6442836c748e63da7521355251d95dcd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6442836c748e63da7521355251d95dcd_JaffaCakes118
Size

3.5MB
MD5

6442836c748e63da7521355251d95dcd
SHA1

c2e35a8ed8fe8f3b4d5b6713291c36d198d9fffb
SHA256

6f8b540361c734dd1b08c829483cc31674ad5dd38909e6e9692bc95f2dfaf24e
SHA512

aa0dfff456b7a3f8f4d98b2cb9c44988d1b66caeeabe1108e7ae2b2db48b42dd225c50c579fbf9ce306fe87b8403cd4a082757fe3e9f7b83a51ac629e9504a24
SSDEEP

98304:+dBKd/OaDUP7ueWseQ0OnTYCrZP7Zf68p2:0Kd/OaDP3QJTYCphk

Score

3^/10

Malware Config

Signatures

Unsigned PE 18 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$SYSDIR/atl71.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/KanKan/IDesktop.dll
unpack002/KanKan/zlib.dll
unpack001/$WINDIR/msgctl.dll
unpack001/52hxw.exe
unpack001/Feedback.dll
unpack001/FlashWordGeneral.dll
unpack001/HttpDownLoad.exe
unpack001/Message.dll
unpack001/Uninstall.dll
unpack001/atl71.dll
unpack001/hxw.dll
unpack001/msgctl.dll

NSIS installer 3 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/$TEMP/KanKan_1020.exe	nsis_installer_1

Files

6442836c748e63da7521355251d95dcd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

26:6f:39:b1:6a:b1:ee:80:8a:9c:5c:2e:4d:84:36:a2:2d:6a:5f:a5
Signer

Actual PE Digest

26:6f:39:b1:6a:b1:ee:80:8a:9c:5c:2e:4d:84:36:a2:2d:6a:5f:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$FAVORITES/520ҳ_www.520.net.url
$FAVORITES/뷨ٷվ 52hxw.com.url
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$SYSDIR/atl71.dll
.dll windows:4 windows x86 arch:x86

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
HeapFree
GetProcessHeap
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
GetProcAddress
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind
VirtualQuery
LocalAlloc
LoadLibraryA

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/KanKan_1020.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

94:8c:05:c6:94:ee:69:53:b0:13:65:b9:63:ed:67:60:82:8e:ce:41
Signer

Actual PE Digest

94:8c:05:c6:94:ee:69:53:b0:13:65:b9:63:ed:67:60:82:8e:ce:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Chose.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1012B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

815c88741b87a0210c457b00b57bf9c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TerminateProcess
CloseHandle
OpenProcess
FreeLibrary
LoadLibraryA
GetProcAddress
GetVersionExA
GlobalFree
lstrcpyA
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
HeapFree
HeapAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
RtlUnwind
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP

Exports

Exports

KillProc

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

4ec328f99bdd944fc98d8a5cf11f7a62

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
GetLastError
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 92B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/introduce.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/meituWel.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
KanKan/CrashReport.exe
.exe windows:4 windows x86 arch:x86

f7dc88092f14e9c00b269e3f1bb86651

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

38:e5:d3:6a:8b:b5:4c:57:d4:8d:32:af:15:d0:93:5b:f0:86:2c:b9
Signer

Actual PE Digest

38:e5:d3:6a:8b:b5:4c:57:d4:8d:32:af:15:d0:93:5b:f0:86:2c:b9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord800
ord815
ord540
ord561
ord825
ord641
ord609
ord2514
ord2621
ord1134
ord858
ord4278
ord2764
ord4277
ord860
ord617
ord537
ord2818
ord2915
ord5214
ord296
ord5265
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2976
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord6199
ord5953
ord4160
ord2863
ord2379
ord3571
ord3626
ord3663
ord2414
ord686
ord2096
ord384
ord1641
ord755
ord470
ord2642
ord3092
ord941
ord939
ord535
ord3089
ord4476
ord823
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord2055
ord4673
ord1576

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
_acmdln
strncpy
strtoul
sprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
malloc
free
_vsnwprintf
wcslen
_vsnprintf
_setmbcp
_stricmp
exit
_XcptFilter
_strnicmp
__CxxFrameHandler
_mbscmp
_beginthreadex
_exit
_mbsnicmp

kernel32

GetLastError
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
SetFilePointer
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CloseHandle
WaitForSingleObject
OutputDebugStringA
GetFileSize
GetCommandLineA
GetModuleFileNameA

user32

SendMessageA
AppendMenuA
IsIconic
GetClientRect
GetSystemMetrics
EnableWindow
LoadIconA
PostMessageA
GetSystemMenu
DrawIcon
LoadBitmapA

gdi32

GetObjectA

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked

ole32

CoTaskMemFree
CoCreateGuid

urlmon

FindMimeFromData

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/IDesktop.dll
.dll windows:4 windows x86 arch:x86

ffb2886f5e6066ed5273077a2b573535

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrlenA
MultiByteToWideChar

user32

LoadCursorA
GetCursor
SetCursor

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcrt

_adjust_fdiv
malloc
_initterm
free

Exports

Exports

SetWallPaper

Sections

.text
Size: 4KB - Virtual size: 670B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 122B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/ImgFmt.dll
.dll windows:4 windows x86 arch:x86

96a8ec412858a637750b430c36c75b02

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

36:c0:e2:42:b6:21:37:a0:65:26:ab:d7:0d:a3:e1:be:90:dd:ba:74
Signer

Actual PE Digest

36:c0:e2:42:b6:21:37:a0:65:26:ab:d7:0d:a3:e1:be:90:dd:ba:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_adjust_fdiv
malloc
_initterm
free

kernel32

DisableThreadLibraryCalls

Sections

.text
Size: 4KB - Virtual size: 366B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KanKan/KanKan.exe
.exe windows:4 windows x86 arch:x86

