttons.bmp
res/cb.bmp
res/close.bmp
res/defweb.ico
res/droplister.bmp
res/favbar.bmp
res/favbar_ico/defweb.ico
res/general.cfg
res/icon.ico
res/idislike.ico
res/ilike.ico
res/miniweb.skin
res/miniweb/title.bmp
res/miniweb/titlebutton.bmp
res/navigate.bmp
res/prweb_miniweb.skin
res/radio.bmp
res/roofbar.bmp
res/share.ico
res/share/163.ico
res/share/douban.ico
res/share/fenxiang.tar
.tar
fenxiang/.svn/all-wcprops
fenxiang/.svn/entries
fenxiang/.svn/prop-base/163.gif.svn-base
fenxiang/.svn/prop-base/douban.gif.svn-base
fenxiang/.svn/prop-base/fastreply.gif.svn-base
fenxiang/.svn/prop-base/fav.gif.svn-base
fenxiang/.svn/prop-base/kaixin.gif.svn-base
fenxiang/.svn/prop-base/qq.gif.svn-base
fenxiang/.svn/prop-base/qz.gif.svn-base
fenxiang/.svn/prop-base/renren.gif.svn-base
fenxiang/.svn/prop-base/sina.gif.svn-base
fenxiang/.svn/text-base/163.gif.svn-base
.gif
fenxiang/.svn/text-base/douban.gif.svn-base
.gif
fenxiang/.svn/text-base/fastreply.gif.svn-base
.gif
fenxiang/.svn/text-base/fav.gif.svn-base
.gif
fenxiang/.svn/text-base/kaixin.gif.svn-base
.gif
fenxiang/.svn/text-base/qq.gif.svn-base
.gif
fenxiang/.svn/text-base/qz.gif.svn-base
.gif
fenxiang/.svn/text-base/renren.gif.svn-base
.gif
fenxiang/.svn/text-base/sina.gif.svn-base
.gif
fenxiang/163.gif
.gif
fenxiang/douban.gif
.gif
fenxiang/fastreply.gif
.gif
fenxiang/fav.gif
.gif
fenxiang/kaixin.gif
.gif
fenxiang/qq.gif
.gif
fenxiang/qz.gif
.gif
fenxiang/renren.gif
.gif
fenxiang/sina.gif
.gif
res/share/qq.ico
res/share/qzone.ico
res/share/renren.ico
res/share/sina.ico
res/sizeborder.bmp
res/tabbar.bmp
res/tray.ico
res/tray2.ico
res/tray3.ico
res/tuan.bmp
res/win.bmp
uninst.exe.nsis
update.dll
.dll windows:4 windows x86 arch:x86

65f1f1df5b24f914eb179a9d1e20e7ee

Code Sign

19:9d:f8:79
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2024, 01:00

Subject

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:1f:bf:81:8b:18:ad
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA,O=WoSign eCommerce Services Limited,C=CN

Not Before

25/10/2011, 16:59

Not After

28/10/2014, 19:00

Subject

CN=北京东跃在线网络软件开发有限公司,O=北京东跃在线网络软件开发有限公司,L=北京市,ST=北京市,C=CN,1.2.840.113549.1.9.1=#0c1064756f64756f626f784071712e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

39
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

01/03/2011, 01:00

Not After

01/03/2016, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign eCommerce Services Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Not Before

17/09/2006, 19:46

Not After

17/09/2036, 19:46

Subject

CN=StartCom Certification Authority,OU=Secure Digital Certificate Signing,O=StartCom Ltd.,C=IL

Key Usages

KeyUsageDigitalSignature
KeyUsageKeyEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign

ac:91:10:65:8b:fe:69:0d:89:64:5a:dd:87:a8:9e:c0:38:11:26:91
Signer

Actual PE Digest

ac:91:10:65:8b:fe:69:0d:89:64:5a:dd:87:a8:9e:c0:38:11:26:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\Project\应用Ghost\src\Pandora\Ldt\update3\Release\update2.pdb

Imports

kernel32

GetPrivateProfileStringA
GetModuleFileNameA
GetFileSize
CreateFileA
CreateDirectoryA
CloseHandle
SetEvent
CreateEventA
OutputDebugStringA
GetTempFileNameA
GetTempPathA
MoveFileA
DeleteFileA
WaitForSingleObject
Sleep
GetProcAddress
LoadLibraryA
CreateThread
FlushFileBuffers
SetStdHandle
LCMapStringW
ExitProcess
RtlUnwind
RaiseException
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
SetUnhandledExceptionFilter
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
WriteFile
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetLocaleInfoA
GetACP
GetOEMCP
InterlockedExchange
VirtualQuery
VirtualAlloc
IsBadWritePtr
IsBadReadPtr
IsBadCodePtr
SetFilePointer
InitializeCriticalSection
VirtualProtect
GetSystemInfo
LCMapStringA

shell32

ShellExecuteExA
SHGetFolderPathA

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

Exports

Exports

func_update_create
get_cur_version_string

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 728B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

19:9d:f8:79Certificate

Key Usages

06:1f:bf:81:8b:18:adCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

d9:f5:9a:83:27:81:a3:b4:b8:63:1c:b8:71:28:27:68:e6:24:ec:25Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 19KB - Virtual size: 19KB

361e38c9011d5d9739616a6f4a8c8316

Code Sign

19:9d:f8:79Certificate

Key Usages

06:1f:bf:81:8b:18:adCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

01Certificate

Key Usages

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oledlg

ole32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 208KB - Virtual size: 205KB

.rdata Size: 52KB - Virtual size: 49KB

.data Size: 12KB - Virtual size: 23KB

.rsrc Size: 16KB - Virtual size: 15KB

.reloc Size: 24KB - Virtual size: 23KB

796966cba17ddc2aacc15aa6ab4d2720

Code Sign

19:9d:f8:79Certificate

Key Usages

06:1f:bf:81:8b:18:adCertificate

Extended Key Usages

Key Usages

39Certificate

Key Usages

19:9d:f8:79
Certificate

06:1f:bf:81:8b:18:ad
Certificate

39
Certificate

01
Certificate

d9:f5:9a:83:27:81:a3:b4:b8:63:1c:b8:71:28:27:68:e6:24:ec:25
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 19KB - Virtual size: 19KB

19:9d:f8:79
Certificate

06:1f:bf:81:8b:18:ad
Certificate

39
Certificate

01
Certificate

5c:20:0b:c3:97:f7:fe:a4:17:48:ab:07:27:af:1b:3f:a0:68:c3:33
Signer

.text
Size: 208KB - Virtual size: 205KB

.rdata
Size: 52KB - Virtual size: 49KB

.data
Size: 12KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 15KB

.reloc
Size: 24KB - Virtual size: 23KB

19:9d:f8:79
Certificate

06:1f:bf:81:8b:18:ad
Certificate

39
Certificate

01
Certificate

d9:04:d8:3c:03:f8:2d:e2:ec:81:34:63:6b:72:3c:28:44:99:55:e1
Signer

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 16KB

19:9d:f8:79
Certificate

06:1f:bf:81:8b:18:ad
Certificate

39
Certificate

01
Certificate

80:65:a6:45:5a:2a:a0:de:7b:be:2b:06:2b:f9:9f:06:00:10:0e:62
Signer

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 28KB - Virtual size: 24KB

19:9d:f8:79
Certificate

06:1f:bf:81:8b:18:ad
Certificate

39
Certificate