ee3260c496def5325de2e033c0110784

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

18:dc:48:ac:8b:a3:a7:06:f5:73:90:62:80:9b:f0:3c:3f:68:2e:f2
Signer

Actual PE Digest

18:dc:48:ac:8b:a3:a7:06:f5:73:90:62:80:9b:f0:3c:3f:68:2e:f2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5834
ord2044
ord2863
ord1146
ord4242
ord4467
ord3059
ord3369
ord3623
ord674
ord5282
ord4083
ord4457
ord2233
ord5655
ord5054
ord4413
ord4793
ord1270
ord1232
ord924
ord926
ord4129
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord5714
ord3738
ord815
ord561
ord617
ord2092
ord551
ord3337
ord3811
ord6876
ord5214
ord296
ord1134
ord1199
ord1205
ord3953
ord4698
ord4357
ord2764
ord861
ord4278
ord3400
ord3737
ord2714
ord2535
ord2100
ord922
ord5710
ord2381
ord2580
ord4400
ord2568
ord6271
ord3225
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord2883
ord2398
ord2418
ord6224
ord6226
ord2429
ord2250
ord2259
ord4836
ord4440
ord6148
ord4284
ord3779
ord3092
ord3571
ord5785
ord1768
ord665
ord1979
ord547
ord3318
ord5186
ord354
ord6270
ord1175
ord1180
ord6756
ord2629
ord2463
ord1568
ord5718
ord2860
ord5805
ord2763
ord6874
ord4133
ord4297
ord562
ord5782
ord2243
ord4530
ord5685
ord3274
ord2582
ord4402
ord3640
ord686
ord384
ord439
ord3293
ord3216
ord4042
ord3910
ord736
ord5495
ord2096
ord2408
ord6242
ord2558
ord1980
ord668
ord3181
ord3310
ord3319
ord3178
ord2781
ord2770
ord356
ord3301
ord6762
ord6901
ord3996
ord6007
ord3286
ord729
ord2504
ord1706
ord430
ord5148
ord2513
ord293
ord6567
ord3499
ord4167
ord556
ord809
ord1088
ord2122
ord2639
ord2431
ord2546
ord291
ord2256
ord2862
ord4287
ord5949
ord1158
ord5861
ord663
ord348
ord536
ord6929
ord5788
ord472
ord4125
ord6676
ord3914
ord538
ord5442
ord6222
ord1601
ord539
ord298
ord6369
ord1709
ord1803
ord1153
ord533
ord6493
ord5631
ord6662
ord3903
ord4285
ord3657
ord4658
ord4816
ord4797
ord4795
ord4810
ord4995
ord4701
ord5053
ord6320
ord1858
ord2097
ord6825
ord6594
ord6802
ord6565
ord5240
ord620
ord6491
ord2444
ord5248
ord6860
ord5279
ord6931
ord5234
ord6593
ord6862
ord2389
ord4121
ord5471
ord4056
ord4364
ord2530
ord6154
ord6779
ord857
ord6572
ord2890
ord879
ord878
ord876
ord882
ord463
ord886
ord884
ord1777
ord3986
ord4205
ord6393
ord5449
ord1860
ord845
ord906
ord850
ord849
ord1572
ord5216
ord2813
ord2814
ord836
ord834
ord3732
ord2759
ord6438
ord4270
ord5288
ord5849
ord4431
ord429
ord1652
ord3027
ord5510
ord795
ord807
ord609
ord1137
ord6728
ord4715
ord4259
ord1008
ord498
ord2041
ord6877
ord1099
ord5781
ord3706
ord2448
ord500
ord5860
ord5606
ord2405
ord772
ord4123
ord3813
ord5278
ord2642
ord5937
ord3061
ord3874
ord781
ord3708
ord3579
ord2623
ord2380
ord2567
ord1168
ord6442
ord2450
ord3596
ord5864
ord6061
ord5571
ord5579
ord5736
ord5678
ord5794
ord5873
ord6021
ord6189
ord4330
ord6186
ord5756
ord6192
ord5759
ord2971
ord5012
ord4151
ord542
ord6569
ord802
ord6905
ord5683
ord4277
ord2820
ord941
ord6282
ord6283
ord939
ord2919
ord2614
ord5030
ord6215
ord2884
ord3797
ord5484
ord5252
ord1644
ord2438
ord3654
ord2584
ord4220
ord4427
ord4436
ord1665
ord2649
ord5237
ord4077
ord2878
ord2879
ord3403
ord5472
ord975
ord3350
ord4303
ord5103
ord5100
ord2390
ord2723
ord4160
ord3138
ord771
ord4021
ord1576
ord2054
ord4439
ord1690
ord4108
ord4961
ord4964
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4890
ord4723
ord4349
ord4341
ord5076
ord4892
ord4370
ord4899
ord4588
ord4589
ord4273
ord1945
ord2859
ord6055
ord6172
ord5789
ord355
ord2515
ord3452
ord6883
ord641
ord5981
ord858
ord860
ord6199
ord2252
ord3481
ord5910
ord1106
ord801
ord541
ord4202
ord4204
ord2726
ord817
ord565
ord4622
ord5715
ord5289
ord5307
ord656
ord3353
ord5460
ord6571
ord4508
ord2713
ord3920
ord2864
ord289
ord613
ord470
ord323
ord1640
ord2753
ord640
ord755
ord6880
ord6605
ord6197
ord521
ord6307
ord803
ord567
ord543
ord818
ord5261
ord3584
ord4275
ord1949
ord535
ord6394
ord5450
ord6383
ord5440
ord2754
ord4464
ord2915
ord5572
ord560
ord813
ord4432
ord5260
ord1726
ord1265
ord3748
ord1908
ord3084
ord1883
ord1217
ord2817
ord6334
ord4234
ord2370
ord3957
ord4163
ord5600
ord1083
ord2762
ord5607
ord501
ord3754
ord2571
ord4317
ord773
ord3702
ord3287
ord3303
ord3296
ord3297
ord4271
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord823

msvcrt

wcsstr
_wcslwr
qsort
_ismbcalpha
mbstowcs
_mbctype
strtod
floor
__CxxFrameHandler
sprintf
_purecall
fclose
fread
fwrite
fseek
wcschr
strrchr
atof
_ismbcdigit
printf
ftell
_filbuf
isprint
_swab
_setjmp3
__CxxLongjmpUnwind
longjmp
strncmp
getenv
fprintf
_iob
_stricmp
putc
strchr
_getcwd
_pctype
__mb_cur_max
_isctype
fgetc
perror
mktime
tmpfile
gmtime
puts
abort
strlen
strcpy
exp
log
sqrt
fabs
atan2
toupper
tolower
localtime
_wcsicmp
memset
strcat
strcmp
memcmp
memcpy
_setmbcp
fflush
fputc
getc
fgets
_controlfp
__set_app_type
__p__fmode
_CIpow
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_wcsdup
_wcsnicmp
wcsncpy
wcstoul
wcscat
calloc
_strnicmp
strtoul
wcscmp
swprintf
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_vsnwprintf
wcslen
_vsnprintf
_snprintf
strerror
mbtowc
strncpy
wctomb
_mbsnbcmp
_mbclen
sscanf
_strcmpi
strtol
_makepath
_mbsnbicmp
_mbslen
_strdup
_atoi64
atol
vsprintf
strstr
_mbsnbcpy
_mkdir
malloc
_stat
rename
_errno
_mbsstr
_endthreadex
_beginthreadex
free
realloc
time
srand
rand
_sleep
atoi
_mbsicmp
_mbscmp
fopen
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memmove
_ftol
_splitpath
_mbschr
_mbsrchr
_mbslwr
_mbsupr
fscanf
__p__commode

kernel32

LockResource
SizeofResource
GetTimeFormatA
GetDateFormatA
GetLocalTime
InterlockedIncrement
FindResourceA
GetVersion
WaitForMultipleObjects
FindCloseChangeNotification
FindNextChangeNotification
FindFirstChangeNotificationA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
CompareStringA
GetCurrentDirectoryA
lstrcmpA
GetPrivateProfileSectionNamesA
GetTempFileNameA
GetTempPathA
LoadLibraryExA
VirtualProtect
VirtualQuery
LoadLibraryW
LoadLibraryExW
LocalSize
InterlockedDecrement
DeleteFileW
GetFileAttributesW
GetTempPathW
FlushFileBuffers
SetEndOfFile
UnlockFile
LockFile
LockFileEx
GetFullPathNameA
GetFullPathNameW
GetSystemTime
GetSystemTimeAsFileTime
TlsSetValue
TlsGetValue
TlsAlloc
FlushInstructionCache
lstrlenW
FileTimeToDosDateTime
FindFirstFileA
FileTimeToLocalFileTime
FindClose
FileTimeToSystemTime
GetSystemInfo
GetCurrentThreadId
GetCurrentProcess
SetUnhandledExceptionFilter
HeapAlloc
WriteFile
IsDBCSLeadByteEx
ReadFile
SetFilePointer
CreateFileW
GetFileSize
GetProcessHeap
HeapFree
FormatMessageW
FormatMessageA
CreateFileA
DeviceIoControl
GetExitCodeThread
OutputDebugStringA
LocalFree
SetLastError
LocalAlloc
SuspendThread
GetTickCount
MulDiv
GetFileTime
GetCommandLineA
CreateSemaphoreA
GetLastError
GetCurrentProcessId
SetCurrentDirectoryA
GetPrivateProfileStringA
WritePrivateProfileSectionA
WritePrivateProfileStringA
CopyFileA
DeleteFileA
GetStartupInfoA
CreateProcessA
GetShortPathNameA
lstrcmpiA
MultiByteToWideChar
GetFileAttributesA
SetFileAttributesA
GetModuleFileNameA
LoadLibraryA
FreeLibrary
lstrcatA
WinExec
GetLocaleInfoA
GetNumberFormatA
GetPrivateProfileIntA
TerminateThread
SetEvent
ResetEvent
CreateEventA
ResumeThread
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
TerminateProcess
OpenProcess
GetModuleHandleA
GetProcAddress
lstrlenA
GlobalAlloc
GlobalLock
lstrcpyA
GlobalUnlock
GetVersionExA
WideCharToMultiByte
GlobalFree
LeaveCriticalSection
EnterCriticalSection
GetCurrentThread
SetThreadPriority
CloseHandle
CreateThread
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
CreateDirectoryA
lstrcpynA
LoadResource

user32

CallWindowProcW
IsWindowUnicode
GetWindowLongW
SetWindowLongW
EndPaint
BeginPaint
AdjustWindowRectEx
AppendMenuA
EnableMenuItem
GetDoubleClickTime
DeferWindowPos
SetClassLongA
GetCursor
WindowFromPoint
GetDlgItem
DrawEdge
LoadMenuIndirectA
LookupIconIdFromDirectoryEx
FillRect
DrawTextA
SendMessageA
EnableWindow
PostMessageA
GetFocus
PostThreadMessageA
GetWindowLongA
IsZoomed
GetWindowTextA
CopyRect
InvalidateRect
DefWindowProcW
SetFocus
KillTimer
GetWindowRect
DefFrameProcA
ShowWindow
IsRectEmpty
SetCursor
ReleaseCapture
DispatchMessageA
GetMessageA
GetCapture
SetCapture
SetTimer
ClientToScreen
UpdateWindow
PeekMessageA
LoadAcceleratorsA
DestroyAcceleratorTable
GetClassNameA
DestroyIcon
LoadIconA
CreatePopupMenu
InsertMenuA
GetMenuItemCount
IsMenu
DeleteMenu
GetMenuStringA
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatA
EmptyClipboard
TabbedTextOutA
GrayStringA
SetWindowLongA
DefFrameProcW
DefMDIChildProcA
DefMDIChildProcW
GetClipboardFormatNameA
SetRect
OffsetRect
IsWindow
SetWindowTextA
FindWindowExA
GetNextDlgGroupItem
GetWindowThreadProcessId
GetParent
LoadCursorA
InflateRect
GetClientRect
DrawStateA
UnionRect
IsChild
DrawIconEx
GetWindow
SetMenuDefaultItem
RegisterWindowMessageA
GetMessagePos
CallWindowProcA
GetPropA
GetWindowDC
RemovePropA
SetPropA
GetCursorPos
BringWindowToTop
GetKeyState
SystemParametersInfoA
DrawFocusRect
SetWindowRgn
IsWindowEnabled
MessageBeep
GetSystemMenu
GetActiveWindow
SetActiveWindow
IntersectRect
BeginDeferWindowPos
EndDeferWindowPos
LoadStringA
GetDesktopWindow
SetWindowPos
RedrawWindow
GetDlgCtrlID
CreateMenu
SetForegroundWindow
LoadImageA
EnableScrollBar
ShowScrollBar
SetScrollRange
GetScrollRange
GetScrollPos
SetScrollPos
GetScrollInfo
SetScrollInfo
GetDC
ReleaseDC
FindWindowA
DestroyMenu
SetClipboardData
MessageBoxA
SetWindowPlacement
GetWindowPlacement
GetClassInfoA
DefWindowProcA
wsprintfA
IsIconic
SetMenu
LoadMenuA
GetSubMenu
RemoveMenu
TranslateMessage
SetRectEmpty
EqualRect
IsWindowVisible
ScreenToClient
ShowCursor
MonitorFromWindow
GetMonitorInfoA
GetSystemMetrics
EnumWindows
SendMessageTimeoutA
DrawFrameControl
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
InvertRect
GetDCEx
LockWindowUpdate
GetLastActivePopup
GetForegroundWindow
GetMenuItemID
GetMenuItemInfoA
GetMenuDefaultItem
MapVirtualKeyA
GetNextDlgTabItem
ShowCaret
HideCaret
GetWindowRgn
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
LoadBitmapA
TrackPopupMenu
IsClipboardFormatAvailable
IsDialogMessageA
MapWindowPoints
SetParent
GetSysColor
SetCursorPos
MoveWindow
TranslateAcceleratorA
CopyAcceleratorTableA
IsCharLowerA
GetKeyNameTextA
MapVirtualKeyExA
GetKeyboardLayout
ToAsciiEx
GetKeyboardState
GetKeyboardLayoutList
CharUpperA
CreateAcceleratorTableA
EnumChildWindows
DrawAnimatedRects
CheckMenuItem
GetMenuState
GetClassLongA
GetMenu
PtInRect

gdi32

GetBitmapBits
GetTextExtentPoint32A
SetRectRgn
CreateRoundRectRgn
SetStretchBltMode
ExcludeClipRect
SelectClipRgn
StretchDIBits
StretchBlt
SetBkColor
SetDIBitsToDevice
GetClipBox
CreateRectRgnIndirect
ExtSelectClipRgn
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateCompatibleBitmap
GetDIBits
BitBlt
DeleteObject
CreateCompatibleDC
SelectObject
DeleteDC
GetObjectA
CreateFontIndirectA
CreatePen
CreateSolidBrush
PatBlt
EnumFontFamiliesExA
Polygon
PtInRegion
CreateRectRgn
CreateBitmap
SetTextColor
SetDIBits
CombineRgn
GetMapMode
GetTextAlign
GetObjectType
GetRgnBox
CreatePolygonRgn
RoundRect
CreatePatternBrush
ExtCreateRegion
CreatePalette
CreateDIBitmap
SelectPalette
GetViewportOrgEx
CreateFontA
Rectangle
GetTextCharsetInfo
OffsetRgn
ExtFloodFill
Ellipse
SetBrushOrgEx
SetBkMode
DeleteEnhMetaFile
SetWinMetaFileBits
GetEnhMetaFileHeader
SetEnhMetaFileBits
SetPixel
GetTextColor
GetStockObject
GetTextMetricsA
GetDeviceCaps
GetPixel
GetCurrentObject
RestoreDC
SaveDC
CreateDIBSection
GetBkColor

advapi32

RegEnumKeyExA
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegCreateKeyA
RegDeleteValueA
RegCloseKey
RegEnumValueA
RegDeleteKeyA

shell32

SHBrowseForFolderA
SHFreeNameMappings
DragQueryFileA
SHGetPathFromIDListA
SHChangeNotify
ShellExecuteA
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA
SHGetSpecialFolderPathA
SHFileOperationA
ShellExecuteExA
SHAppBarMessage
Shell_NotifyIconA
SHGetFolderLocation

comctl32

_TrackMouseEvent
ImageList_DrawEx
ImageList_GetImageInfo
ord17
ImageList_Draw
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_DrawIndirect
ImageList_Remove
PropertySheetA
ImageList_Create
ImageList_Add
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_GetIcon
FlatSB_GetScrollProp

ole32

OleRun
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateGuid
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

OleLoadPicturePath
VariantClear
VariantChangeTypeEx
VariantInit
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo
SysAllocString
SysAllocStringLen
VariantChangeType

urlmon

URLDownloadToFileA
FindMimeFromData

gdiplus

GdipImageGetFrameDimensionsList
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipCreateBitmapFromStream
GdipCreateFontFamilyFromName
GdipGetPropertyItemSize
GdiplusStartup
GdiplusShutdown
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipGetImagePixelFormat
GdipGetImageWidth
GdipGetImageHeight
GdipDeleteGraphics
GdipDeleteStringFormat
GdipMeasureString
GdipSetStringFormatFlags
GdipSetStringFormatHotkeyPrefix
GdipCloneStringFormat
GdipStringFormatGetGenericDefault
GdipCreateFromHDC
GdipDeleteBrush
GdipDrawString
GdipCreateSolidFill
GdipSetStringFormatTabStops
GdipGetStringFormatFlags
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetTextRenderingHint
GdipAlloc
GdipCloneBrush
GdipFree
GdipDisposeImageAttributes
GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageGraphicsContext
GdipCreateBitmapFromGdiDib
GdipCloneImage
GdipDisposeImage
GdipDeleteFontFamily
GdipCreateFont
GdipCreateBitmapFromStreamICM
GdipGetPropertyItem
GdipSaveImageToFile
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipDeleteFont
GdipGetImageEncoders
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageHorizontalResolution
GdipGetImageVerticalResolution
GdipBitmapSetResolution
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipSetImagePalette
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGraphicsClear
GdipImageSelectActiveFrame
GdipCloneBitmapAreaI
GdipImageRotateFlip
GdipDeletePath
GdipDeleteMatrix
GdipRotateWorldTransform
GdipTranslateWorldTransform
GdipSetInterpolationMode
GdipGetPathWorldBounds
GdipRotateMatrix
GdipCreateMatrix
GdipAddPathRectangle
GdipCreatePath
GdipDrawImageRectI
GdipGetImageThumbnail

msvcp60

??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xlen@std@@YAXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??0out_of_range@std@@QAE@ABV01@@Z
??0logic_error@std@@QAE@ABV01@@Z

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetGetConnectedState
DeleteUrlCacheEntry
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetSetOptionA
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
InternetSetOptionW
InternetReadFile

psapi

EnumProcesses
GetModuleBaseNameA
EnumProcessModules

imm32

ImmAssociateContext

iphlpapi

GetAdaptersInfo

dbghelp

ImageDirectoryEntryToData

winmm

PlaySoundA

ws2_32

ntohs
htonl
ntohl
htons

Exports

Exports

??0CxExifInfo@@QAE@ABV0@@Z
??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxExifInfo@@6B@
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxMemFile@@QAEXXZ
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetBuffer@CxFile@@UAEPAE_N@Z
?GetC@CxIOFile@@UAEJXZ
?GetFilePath@CxMemFile@@UAEPBDXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 2.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/KanKanGengxin.exe
.exe windows:4 windows x86 arch:x86

f32afd77bab6dea13286bf836a8db9d5

Code Sign

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

03-12-2009 00:00

Not After

01-02-2012 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

56:50:ed:97:ca:61:dd:9c:ae:28:92:2e:25:3c:42:4d:d4:2c:b1:46
Signer

Actual PE Digest

56:50:ed:97:ca:61:dd:9c:ae:28:92:2e:25:3c:42:4d:d4:2c:b1:46

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord354
ord860
ord858
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord2614
ord4277
ord2763
ord2092
ord5484
ord941
ord5572
ord2621
ord1134
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord6385
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord4627
ord4427
ord366
ord674
ord2820
ord3811
ord922
ord1106
ord4457
ord5252
ord4413
ord2379
ord1270
ord1232
ord1168
ord5442
ord1979
ord665
ord2726
ord2818
ord537
ord924
ord6877
ord535
ord2915
ord5683
ord4129
ord825
ord565
ord1576
ord540
ord817
ord800
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord2879
ord823

msvcrt

__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fclose
fseek
ftell
fwrite
fread
fopen
_strnicmp
strtoul
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcslen
_vsnprintf
sprintf
_ftol
realloc
_except_handler3
_mbsrchr
malloc
_mbsstr
_stat
_mbschr
_mbsnbcpy
_mkdir
_makepath
_splitpath
_setmbcp
_stricmp
strncpy
__CxxFrameHandler
_mbsicmp
_mbscmp
_strdup
strrchr
free
atoi

kernel32

CloseHandle
WriteFile
CreateFileA
lstrlenA
WaitForSingleObject
GetVersionExA
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
CreateSemaphoreA
FreeLibrary
GetProcAddress
LoadLibraryA
GetFileAttributesA
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CreateDirectoryA
GetLastError
CopyFileA
Sleep
ResumeThread
DeleteFileA

user32

SetTimer
GetClassInfoA
PostThreadMessageA
PostMessageA
KillTimer
DefWindowProcA
LoadCursorA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateGuid

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenA
InternetCloseHandle
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetConnectA
InternetReadFile

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
KanKan/Skin/Default/control/box_bg2.png
.png
KanKan/Skin/Default/control/button_hover.png
.png
KanKan/Skin/Default/control/button_normal.png
.png
KanKan/Skin/Default/control/bx_bg.png
.png
KanKan/Skin/Default/control/bx_close.png
.png
KanKan/Skin/Default/control/bx_close_hover.png
.png
KanKan/Skin/Default/control/checkbox_1.png
.png
KanKan/Skin/Default/control/checkbox_1_hover.png
.png
KanKan/Skin/Default/control/checkbox_2.png
.png
KanKan/Skin/Default/control/checkbox_2_hover.png
.png
KanKan/Skin/Default/control/combolistbg.png
.png
KanKan/Skin/Default/control/doing.png
.png
KanKan/Skin/Default/control/edit.png
.png
KanKan/Skin/Default/control/edit_dis.png
.png
KanKan/Skin/Default/control/edit_hover.png
.png
KanKan/Skin/Default/control/fcit.hover.png
.png
KanKan/Skin/Default/control/fcit.pressed.png
.png
KanKan/Skin/Default/control/fcparent.hover.png
.png
KanKan/Skin/Default/control/fcparent.png
.png
KanKan/Skin/Default/control/fcsepr.png
.png
KanKan/Skin/Default/control/fcsepr1.png
.png
KanKan/Skin/Default/control/filmctrlbg.png
.png
KanKan/Skin/Default/control/folderctrl.png
.png
KanKan/Skin/Default/control/history.png
.png
KanKan/Skin/Default/control/history_hover.png
.png
KanKan/Skin/Default/control/layerclose.hover.png
.png
KanKan/Skin/Default/control/layerclose.png
.png
KanKan/Skin/Default/control/left.png
.png
KanKan/Skin/Default/control/left_hover.png
.png
KanKan/Skin/Default/control/list.dragover.png
.png
KanKan/Skin/Default/control/list.nor.png
.png
KanKan/Skin/Default/control/list.sel.png
.png
KanKan/Skin/Default/control/mainframe.png
.png
KanKan/Skin/Default/control/menuItem_bg_hover.png
.png
KanKan/Skin/Default/control/mover.png
.png
KanKan/Skin/Default/control/mover_hover.png
.png
KanKan/Skin/Default/control/ok.png
.png
KanKan/Skin/Default/control/panetab_bg.png
.png
KanKan/Skin/Default/control/pgbg.png
.png
KanKan/Skin/Default/control/pgface.png
.png
KanKan/Skin/Default/control/question.png
.png
KanKan/Skin/Default/control/radio_1.png
.png
KanKan/Skin/Default/control/radio_1_hover.png
.png
KanKan/Skin/Default/control/radio_2.png
.png
KanKan/Skin/Default/control/radio_2_hover.png
.png
KanKan/Skin/Default/control/right.png
.png
KanKan/Skin/Default/control/right_hover.png
.png
KanKan/Skin/Default/control/shadow.png
.png
KanKan/Skin/Default/control/sidebar_tab_active.png
.png
KanKan/Skin/Default/control/sidebar_tab_hover.png
.png
KanKan/Skin/Default/control/sidebar_tab_inactive.png
.png
KanKan/Skin/Default/control/sliderchannel.png
.png
KanKan/Skin/Default/control/sliderthumb_hover.png
.png
KanKan/Skin/Default/control/sliderthumb_nor.png
.png
KanKan/Skin/Default/control/splitter.png
.png
KanKan/Skin/Default/control/status_bar_bg.png
.png
KanKan/Skin/Default/control/tab_active.png
.png
KanKan/Skin/Default/control/tab_hover.png
.png
KanKan/Skin/Default/control/tab_normal.png
.png
KanKan/Skin/Default/control/tbut_bg_checked.png
.png
KanKan/Skin/Default/control/tbut_bg_hover.png
.png
KanKan/Skin/Default/control/tbut_bg_pressed.png
.png
KanKan/Skin/Default/control/title_bg.png
.png
KanKan/Skin/Default/control/viewdockbar_bg.png
.png
KanKan/Skin/Default/control/vschannel.png
.png
KanKan/Skin/Default/control/vsdown.hover.png
.png
KanKan/Skin/Default/control/vsdown.png
.png
KanKan/Skin/Default/control/vsdown.pressed.png
.png
KanKan/Skin/Default/control/vsthumb.hover.png
.png
KanKan/Skin/Default/control/vsthumb.png
.png
KanKan/Skin/Default/control/vsthumb.pressed.png
.png
KanKan/Skin/Default/control/vsup.hover.png
.png
KanKan/Skin/Default/control/vsup.png
.png
KanKan/Skin/Default/control/vsup.pressed.png
.png
KanKan/Skin/Default/control/warn.png
.png
KanKan/Skin/Default/control/win_close.png
.png
KanKan/Skin/Default/control/win_close_hover.png
.png
KanKan/Skin/Default/control/win_maximum.png
.png
KanKan/Skin/Default/control/win_maximum_hover.png
.png
KanKan/Skin/Default/control/win_minimize.png
.png
KanKan/Skin/Default/control/win_minimize_hover.png
.png
KanKan/Skin/Default/control/win_restore.png
.png
KanKan/Skin/Default/control/win_restore_hover.png
.png
KanKan/Skin/Default/fmt/bmp.png
.png
KanKan/Skin/Default/fmt/emf.png
.png
KanKan/Skin/Default/fmt/gif.PNG
.png
KanKan/Skin/Default/fmt/icon.png
.png
KanKan/Skin/Default/fmt/jpg.png
.png
KanKan/Skin/Default/fmt/pcx.png
.png
KanKan/Skin/Default/fmt/png.png
.png
KanKan/Skin/Default/fmt/psd.png
.png
KanKan/Skin/Default/fmt/raf.png
.png
KanKan/Skin/Default/fmt/tga.png
.png
KanKan/Skin/Default/fmt/tiff.png
.png
KanKan/Skin/Default/fmt/wmf.png
.png
KanKan/Skin/Default/plugin/adaptwin.png
.png
KanKan/Skin/Default/plugin/add.png
.png
KanKan/Skin/Default/plugin/back.png
.png
KanKan/Skin/Default/plugin/batch.png
.png
KanKan/Skin/Default/plugin/delete.png
.png
KanKan/Skin/Default/plugin/front.png
.png
KanKan/Skin/Default/plugin/max.hover.png
.png
KanKan/Skin/Default/plugin/max.png
.png
KanKan/Skin/Default/plugin/reduce.png
.png
KanKan/Skin/Default/plugin/restore.hover.png
.png
KanKan/Skin/Default/plugin/restore.png
.png
KanKan/Skin/Default/plugin/trimsize.png
.png
KanKan/Skin/Default/plugin/warn.png
.png
KanKan/Skin/Default/plugin/xiuxiu.png
.png
KanKan/Skin/Default/plugin/zoomin.png
.png
KanKan/Skin/Default/plugin/zoomout.png
.png
KanKan/Skin/Default/setting/about.png
.png
KanKan/Skin/Default/setting/opitem.hover.png
.png
KanKan/Skin/Default/setting/opitem.nor.png
.png
KanKan/Skin/Default/setting/opitem.sel.png
.png
KanKan/Skin/Default/setting/optionctrbg.png
.png
KanKan/Skin/Default/setting/sepr.png
.png
KanKan/Skin/Default/setting/sheetbg.png
.png
KanKan/Skin/Default/skin.ini
KanKan/Skin/Default/toolbar/anticlockwise.hover.png
.png
KanKan/Skin/Default/toolbar/anticlockwise.png
.png
KanKan/Skin/Default/toolbar/batchadd.hover.png
.png
KanKan/Skin/Default/toolbar/batchadd.png
.png
KanKan/Skin/Default/toolbar/deasil.hover.png
.png
KanKan/Skin/Default/toolbar/deasil.png
.png
KanKan/Skin/Default/toolbar/edit.png
.png
KanKan/Skin/Default/toolbar/film.hover.png
.png
KanKan/Skin/Default/toolbar/film.png
.png
KanKan/Skin/Default/toolbar/filmeffect.hover.png
.png
KanKan/Skin/Default/toolbar/filmeffect.png
.png
KanKan/Skin/Default/toolbar/filmexit.hover.png
.png
KanKan/Skin/Default/toolbar/filmexit.png
.png
KanKan/Skin/Default/toolbar/filmlay.hover.png
.png
KanKan/Skin/Default/toolbar/filmlay.png
.png
KanKan/Skin/Default/toolbar/folder.png
.png
KanKan/Skin/Default/toolbar/head.png
.png
KanKan/Skin/Default/toolbar/mffilm.png
.png
KanKan/Skin/Default/toolbar/moremenu.hover.png
.png
KanKan/Skin/Default/toolbar/moremenu.png
.png
KanKan/Skin/Default/toolbar/see_adaptwin.hover.png
.png
KanKan/Skin/Default/toolbar/see_adaptwin.png
.png
KanKan/Skin/Default/toolbar/see_back.hover.png
.png
KanKan/Skin/Default/toolbar/see_back.png
.png
KanKan/Skin/Default/toolbar/see_browse.hover.png
.png
KanKan/Skin/Default/toolbar/see_browse.png
.png
KanKan/Skin/Default/toolbar/see_delete.hover.png
.png
KanKan/Skin/Default/toolbar/see_delete.png
.png
KanKan/Skin/Default/toolbar/see_front.hover.png
.png
KanKan/Skin/Default/toolbar/see_front.png
.png
KanKan/Skin/Default/toolbar/see_trimsize.hover.png
.png
KanKan/Skin/Default/toolbar/see_trimsize.png
.png
KanKan/Skin/Default/toolbar/separator.png
.png
KanKan/Skin/Default/toolbar/spinner+.hover.png
.png
KanKan/Skin/Default/toolbar/spinner+.png
.png
KanKan/Skin/Default/toolbar/spinner-.hover.png
.png
KanKan/Skin/Default/toolbar/spinner-.png
.png
KanKan/Skin/Default/toolbar/spinnerbg.png
.png
KanKan/Skin/Default/toolbar/upparent.png
.png
KanKan/Skin/Default/toolbar/xiuxiu.hover.png
.png
KanKan/Skin/Default/toolbar/xiuxiu.png
.png
KanKan/Skin/Default/toolbar/zoomin.hover.png
.png
KanKan/Skin/Default/toolbar/zoomin.png
.png
KanKan/Skin/Default/toolbar/zoomout.hover.png
.png
KanKan/Skin/Default/toolbar/zoomout.png
.png
KanKan/uninst.exe.nsis
KanKan/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

82d76e97a8c09b8d3c0b101350f716a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
FlushInstructionCache
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
EnterCriticalSection
OutputDebugStringA
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
GetModuleHandleA
GetProcAddress
lstrcpyA
lstrcmpA
lstrcpynA
lstrlenA
GetShortPathNameA

user32

wvsprintfA
LoadImageA
InvalidateRect
SetFocus
UpdateWindow
SetRectEmpty
CallWindowProcA
CharNextA
GetParent
LoadStringA
CharLowerA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
EndPaint
CreateWindowExA
DefWindowProcA
SetWindowPos
SetWindowTextA
IsWindowEnabled
DestroyWindow
GetCapture
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetWindowRect
GetCursorPos
ScreenToClient
GetClassInfoExA
SetCursor
SetWindowRgn
ReleaseCapture
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecA
PathIsURLA
PathFileExistsA

msvcrt

memset
_vsnprintf
_purecall
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/wann.ico
52hxw.exe
.exe windows:4 windows x86 arch:x86

586e2e9a63152b60d413ce559d99013b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\mitta\Desktop\公司项目\火星文软件\Release\52hxw.pdb

Imports

kernel32

GetSystemTimeAsFileTime
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStartupInfoA
GetCommandLineA
TerminateProcess
ExitThread
HeapSize
SetStdHandle
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
LCMapStringA
LCMapStringW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStdHandle
HeapFree
FreeEnvironmentStringsA
HeapAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
SetUnhandledExceptionFilter
GetTimeZoneInformation
GetDriveTypeA
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetEnvironmentVariableA
RtlUnwind
ExitProcess
InterlockedExchange
GetEnvironmentStrings
HeapReAlloc
SetErrorMode
GetFileTime
GetFileAttributesA
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
GlobalFlags
GetCurrentDirectoryA
GetProfileIntA
GetTickCount
LeaveCriticalSection
EnterCriticalSection
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
CreateEventA
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
GlobalAddAtomA
SetLastError
GlobalFree
GlobalSize
GetCurrentThread
GetCurrentThreadId
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetFileSize
ReadFile
CreateThread
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
CompareStringW
CompareStringA
lstrlenW
GetVersion
DeleteCriticalSection
InitializeCriticalSection
GetLocalTime
InterlockedDecrement
Sleep
InterlockedIncrement
DeviceIoControl
GetPrivateProfileIntA
FindFirstFileA
RemoveDirectoryA
DeleteFileA
FindNextFileA
FindClose
GetModuleHandleA
GetProcAddress
GetTempFileNameA
MoveFileExA
MulDiv
FormatMessageA
LocalFree
OutputDebugStringA
GetPrivateProfileSectionNamesA
GetLastError
RaiseException
GetPrivateProfileSectionA
WritePrivateProfileSectionA
MultiByteToWideChar
CreateFileA
SetFilePointer
WriteFile
CloseHandle
CreateDirectoryA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
lstrcatA
GetPrivateProfileStringA
lstrlenA
lstrcpynA
lstrcmpiA
lstrcpyA
CopyFileA
lstrcmpA
WritePrivateProfileStringA
LoadLibraryA
FreeLibrary
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
UnhandledExceptionFilter

user32

DestroyMenu
EndPaint
BeginPaint
GrayStringA
DrawTextExA
TabbedTextOutA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
CheckRadioButton
CheckDlgButton
WinHelpA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SendDlgItemMessageA
SetFocus
IsChild
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
GetMenu
AdjustWindowRectEx
EqualRect
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
IntersectRect
GetWindowPlacement
SetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
GetWindow
SetWindowContextHelpId
MapDialogRect
SetMenuItemBitmaps
GetFocus
GetMenuCheckMarkDimensions
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
PostQuitMessage
ShowScrollBar
MessageBoxA
PostMessageA
FindWindowA
ReleaseCapture
DrawFocusRect
IsRectEmpty
PtInRect
OffsetRect
LoadBitmapA
EnableMenuItem
SendMessageA
GetSystemMenu
IsIconic
CreateWindowExA
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
GetParent
UnregisterClassA
CharUpperA
GetDC
UpdateLayeredWindow
RegisterWindowMessageA
GetMenuStringA
DestroyIcon
LoadImageA
BringWindowToTop
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
DrawTextA
MessageBeep
TrackPopupMenu
IsCharAlphaA
AnimateWindow
IsWindow
DestroyWindow
KillTimer
SetTimer
RedrawWindow
UpdateWindow
GetDlgItem
IsWindowVisible
PostThreadMessageA
RegisterClipboardFormatA
IsWindowEnabled
SetWindowRgn
GetWindowRect
GetClientRect
ClientToScreen
SetCapture
SetForegroundWindow
EnableWindow
LoadIconA
GetSystemMetrics
RegisterHotKey
UnregisterHotKey
SystemParametersInfoA
GetDCEx
InflateRect
GetSubMenu
LoadMenuA
InvalidateRect
TrackMouseEvent
SetWindowPos
CopyRect
ReleaseDC
GetWindowDC
GetSysColor
FillRect
GetSysColorBrush
SetRect
ScreenToClient
GetCapture
GetDesktopWindow
GetClassInfoA
SetCursor
LoadCursorA
GetCursorPos
CreatePopupMenu
DeleteMenu
AppendMenuA
CheckMenuItem
ModifyMenuA
wsprintfA

gdi32

CreateRectRgnIndirect
GetTextMetricsA
GetBkColor
GetTextColor
GetRgnBox
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
CreateFontIndirectA
MoveToEx
LineTo
SetBkMode
RestoreDC
SaveDC
SetTextColor
GetClipBox
CopyMetaFileA
GetDeviceCaps
Rectangle
GetTextExtentPoint32A
EnumFontFamiliesExA
CreateSolidBrush
CreatePen
SelectObject
GetObjectA
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
DeleteObject
DeleteDC
GetStockObject
BitBlt
CreateCompatibleDC
CombineRgn
CreateRoundRectRgn
CreateRectRgn
CreateCompatibleBitmap

comdlg32

GetSaveFileNameA
GetFileTitleA
GetOpenFileNameA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegOpenKeyA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
Shell_NotifyIconA

comctl32

ord17
InitCommonControlsEx
ImageList_Destroy

shlwapi

PathFileExistsA
PathFindExtensionA
PathUnquoteSpacesA
PathStripPathA
PathRemoveExtensionA
SHDeleteValueA
SHGetValueA
PathRemoveFileSpecA
SHSetValueA
PathRemoveArgsA
PathIsUNCA
PathStripToRootA
PathFindFileNameA
SHDeleteKeyA

oledlg

ord8

ole32

CoTaskMemAlloc
CoRegisterMessageFilter
CoUninitialize
CoInitialize
StgOpenStorage
CoCreateInstance
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemFree
CoRevokeClassObject
ReleaseStgMedium
OleDuplicateData
CLSIDFromString
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
CoFreeUnusedLibraries

oleaut32

SysAllocString
SysStringLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SysAllocStringLen
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysFreeString
GetErrorInfo

hxw

EnableConversion

gdiplus

GdiplusStartup
GdipDrawImageI
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipCloneImage
GdipFree
GdipCreateFromHDC

wininet

InternetOpenA
HttpOpenRequestA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetGetConnectedState

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

netapi32

Netbios

Sections

.text
Size: 296KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Feedback.dll
.dll regsvr32 windows:4 windows x86 arch:x86

6f5b5480168178e32945d7e7fff86ab4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
SizeofResource
LoadResource
GlobalAlloc
GlobalFree
MulDiv
GlobalLock
GlobalUnlock
FreeResource
GetCurrentThreadId
lstrlenA
DeleteCriticalSection
HeapDestroy
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExA
InterlockedIncrement
DisableThreadLibraryCalls
OutputDebugStringA
DebugBreak
InterlockedDecrement
GetCurrentProcess
FlushInstructionCache
FindResourceA

user32

SetWindowPos
AdjustWindowRectEx
GetMenu
MapWindowPoints
GetWindow
wvsprintfA
CharNextA
LoadStringA
LoadCursorA
DialogBoxParamA
GetActiveWindow
GetSystemMetrics
DrawFocusRect
EndPaint
GetWindowLongA
SetWindowLongA
KillTimer
ClientToScreen
PtInRect
GetDlgCtrlID
GetParent
ReleaseCapture
SetCapture
CallWindowProcA
InflateRect
ScreenToClient
SetWindowRgn
OffsetRect
GetClientRect
DrawEdge
CreateWindowExA
GetCapture
SystemParametersInfoA
SetTimer
DestroyWindow
InvalidateRect
UpdateWindow
GetWindowRect
GetDlgItem
EndDialog
SetCursor
MessageBoxA
GetDlgItemTextA
FrameRect
IsWindow
DefWindowProcA
SendMessageA
BeginPaint
IsWindowEnabled

gdi32

GetDeviceCaps
SetTextColor
SetBkMode
GetStockObject
CreateRoundRectRgn
DeleteObject
CreateSolidBrush

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA

ole32

CoUninitialize
CoInitialize
CreateStreamOnHGlobal

oleaut32

OleLoadPicture

comctl32

ImageList_LoadImageA
_TrackMouseEvent
ImageList_Destroy
ImageList_GetIconSize
ImageList_Draw

wininet

InternetCrackUrlA
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA

msvcrt

??3@YAXPAX@Z
memset
_mbsicoll
memcpy
??2@YAPAXI@Z
wcslen
_ismbcdigit
atoi
_mbsstr
free
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
ShowFeedbackDialog

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1002B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FlashWordGeneral.dll
.dll windows:4 windows x86 arch:x86

7902ef2ab2bc6f616724a9c6683c70c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LockResource
LoadResource
FindResourceA
FindResourceExA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
lstrcatA
GetModuleFileNameA
GetLastError
SizeofResource
GetPrivateProfileStringA
WriteFile
ReadFile
CloseHandle
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
ExitProcess
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
LCMapStringW
LCMapStringA
GetCommandLineA
VirtualQuery
GetSystemInfo
SetFilePointer
lstrlenA
MultiByteToWideChar
RaiseException
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetPrivateProfileIntA
VirtualAlloc
VirtualProtect
GetStringTypeW
GetSystemTimeAsFileTime
GetStringTypeA
SetEndOfFile
LoadLibraryA
GetCPInfo
GetOEMCP
SetStdHandle
CreateFileA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
VirtualFree
HeapCreate
FlushFileBuffers
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap

user32

GetDC
ReleaseDC
wvsprintfA

gdi32

GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetObjectA

ole32

CoCreateInstance

oleaut32

SysFreeString
SysStringLen
SysAllocStringLen

atl71

ord61
ord23
ord64

shlwapi

PathRemoveFileSpecA

gdiplus

GdipCreateHBITMAPFromBitmap
GdiplusStartup
GdiplusShutdown
GdipCloneImage
GdipCloneBrush
GdipCreateFont
GdipDrawString
GdipFillRectangleI
GdipSetTextRenderingHint
GdipGetImageGraphicsContext
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipCreateSolidFill
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipDeleteFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipDeleteGraphics
GdipDeleteStringFormat
GdipCreateStringFormat
GdipDeleteBrush
GdipFree
GdipAlloc

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_FCxIOFile@@QAEXXZ
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z
FlashWord

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HttpDownLoad.exe
.exe windows:4 windows x86 arch:x86

04ed8bf66faba42abf3761e8da86bc42

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord860
ord540
ord350
ord354
ord825
ord1105
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord815
ord3626
ord641
ord609
ord795
ord765
ord2414
ord6215
ord2086
ord2621
ord1134
ord5265
ord4853
ord4998
ord4710
ord2514
ord535
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3698
ord2575
ord4396
ord3574
ord6055
ord1776
ord5290
ord3402
ord3721
ord3571
ord823
ord1146
ord1168
ord567
ord2302
ord2379
ord755
ord470
ord3092
ord5953
ord4224
ord2645
ord858
ord6199
ord1641
ord939
ord2818
ord941
ord537
ord940
ord5710
ord5683
ord6453
ord5186
ord800
ord665
ord3810
ord920
ord6385
ord1979
ord3663
ord3616
ord3127
ord6052
ord5651
ord1576

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
_mbscmp
vsprintf
_ftol
__CxxFrameHandler
atol
_setmbcp
_initterm

kernel32

WaitForSingleObject
CreateProcessA
lstrlenA
DeleteFileA
GetPrivateProfileSectionNamesA
GetModuleFileNameA
GetPrivateProfileStringA
lstrcpynA
GetModuleHandleA
GetStartupInfoA
GetLastError

user32

IsIconic
ShowWindow
LoadImageA
GetSystemMetrics
EnableWindow
GetClientRect
SetDlgItemTextA
DrawIcon
PostMessageA
LoadIconA
IsWindowVisible
SendMessageA

shell32

Shell_NotifyIconA
ShellExecuteA

wininet

InternetOpenA
HttpQueryInfoA
InternetReadFile
InternetOpenUrlA
InternetCloseHandle

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Message.dll
.dll regsvr32 windows:4 windows x86 arch:x86

10ad169f55307776d7ced68ee453178a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileSectionNamesA
DisableThreadLibraryCalls
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapDestroy
DeleteCriticalSection
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
DeleteFileA
lstrlenW
GetCurrentThreadId
lstrcmpA
FlushInstructionCache
GetCurrentProcess
GetTickCount
WideCharToMultiByte
lstrcatA
GetModuleFileNameA
DebugBreak
InterlockedDecrement
OutputDebugStringA
InterlockedIncrement
GetLocalTime
GetPrivateProfileStringA
lstrcmpiA
GetPrivateProfileIntA
CreateFileA
lstrlenA
WriteFile
CloseHandle
CreateThread

user32

PostQuitMessage
wsprintfA
GetClassNameA
CreateWindowExA
GetDlgItem
SendMessageA
DestroyWindow
InvalidateRgn
InvalidateRect
SetCapture
ReleaseCapture
CreateAcceleratorTableA
GetParent
KillTimer
GetDesktopWindow
wvsprintfA
CharNextA
LoadStringA
RegisterClassExA
LoadCursorA
GetClassInfoExA
RegisterWindowMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
SetTimer
ShowWindow
MessageBoxA
PostMessageA
CharLowerA
DispatchMessageA
SystemParametersInfoA
GetWindowRect
OffsetRect
AnimateWindow
GetMessageA
TranslateMessage
GetDC
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
IsWindow
GetSysColor
SetFocus
IsChild
GetFocus
CallWindowProcA
EndPaint
ReleaseDC
RedrawWindow
SetWindowPos
BeginPaint
GetClientRect
FillRect
SetWindowRgn

gdi32

CreateRoundRectRgn
CombineRgn
GetStockObject
GetObjectA
GetDeviceCaps
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC

advapi32

RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey

ole32

CoTaskMemAlloc
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning

oleaut32

LoadRegTypeLi
SysAllocString
VariantClear
SysAllocStringLen
SysStringLen
DispCallFunc
OleCreateFontIndirect
SysFreeString

shlwapi

PathIsURLA
PathRemoveFileSpecA
SHSetValueA
SHGetValueA

wininet

InternetOpenUrlA
InternetReadFile
InternetOpenA
HttpQueryInfoA
InternetCloseHandle

msvcrt

time
_mbscmp
difftime
abs
??3@YAXPAX@Z
__CxxFrameHandler
atoi
memset
_vsnprintf
_ftol
memcpy
??2@YAPAXI@Z
_mbsstr
wcslen
_ismbcdigit
realloc
free
memcmp
_mbschr
atol
_except_handler3
?terminate@@YAXXZ
__dllonexit
_onexit
malloc
_adjust_fdiv
_initterm

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SoftUpdate.dll
.dll windows:4 windows x86 arch:x86

7a1ecdc0d45651cd7d33a946c9103a57

Code Sign

5f:d2:26:25:cb:3f:82:5b:d0:72:62:43:f1:7f:19:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24-12-2008 00:00

Not After

24-12-2009 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\项目\自动升级系统\SoftUpdate\Release\SoftUpdate.pdb

Imports

kernel32

CreateFileA
lstrcatA
lstrcpyA
GetModuleFileNameA
lstrcpynA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
WriteFile
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WritePrivateProfileStringA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
MoveFileA
MoveFileExA
DeleteFileA
CreateDirectoryA
GetShortPathNameA
FlushFileBuffers
SetStdHandle
SetFilePointer
CloseHandle
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCurrentThreadId
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
SetHandleCount

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
SHDeleteKeyA

wininet

InternetReadFile
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetOpenUrlA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Exports

Exports

GetPEFileVersion
RebootUpdate
SetReplaceFileMode
Update
UpdateEx

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.dll
.dll windows:4 windows x86 arch:x86

c99f1cdce31bccdd41ab23762c76a41c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
atol
free
_initterm
malloc
_adjust_fdiv

wininet

InternetOpenUrlA
HttpQueryInfoA
InternetReadFile
InternetOpenA
InternetCloseHandle

Exports

Exports

Uninstall

Sections

.text
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 538B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
atl71.dll
.dll windows:4 windows x86 arch:x86

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

atl71.pdb

Imports

kernel32

InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetCurrentThreadId
lstrlenW
lstrcpyW
GetLastError
DisableThreadLibraryCalls
GetVersionExA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
lstrcpynW
CloseHandle
ReadFile
GetFileSize
CreateFileW
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
HeapFree
GetProcessHeap
WaitForSingleObject
GlobalAlloc
FindResourceA
MulDiv
lstrcatW
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
lstrcmpW
SetLastError
GlobalFree
GlobalHandle
LockResource
lstrcmpA
GetModuleHandleA
GetTickCount
GetProcAddress
ExitProcess
HeapSize
DebugBreak
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
lstrcatA
lstrcpyA
lstrlenA
GetModuleFileNameA
RtlUnwind
VirtualQuery
LocalAlloc
LoadLibraryA

shlwapi

PathFindExtensionW

Exports

Exports

AtlAdvise
AtlAxAttachControl
AtlAxCreateControl
AtlAxCreateControlEx
AtlAxCreateControlLic
AtlAxCreateControlLicEx
AtlAxCreateDialogA
AtlAxCreateDialogW
AtlAxDialogBoxA
AtlAxDialogBoxW
AtlAxGetControl
AtlAxGetHost
AtlAxWinInit
AtlCallTermFunc
AtlComModuleGetClassObject
AtlComModuleRegisterClassObjects
AtlComModuleRegisterServer
AtlComModuleRevokeClassObjects
AtlComModuleUnregisterServer
AtlComPtrAssign
AtlComQIPtrAssign
AtlCreateRegistrar
AtlCreateTargetDC
AtlDevModeW2A
AtlFreeMarshalStream
AtlGetObjectSourceInterface
AtlGetVersion
AtlHiMetricToPixel
AtlIPersistPropertyBag_Load
AtlIPersistPropertyBag_Save
AtlIPersistStreamInit_Load
AtlIPersistStreamInit_Save
AtlInternalQueryInterface
AtlLoadTypeLib
AtlMarshalPtrInProc
AtlModuleAddTermFunc
AtlPixelToHiMetric
AtlRegisterClassCategoriesHelper
AtlRegisterTypeLib
AtlSetErrorInfo
AtlUnRegisterTypeLib
AtlUnadvise
AtlUnmarshalPtr
AtlUpdateRegistryFromResourceD
AtlWaitWithMessageLoop
AtlWinModuleAddCreateWndData
AtlWinModuleExtractCreateWndData
AtlWinModuleInit
AtlWinModuleRegisterClassExA
AtlWinModuleRegisterClassExW
AtlWinModuleRegisterWndClassInfoA
AtlWinModuleRegisterWndClassInfoW
AtlWinModuleTerm

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bk.bmp
fh.dat
fh_tj.html
.html .vbs polyglot
filter.dat
flash.ini
ft.bin
html/help.html
.html
html/hxw.js
.js
html/hxw_ui.css
html/images/Thumbs.db
html/images/bg_00.gif
.gif
html/images/bg_01.gif
.gif
html/images/bg_02.gif
.gif
html/images/bg_03.gif
.gif
html/images/bg_04.gif
.gif
html/images/bg_05.gif
.gif
html/images/bg_06.gif
.gif
html/images/bg_07.gif
.gif
html/images/bg_08.gif
.gif
html/images/bg_09.gif
.gif
html/images/bg_10.gif
.gif
html/images/button_bg_01.gif
.gif
html/images/button_bg_02.gif
.gif
html/images/button_bg_03.gif
.gif
html/images/button_bg_04.gif
.gif
html/images/button_tool_01_a.gif
.gif
html/images/button_tool_01_b.gif
.gif
html/images/button_tool_02_a.gif
.gif
html/images/button_tool_02_b.gif
.gif
html/images/button_tool_03_a.gif
.gif
html/images/button_tool_03_b.gif
.gif
html/images/button_tool_04_a.gif
.gif
html/images/button_tool_04_b.gif
.gif
html/images/button_tool_more.gif
.gif
html/images/greyline.gif
.gif
html/images/ico_arrow_01.gif
.gif
html/images/ico_arrow_02.gif
.gif
html/images/ico_bbs_01.gif
.gif
html/images/ico_feedback.gif
.gif
html/images/ico_help_a.gif
.gif
html/images/ico_help_b.gif
.gif
html/images/ico_home.gif
.gif
html/images/ico_light.gif
.gif
html/images/ico_settings_a.gif
.gif
html/images/ico_settings_b.gif
.gif
html/images/ico_tool_a.gif
.gif
html/images/ico_tool_b.gif
.gif
html/images/ico_update.gif
.gif
html/images/logo_hxw.gif
.gif
html/images/pic_question.jpg
.jpg
html/main.html
.html
html/tool_01.html
.html .js polyglot
html/tool_02.html
.html .js polyglot
html/tool_03.html
.html .js polyglot
html/tool_04.html
.html .js polyglot
hxw.bin
hxw.dll
.dll windows:4 windows x86 arch:x86

9ca78f69dad8f44090dc1a2e4a67739e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcatA
lstrcpyA
GetPrivateProfileSectionA
lstrcmpA
MultiByteToWideChar
GetPrivateProfileStringA
WideCharToMultiByte
FreeLibrary
DeleteFileA
GetTempFileNameA
WritePrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileSectionA
lstrlenW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetUserDefaultLCID
EnumSystemLocalesA
GetLocaleInfoA
IsValidCodePage
IsValidLocale
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
Sleep
SetStdHandle
SetConsoleCtrlHandler
GetOEMCP
GetCurrentThreadId
GetCPInfo
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetUnhandledExceptionFilter
HeapSize
LocalAlloc
LocalLock
LocalUnlock
GlobalSize
GetFileSize
ReadFile
GlobalReAlloc
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
FormatMessageA
LocalFree
CreateFileA
SetFilePointer
lstrlenA
WriteFile
CloseHandle
GetModuleHandleA
OutputDebugStringA
GetProcessHeap
HeapAlloc
HeapFree
VirtualProtect
GetModuleFileNameA
GetLastError
FlushInstructionCache
VirtualQuery
lstrcmpiA
GetCurrentProcess
WriteProcessMemory
CreateToolhelp32Snapshot
Module32First
Module32Next
GetProcAddress
LoadLibraryExW
LoadLibraryExA
TerminateProcess
FatalAppExitA
ExitProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetVersionExA
GetEnvironmentVariableA
GetCurrentThread
LoadLibraryW
LoadLibraryA
GetACP
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetVersion
GetCommandLineA
RaiseException
HeapReAlloc
GetLocalTime
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocaleInfoW

user32

SetCursor
GetDC
LoadCursorA
ReleaseDC
RegisterWindowMessageA
SendMessageTimeoutA
IsRectEmpty
GetWindowRect
ClientToScreen
GetClientRect
ScreenToClient
FindWindowA
CallNextHookEx
CallWindowProcA
IsCharAlphaNumericA
CallWindowProcW
IsWindow
IsWindowUnicode
GetWindowLongW
SetWindowLongW
GetWindowLongA
SetWindowLongA
MessageBoxA
keybd_event
GetClassNameA
RegisterClipboardFormatA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetWindowsHookExA
UnhookWindowsHookEx
GetFocus

gdi32

CreateHalftonePalette
GetDIBits
GetObjectA
CreatePen
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
SetBkColor
GetNearestPaletteIndex
SetSystemPaletteUse
ResizePalette
SetPaletteEntries
CreateSolidBrush
Rectangle
StretchDIBits
CreateDCA
CreateCompatibleBitmap
GetDIBColorTable
GetPaletteEntries
CreateDIBSection
CreateCompatibleDC
SelectObject
SetDIBColorTable
SetStretchBltMode
StretchBlt
BitBlt
DeleteDC
GdiFlush
DeleteObject
GetStockObject
SelectPalette
RealizePalette
CreateDIBitmap
GetDeviceCaps
GetSystemPaletteEntries
CreatePalette

ole32

CoInitialize
StgCreateDocfile
CoUninitialize
CreateStreamOnHGlobal
StgOpenStorage

oleaut32

SysFreeString
OleLoadPicture
SysAllocStringLen

shlwapi

PathFindFileNameA
SHGetValueA
PathFileExistsA
PathRemoveFileSpecA

imm32

ImmGetCompositionStringW
ImmGetCompositionStringA

imagehlp

ImageDirectoryEntryToData

oleacc

ObjectFromLresult

winmm

timeGetTime

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

EnableConversion

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

sdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
hxw_old.bin
messageconfig.ini
msgSkin.ini
msgctl.dll
.dll regsvr32 windows:4 windows x86 arch:x86

82d76e97a8c09b8d3c0b101350f716a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
DisableThreadLibraryCalls
InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
lstrlenW
MultiByteToWideChar
FlushInstructionCache
GetModuleFileNameA
FreeLibrary
LoadLibraryA
lstrcatA
lstrcmpiA
DebugBreak
GetPrivateProfileIntA
GetPrivateProfileStringA
EnterCriticalSection
OutputDebugStringA
GetCurrentThreadId
LeaveCriticalSection
CompareStringA
GetModuleHandleA
GetProcAddress
lstrcpyA
lstrcmpA
lstrcpynA
lstrlenA
GetShortPathNameA

user32

wvsprintfA
LoadImageA
InvalidateRect
SetFocus
UpdateWindow
SetRectEmpty
CallWindowProcA
CharNextA
GetParent
LoadStringA
CharLowerA
LoadCursorA
wsprintfA
RegisterClassExA
ReleaseDC
EndPaint
CreateWindowExA
DefWindowProcA
SetWindowPos
SetWindowTextA
IsWindowEnabled
DestroyWindow
GetCapture
GetSysColor
GetFocus
DrawFocusRect
FillRect
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
GetWindowLongA
GetWindowRect
GetCursorPos
ScreenToClient
GetClassInfoExA
SetCursor
SetWindowRgn
ReleaseCapture
PtInRect
SetCapture
GetDC
InflateRect
DrawTextA
SetTimer
SystemParametersInfoA
MoveWindow
ShowWindow
SetWindowLongA
SendMessageA
BeginPaint
KillTimer
GetClientRect
OffsetRect
CharUpperA
GetDesktopWindow
IsWindow

gdi32

CreateRoundRectRgn
CombineRgn
SetBkMode
SetTextColor
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetStockObject
GetObjectA
CreateFontIndirectA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoCreateInstance

oleaut32

RegisterTypeLi
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysFreeString

comctl32

_TrackMouseEvent

shlwapi

PathRemoveFileSpecA
PathIsURLA
PathFileExistsA

msvcrt

memset
_vsnprintf
_purecall
??3@YAXPAX@Z
atoi
??2@YAPAXI@Z
malloc
free
realloc
memcpy
wcslen
memcmp
_mbsstr
_mbspbrk
_mbschr
sscanf
_ismbcdigit
_initterm
_adjust_fdiv

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pf.ini
skins/HELLO KITTY.hxws
skins/ĬƤ.hxws
skins/ȫ.hxws
skins/ɫ.hxws
skins/ʥ.hxws
skins/ˮƿ.hxws
skins/ϲ.hxws
skins/Ԫ.hxws
skins/.hxws
skins/.hxws
skins/ں.hxws
skins/С.hxws
skins/чӭ.hxws
skins/̫.hxws
skins/ţ.hxws
skins/з.hxws
skins/.hxws
skins/.hxws
skins/.hxws
th.exe
.exe windows:4 windows x86 arch:x86

12b5598c39f5e57d5b1b7d20d90fb178

Code Sign

5f:d2:26:25:cb:3f:82:5b:d0:72:62:43:f1:7f:19:ef
Certificate

Issuer

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Not Before

24-12-2008 00:00

Not After

24-12-2009 23:59

Subject

CN=厦门网之源信息科技有限公司,O=厦门网之源信息科技有限公司,L=xiamen,ST=fujian,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

0a
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

06-08-2003 00:00

Not After

05-08-2013 23:59

Subject

CN=Thawte Code Signing CA,O=Thawte Consulting (Pty) Ltd.,C=ZA

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15-06-2007 00:00

Not After

14-06-2012 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04-12-2003 00:00

Not After

03-12-2013 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
CloseHandle
WriteFile
lstrlenA
SetFilePointer
LocalFree
FormatMessageA
GetLastError
DeleteFileA
GetPrivateProfileSectionNamesA
Sleep
lstrcatA
GetModuleFileNameA
MoveFileA
GetPrivateProfileIntA
GetPrivateProfileStringA
MoveFileExA
GetTempFileNameA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
FlushFileBuffers

user32

PostMessageA
FindWindowA

shell32

ShellExecuteA

shlwapi

PathRemoveFileSpecA
PathFileExistsA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

0aCertificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6bCertificate

Extended Key Usages

26:6f:39:b1:6a:b1:ee:80:8a:9c:5c:2e:4d:84:36:a2:2d:6a:5f:a5Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 22KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 56KB

.rsrc Size: 30KB - Virtual size: 29KB

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 784B

.data Size: 512B - Virtual size: 100B

.reloc Size: 1024B - Virtual size: 520B

7c3004ebf21f282412fa952c164aa2bb

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 51KB - Virtual size: 50KB

.rdata Size: 14KB - Virtual size: 13KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

26:6f:39:b1:6a:b1:ee:80:8a:9c:5c:2e:4d:84:36:a2:2d:6a:5f:a5
Signer

.text
Size: 22KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 56KB

.rsrc
Size: 30KB - Virtual size: 29KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 51KB - Virtual size: 50KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 5KB - Virtual size: 5KB

0a
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

14:b3:be:a8:9d:64:8e:0d:36:19:5d:2a:76:5a:9c:6b
Certificate

94:8c:05:c6:94:ee:69:53:b0:13:65:b9:63:ed:67:60:82:8e:ce:41
Signer

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 27KB - Virtual size: 26KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 1012B

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB